Closed haruncetin closed 5 years ago
Need full logs.
pc@kali:~/Mobile-Security-Framework-MobSF$ ./run.sh [2019-10-03 09:12:22 -0400] [44592] [INFO] Starting gunicorn 19.9.0 [2019-10-03 09:12:22 -0400] [44592] [INFO] Listening at: http://0.0.0.0:8000 (44592) [2019-10-03 09:12:22 -0400] [44592] [INFO] Using worker: threads [2019-10-03 09:12:22 -0400] [44595] [INFO] Booting worker with pid: 44595 [INFO] 03/Oct/2019 13:12:32 -
| \/ | _ | |_/ || _| | \ / \ | |\/| |/ | ' \ | |_ \ \ / / ) || | | | | | | | () | |) |) | _| \ V / / / | || | || ||\/|_./__/|| _/ |____(_)___/
[INFO] 03/Oct/2019 13:12:32 - Mobile Security Framework v2.0.0 Beta REST API Key: 9f4cb0b6727083fdc05fb99c9fcc7950639dc14f454c5d4eba92e700fc42d27e [INFO] 03/Oct/2019 13:12:32 - OS: Linux [INFO] 03/Oct/2019 13:12:32 - Platform: Linux-4.19.0-kali5-amd64-x86_64-with-Kali-kali-rolling-kali-rolling [INFO] 03/Oct/2019 13:12:32 - Dist: ('Kali', 'kali-rolling', 'kali-rolling') [INFO] 03/Oct/2019 13:12:32 - MobSF Basic Environment Check [WARNING] 03/Oct/2019 13:12:32 - Dynamic Analysis related functions will not work. Make sure a Genymotion Android VM is running before performing Dynamic Analyis. [INFO] 03/Oct/2019 13:12:32 - Checking for Update. [INFO] 03/Oct/2019 13:12:33 - No updates available. [INFO] 03/Oct/2019 13:12:36 - MIME Type: application/vnd.android.package-archive FILE: plus messenger_v5.11.0.3_apkpure.com.apk [INFO] 03/Oct/2019 13:12:36 - Performing Static Analysis of Android APK [INFO] 03/Oct/2019 13:12:36 - Starting Analysis on : Plus Messenger_v5.11.0.3_apkpure.com.apk [INFO] 03/Oct/2019 13:12:36 - Generating Hashes [INFO] 03/Oct/2019 13:12:36 - Unzipping [INFO] 03/Oct/2019 13:12:37 - Getting Hardcoded Certificates/Keystores [INFO] 03/Oct/2019 13:12:37 - APK Extracted [INFO] 03/Oct/2019 13:12:37 - Reading Android Manifest [INFO] 03/Oct/2019 13:12:37 - Parsing AndroidManifest.xml invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length [INFO] 03/Oct/2019 13:12:39 - Fetching icon path invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length [INFO] 03/Oct/2019 13:12:41 - Extracting Manifest Data [INFO] 03/Oct/2019 13:12:41 - Fetching Details from Play Store: org.telegram.plus [WARNING] 03/Oct/2019 13:12:42 - Unable to get app details. [INFO] 03/Oct/2019 13:12:42 - Manifest Analysis Started [INFO] 03/Oct/2019 13:12:42 - Static Android Binary Analysis Started [INFO] 03/Oct/2019 13:12:42 - Static Android Resource Analysis Started [INFO] 03/Oct/2019 13:12:42 - Reading Code Signing Certificate [ERROR] 03/Oct/2019 13:12:42 - Reading Code Signing Certificate Traceback (most recent call last): File "/home/pc/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/cert_analysis.py", line 111, in cert_info binascii.hexlify(x509_public_key.fingerprint).decode('utf-8'))) File "/home/pc/Mobile-Security-Framework-MobSF/venv/lib/python3.7/site-packages/asn1crypto/keys.py", line 1212, in fingerprint 'asn1crypto.keys.PublicKeyInfo().fingerprint has been removed, ' asn1crypto._errors.APIException: asn1crypto.keys.PublicKeyInfo().fingerprint has been removed, please use oscrypto.asymmetric.PublicKey().fingerprint instead [INFO] 03/Oct/2019 13:12:43 - Trackers Database is up-to-date [INFO] 03/Oct/2019 13:12:43 - Detecting Trackers [INFO] 03/Oct/2019 13:12:43 - APK -> JAVA [INFO] 03/Oct/2019 13:12:43 - Decompiling to Java with jadx [ERROR] 03/Oct/2019 13:12:43 - Decompiling to JAVA Traceback (most recent call last): File "/home/pc/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/converter.py", line 65, in apk_2_java shutil.rmtree(output) File "/usr/lib/python3.7/shutil.py", line 494, in rmtree _rmtree_safe_fd(fd, path, onerror) File "/usr/lib/python3.7/shutil.py", line 432, in _rmtree_safe_fd _rmtree_safe_fd(dirfd, fullname, onerror) File "/usr/lib/python3.7/shutil.py", line 432, in _rmtree_safe_fd _rmtree_safe_fd(dirfd, fullname, onerror) File "/usr/lib/python3.7/shutil.py", line 432, in _rmtree_safe_fd _rmtree_safe_fd(dirfd, fullname, onerror) [Previous line repeated 1 more time] File "/usr/lib/python3.7/shutil.py", line 452, in _rmtree_safe_fd onerror(os.unlink, fullname, sys.exc_info()) File "/usr/lib/python3.7/shutil.py", line 450, in _rmtree_safe_fd os.unlink(entry.name, dir_fd=topfd) PermissionError: [Errno 13] Permission denied: 'Clock.java' [INFO] 03/Oct/2019 13:12:43 - DEX -> SMALI [INFO] 03/Oct/2019 13:12:43 - Converting classes.dex to Smali Code [INFO] 03/Oct/2019 13:12:43 - Static Android Code Analysis Started [INFO] 03/Oct/2019 13:12:43 - Code Analysis Started on - java_source [INFO] 03/Oct/2019 13:12:53 - Finished Code Analysis, Email and URL Extraction [INFO] 03/Oct/2019 13:12:53 - Extracting Strings from APK invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length [INFO] 03/Oct/2019 13:12:55 - Detecting Firebase URL(s) [INFO] 03/Oct/2019 13:12:56 - Performing Malware Check on extracted Domains [INFO] 03/Oct/2019 13:12:57 - Malware Database is up-to-date [INFO] 03/Oct/2019 13:12:58 - Generating Java and Smali Downloads [INFO] 03/Oct/2019 13:12:58 - Generating Downloads [INFO] 03/Oct/2019 13:12:58 - Zipping [INFO] 03/Oct/2019 13:12:58 - Zipping [INFO] 03/Oct/2019 13:12:59 - Connecting to Database [INFO] 03/Oct/2019 13:12:59 - Saving to Database [ERROR] 03/Oct/2019 13:12:59 - Saving to DB Traceback (most recent call last): File "/home/pc/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/db_interaction.py", line 255, in create_db_entry CERT_INFO=cert_dic['cert_info'], TypeError: 'NoneType' object is not subscriptable [ERROR] 03/Oct/2019 13:12:59 - Rendering to Template Traceback (most recent call last): File "/home/pc/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/db_interaction.py", line 120, in get_context_from_analysis 'certinfo': cert_dic['cert_info'], TypeError: 'NoneType' object is not subscriptable [ERROR] 03/Oct/2019 13:12:59 - Error Performing Static Analysis Traceback (most recent call last): File "/home/pc/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/static_analyzer.py", line 270, in static_analyzer context['average_cvss'], context['security_score'] = score(context['findings']) TypeError: 'NoneType' object is not subscriptable [ERROR] 03/Oct/2019 13:12:59 - 'NoneType' object is not subscriptable [ERROR] 03/Oct/2019 13:12:59 - Internal Server Error: /StaticAnalyzer/
ENVIRONMENT
EXPLANATION OF THE ISSUE
STEPS TO REPRODUCE THE ISSUE
LOG FILE