search

MobSF / Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
https://opensecurity.in
GNU General Public License v3.0
17.49k stars 3.24k forks source link

Dynamic Analysis Report Generation Fails #1021

Closed LehtiniemiJ closed 5 years ago

LehtiniemiJ commented 5 years ago

ENVIRONMENT

OS and Version: Ubuntu 18.04.2 LTS 
Python Version: Python 3.6.8
MobSF Version: Mobile Security Framework v1.1.3 Beta
Device : Rooted android 6.0.1 (SuperSU pro enabled)

EXPLANATION OF THE ISSUE

Dynamic Analyzing .apk, (might be unrelated but during analyze there is problems with ScreenCast `[ERROR] 25/Jul/2019 12:01:44 - Error Downloading File screen/screen.png
[ERROR] 25/Jul/2019 12:01:44 - Internal Server Error: /download/screen/screen.png
`

Main problem;  when finishing the analysis the error "Don't Play Around. An Error just popped in!" pups up.

Might be same as #1015

STEPS TO REPRODUCE THE ISSUE

1. analyze .apk
2. start dynamic analysis
3. finish it up.

LOG FILE

[INFO] 25/Jul/2019 12:06:38 - Dumping Application Files from Device/VM
[ERROR] 25/Jul/2019 12:06:38 - Running ADB Command
Traceback (most recent call last):
  File "/home/lejo189/Apps/mobsf/Mobile-Security-Framework-MobSF/DynamicAnalyzer/views/android/shared.py", line 69, in adb_command
    result = subprocess.check_output(args)
  File "/usr/lib/python3.6/subprocess.py", line 356, in check_output
    **kwargs).stdout
  File "/usr/lib/python3.6/subprocess.py", line 438, in run
    output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['/home/lejo189/Apps/mobsf/Mobile-Security-Framework-MobSF/DynamicAnalyzer/tools/adb/linux/adb', '-s', '192.168.43.242:5555', 'pull', '/data/local/com.name.pmr.application.tar', '/home/lejo189/Apps/mobsf/Mobile-Security-Framework-MobSF/uploads/be4bd9d8d1b64cfd60aa92d5d3ee5af5/com.name.pmr.application.tar']' returned non-zero exit status 1.
[INFO] 25/Jul/2019 12:06:38 - Stopping ADB
[INFO] 25/Jul/2019 12:06:38 - Dynamic Analysis Report Generation
[INFO] 25/Jul/2019 12:06:38 - Dynamic API Analysis
[ERROR] 25/Jul/2019 12:06:38 - Dynamic API Analysis
Traceback (most recent call last):
  File "/home/lejo189/Apps/mobsf/Mobile-Security-Framework-MobSF/DynamicAnalyzer/views/android/analysis.py", line 40, in api_analysis
    with open(location, 'r', encoding='utf-8') as flip:
FileNotFoundError: [Errno 2] No such file or directory: '/home/lejo189/Apps/mobsf/Mobile-Security-Framework-MobSF/uploads/be4bd9d8d1b64cfd60aa92d5d3ee5af5/x_logcat.txt'
[INFO] 25/Jul/2019 12:06:38 - Dynamic File Analysis
[ERROR] 25/Jul/2019 12:06:38 - Dynamic Analysis Report Generation
Traceback (most recent call last):
  File "/home/lejo189/Apps/mobsf/Mobile-Security-Framework-MobSF/DynamicAnalyzer/views/android/dynamic.py", line 713, in report
    analysis_result = run_analysis(app_dir, md5_hash, package)
  File "/home/lejo189/Apps/mobsf/Mobile-Security-Framework-MobSF/DynamicAnalyzer/views/android/analysis.py", line 170, in run_analysis
    with io.open(xlogcat, mode='r', encoding='utf8', errors='ignore') as flip:
FileNotFoundError: [Errno 2] No such file or directory: '/home/lejo189/Apps/mobsf/Mobile-Security-Framework-MobSF/uploads/be4bd9d8d1b64cfd60aa92d5d3ee5af5/x_logcat.txt'
[ERROR] 25/Jul/2019 12:06:38 - Error Geneating Dynamic Analysis Report
[ERROR] 25/Jul/2019 12:06:38 - Internal Server Error: /Report/
ajinabraham commented 5 years ago

This error happened because MobSF utility named Datapusher was not able to create a tar file of application assets inside the device. Do you have a configuration that allows root to any requests + read write access on the device?

LehtiniemiJ commented 5 years ago

If i understood you correctly you were asking about my default access on root and its set as 'Grant'. Also it also seems like the .tar is on the device;

1|root@hammerhead:/data/local # ls -la
-rwxrwxrwx root     root       161792 2019-07-31 03:54 com.name.pmr.application.tar

next step was to test if i'd be able to pull the file manually from the device, which i was not. workaround was to relocate .tar to /sdcard/name/name.tar and pull it from there. I was able to get some kind of report by renaming logcat.txt to x_logcat.txt

This is still a dirty hack and analysis doesn't work properly do you have any recommendations how should i continue working on the issue?

ajinabraham commented 5 years ago

We rewrote our dynamic analyzer. it will be merged to master soon. But currently available in branch geny. Feel free to comment if you are still having issues with the new dynamic analysis module.

vodatest123 commented 5 years ago

@ajinabraham By when we expect updated Dynamic Analyzer module to master branch, I am also facing the same issue while generation report at the time of dynamic analysis.

Your early response would be appreciated !!

Thanks

ajinabraham commented 5 years ago

The new dynamic analyser is available in geny branch. We are finishing up our testing before merging to master

vodatest123 commented 5 years ago

Thanks @ajinabraham , But I do testing on real device and geny branch is not compatible with real device,if it compatible kindly suggest changes that required to do it work on real device,Thanks

ajinabraham commented 5 years ago

We are planning to stop supporting real device officially, the reason being different device environments are difficult to troubleshoot and test when things go wrong. We will be only supporting Genymotion x86 devices for now and ARM emulator in future. But dynamic analyzer is designed in such a way to support any android runtime environment. It may require some hacks or modifications to make a device work.