Open berial5 opened 1 year ago
👋 @berial5 Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.
Reproduced this, code analysis works at my end, but there is a pid kill happening just before string extraction.
So Memory leak is not true? And Could you tell me some advices to continue the process ? update ?
We need to investigate this and identify the root cause of why the PID is getting killed, the error code suggests that it is a memory leak, but can only confirm after investigation.
I guess you cannot scan the said APK(s) until this is fixed.
Hi guys, I got the same problem with another APK, stuck during the Code Analysis on MobSF 3.6.6 Beta. Find below the error logs after several hours running:
[INFO] 28/Apr/2023 12:08:46 - Code Analysis Started on - java_source [2023-04-28 23:32:46 +0200] [59117] [CRITICAL] WORKER TIMEOUT (pid:59118) [2023-04-28 23:32:47 +0200] [59117] [WARNING] Worker with pid 59118 was terminated due to signal 9 [2023-04-28 23:32:47 +0200] [59525] [INFO] Booting worker with pid: 59525 [2023-04-29 01:33:34 +0200] [59117] [CRITICAL] WORKER TIMEOUT (pid:59525) [2023-04-29 01:33:35 +0200] [59535] [INFO] Booting worker with pid: 59535 [2023-04-29 05:09:50 +0200] [59117] [CRITICAL] WORKER TIMEOUT (pid:59535) [2023-04-29 05:09:50 +0200] [59604] [INFO] Booting worker with pid: 59604 [2023-04-29 07:02:55 +0200] [59117] [CRITICAL] WORKER TIMEOUT (pid:59604) [2023-04-29 07:02:56 +0200] [59648] [INFO] Booting worker with pid: 59648 [2023-04-29 09:03:44 +0200] [59117] [CRITICAL] WORKER TIMEOUT (pid:59648) [2023-04-29 09:03:44 +0200] [59655] [INFO] Booting worker with pid: 59655 [2023-04-29 10:21:33 +0200] [59117] [CRITICAL] WORKER TIMEOUT (pid:59655) [2023-04-29 10:21:33 +0200] [59658] [INFO] Booting worker with pid: 59658
Regards!
Hi, guys: I got the same problem with another APK, stuck during the Code Analysis on MobSF 3.6.6 Beta.
[INFO] 15/May/2023 09:41:19 -
| \/ | _ | |_/ || | | / / /
| |\/| |/ | '_ _ | | \ \ / / | | ' \
| | | | () | |_) |) | | \ V / ) | () |
|| ||\/|_./__/|| _/ |____()___/
[INFO] 15/May/2023 09:41:19 - [1m[34mMobile Security Framework v3.6.3 Beta[0m [INFO] 15/May/2023 09:41:19 - OS: Linux [INFO] 15/May/2023 09:41:19 - Platform: Linux-5.4.0-146-generic-x86_64-with-glibc2.27 [INFO] 15/May/2023 09:41:20 - Dist: ubuntu 18.04 Bionic Beaver [INFO] 15/May/2023 09:41:20 - MobSF Basic Environment Check [WARNING] 15/May/2023 09:41:20 - Dynamic Analysis related functions will not work. Make sure a Genymotion Android VM/Android Studio Emulator is running before performing Dynamic Analysis. [INFO] 15/May/2023 09:41:24 - MIME Type: application/octet-stream FILE: InceptioIda.ipa [INFO] 15/May/2023 09:41:24 - Performing Static Analysis of iOS IPA [INFO] 15/May/2023 09:41:25 - Checking for Update. [INFO] 15/May/2023 09:41:25 - No updates available. [INFO] 15/May/2023 09:42:08 -
If you use the API interface to upload the installation package for static analysis, you will get stuck here.
Hello guys,
It is also the same with me. Stuck on the analysis after uploading the APK. I've been waiting for it to complete for hours but no luck.
I have avoided this problem by modifying the process and triggering an additional submission through the API. This method may only be regarded as a temporary solution, for your reference only.
I have avoided this problem by modifying the process and triggering an additional submission through the API. This method may only be regarded as a temporary solution, for your reference only.
Any steps to reproduce this?
I get something similar. An IPA at 100Mb+ is fine but an APK at 40Mb breaks with the following
[INFO] 01/Jun/2023 09:03:20 - Converting classes9.dex to Smali Code
[INFO] 01/Jun/2023 09:03:20 - Converting classes11.dex to Smali Code
[INFO] 01/Jun/2023 09:03:20 - Converting classes3.dex to Smali Code
[INFO] 01/Jun/2023 09:03:20 - Converting classes7.dex to Smali Code
[INFO] 01/Jun/2023 09:03:21 - Converting classes6.dex to Smali Code
[INFO] 01/Jun/2023 09:03:21 - Converting classes.dex to Smali Code
[INFO] 01/Jun/2023 09:03:21 - Converting classes13.dex to Smali Code
[INFO] 01/Jun/2023 09:03:21 - Converting classes5.dex to Smali Code
[INFO] 01/Jun/2023 09:03:21 - Converting classes4.dex to Smali Code
[INFO] 01/Jun/2023 09:03:21 - Converting classes2.dex to Smali Code
[INFO] 01/Jun/2023 09:03:21 - Converting classes8.dex to Smali Code
[INFO] 01/Jun/2023 09:03:21 - Converting classes10.dex to Smali Code
[INFO] 01/Jun/2023 09:03:21 - Converting classes12.dex to Smali Code
[INFO] 01/Jun/2023 09:03:21 - Code Analysis Started on - java_source
[2023-06-01 09:04:48 +0000] [56] [WARNING] Worker with pid 3467 was terminated due to signal 9
[2023-06-01 09:04:48 +0000] [4189] [INFO] Booting worker with pid: 4189
[INFO] 01/Jun/2023 09:05:27 -
__ __ _ ____ _____ _____ __
| \/ | ___ | |__/ ___|| ___|_ _|___ / / /_
| |\/| |/ _ \| '_ \___ \| |_ \ \ / / |_ \| '_ \
| | | | (_) | |_) |__) | _| \ V / ___) | (_) |
|_| |_|\___/|_.__/____/|_| \_/ |____(_)___/
[INFO] 01/Jun/2023 09:05:27 - Mobile Security Framework v3.6.3 Beta
REST API Key: XXX
[INFO] 01/Jun/2023 09:05:27 - OS: Linux
[INFO] 01/Jun/2023 09:05:27 - Platform: Linux-5.15.90.1-microsoft-standard-WSL2-x86_64-with-glibc2.29
[INFO] 01/Jun/2023 09:05:27 - Dist: ubuntu 20.04 Focal Fossa
[INFO] 01/Jun/2023 09:05:27 - MobSF Basic Environment Check
[INFO] 01/Jun/2023 09:05:28 - Checking for Update.
[INFO] 01/Jun/2023 09:05:28 - No updates available.
I have avoided this problem by modifying the process and triggering an additional submission through the API. This method may only be regarded as a temporary solution, for your reference only.
Are you using it on a docker environment? Can you give a tutorial on how you did the work around please? Thanks mate!
Upon checking some of the past versions of MobSF, the following versions all have the same issue of getting stuck.
Then after trying the version MobSF v3.4.0 Beta it works.
The problem here is I want to use the latest version. I hope this get fixed soon.
Additional information.
The versions that are getting stuck is stopped around the logs below.
[INFO] 02/Jun/2023 06:11:39 - Trackers Database is outdated!
[INFO] 02/Jun/2023 06:11:39 - Updating Trackers Database....
[INFO] 02/Jun/2023 06:11:39 - Detecting Trackers
[INFO] 02/Jun/2023 06:11:40 - APK -> JAVA
[INFO] 02/Jun/2023 06:11:40 - Decompiling to Java with jadx
[INFO] 02/Jun/2023 06:11:49 - DEX -> SMALI
[INFO] 02/Jun/2023 06:11:49 - Converting classes.dex to Smali Code
[INFO] 02/Jun/2023 06:11:49 - Code Analysis Started on - java_source
[INFO] 02/Jun/2023 06:11:53 - Running NIAP Analyzer
[INFO] 02/Jun/2023 06:12:06 - Finished Code Analysis, Email and URL Extraction
[INFO] 02/Jun/2023 06:12:06 - Extracting Strings from APK
[INFO] 02/Jun/2023 06:12:06 - Detecting Firebase URL(s)
[INFO] 02/Jun/2023 06:12:06 - Performing Malware Check on extracted Domains
[INFO] 02/Jun/2023 06:12:07 - Maltrail Database is outdated!
[INFO] 02/Jun/2023 06:12:07 - Updating Maltrail Database
[INFO] 02/Jun/2023 06:12:07 - Connecting to Database
[INFO] 02/Jun/2023 06:12:07 - Saving to Database
I have avoided this problem by modifying the process and triggering an additional submission through the API. This method may only be regarded as a temporary solution, for your reference only.
Hey there, I'm hoping you could give some more information about your temporary solution
I have avoided this problem by modifying the process and triggering an additional submission through the API. This method may only be regarded as a temporary solution, for your reference only.
I seconded, may we please know what is this? Up to now the issue is still persisting.
Hi, I'm having the same issue albeit with a few extra steps to reproduce.
Environment: Ubuntu 22.04.2 LTS (Jammy Jellyfish) MobSF 3.8.6 Beta
Steps to reproduce:
I can fix this temporarily by restarting the MobSF instance. I was wondering, if am I using the tool incorrectly and if are there any steps that I have to do after running the Frida scripts in the dynamic analysis before I can use the static analyzer on a separate file.
This is unrelated. The code analysis being stuck is probably due to a regex dos/catastrophic backtracking from one of the SAST rules.
Can folks share problematic APKs here so that we can take a look at the files and the rules causing the issue?
Got the same issue while doing the static analysis. I uploaded myjio apk version 7.0.55 and got stuck at the same point
(Downloaded the apk from apkmirror)
I’m currently on Mobsf v3.7.6
Tried on docker(It Took a lot of time on docker for jadx and jadx timeout error thrown) and got stuck at Code Analysis Started on - java_source
Tried on bare metal (windows 11 home). It’s also got stuck (but no jadx timeout error thrown)
It worked on the latest Signal APK on v3.9.2 Beta
on Docker. Downloaded the APK from apkpure.net
Make sure the apk
is all lowercase and alphanumeric characters, maybe even just 3 letters e.g. app.apk
and test. I found when it didn't work, renaming it fixed it 99.99% of the time
My whole system got stuck when i tried to upload a large size apk for static analysis , Please! Provide me some solution for the same
Probably unavoidable, will consider adding a timeout by default.
I tested it, and it has something to do with the machine configuration. If the memory is 128G or more, there will be no problem. Most of the freezes are because the memory is exhausted.
Another situation is that the java code generated by some apk decompilation is in the same file, resulting in a single java code file size of 2-10M, so it will get stuck in it during regular matching.
ENVIRONMENT
EXPLANATION OF THE ISSUE
STEPS TO REPRODUCE THE ISSUE
LOG FILE
the apk just by this url (it's so big that upload fail) https://mega.nz/file/YGgEiarD#yRR8dZK3UCb3t09TWt4I5c67aGQbtXVSmi5yCvyqKPk