search

MobSF / Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
https://opensecurity.in
GNU General Public License v3.0
16.65k stars 3.16k forks source link

Static review stuck in code analysis #2162

Open berial5 opened 1 year ago

berial5 commented 1 year ago

ENVIRONMENT

OS and Version: Win11 21H2 22000.16963.
Python Version: python 3.8.8
MobSF Version: v3.6.3Beta

EXPLANATION OF THE ISSUE

I can check some old version of this apk and they are lillte.
But as for the latest,it doesn't work and just stuck.

STEPS TO REPRODUCE THE ISSUE

1. run.bat
2. upload in locahost:8000
3. 100%upload then console stuck

LOG FILE

 |  \/  | ___ | |__/ ___||  ___|_   _|___ / / /_  
 | |\/| |/ _ \| '_ \___ \| |_  \ \ / / |_ \| '_ \ 
 | |  | | (_) | |_) |__) |  _|  \ V / ___) | (_) |
 |_|  |_|\___/|_.__/____/|_|     \_/ |____(_)___/ 

[INFO] 13/Apr/2023 14:02:30 - Mobile Security Framework v3.6.3 Beta
[INFO] 13/Apr/2023 14:02:30 - OS: Windows
[INFO] 13/Apr/2023 14:02:30 - Platform: Windows-10-10.0.22000-SP0
[INFO] 13/Apr/2023 14:02:30 - MobSF Basic Environment Check
[WARNING] 13/Apr/2023 14:02:31 - Dynamic Analysis related functions will not work. 
Make sure a Genymotion Android VM/Android Studio Emulator is running before performing Dynamic Analysis.
[WARNING] 13/Apr/2023 14:02:32 - Dynamic Analysis related functions will not work. 
Make sure a Genymotion Android VM/Android Studio Emulator is running before performing Dynamic Analysis.
[ERROR] 13/Apr/2023 14:02:35 - Is the Android VM running?
MobSF cannot identify device id.
Please set ANALYZER_IDENTIFIER in C:\Users\Berial\.MobSF\config.py
[INFO] 13/Apr/2023 14:02:36 - Checking for Update.
[INFO] 13/Apr/2023 14:02:37 - No updates available.
[INFO] 13/Apr/2023 14:02:48 - MIME Type: application/vnd.android.package-archive FILE: 6.6.2.apk
[INFO] 13/Apr/2023 14:02:48 - Performing Static Analysis of Android APK
[INFO] 13/Apr/2023 14:02:48 - Scan Hash: dd3c654e23322a631e155256588b9907
[INFO] 13/Apr/2023 14:02:48 - Starting Analysis on: 6.6.2.apk
[INFO] 13/Apr/2023 14:02:48 - Generating Hashes
[INFO] 13/Apr/2023 14:02:49 - Unzipping
[INFO] 13/Apr/2023 14:02:55 - APK Extracted
[INFO] 13/Apr/2023 14:02:55 - Getting Hardcoded Certificates/Keystores
[INFO] 13/Apr/2023 14:02:55 - Getting AndroidManifest.xml from APK
[INFO] 13/Apr/2023 14:02:55 - Converting AXML to XML
[INFO] 13/Apr/2023 14:03:09 - Parsing AndroidManifest.xml
[INFO] 13/Apr/2023 14:03:11 - Fetching icon path
[INFO] 13/Apr/2023 14:03:12 - Extracting Manifest Data
[INFO] 13/Apr/2023 14:03:12 - Fetching Details from Play Store: com.xiaomi.hm.health
[INFO] 13/Apr/2023 14:03:33 - Manifest Analysis Started
[INFO] 13/Apr/2023 14:03:33 - Reading Network Security Config
[INFO] 13/Apr/2023 14:03:33 - Parsing Network Security Config
[INFO] 13/Apr/2023 14:03:33 - Binary Analysis Started
[INFO] 13/Apr/2023 14:03:33 - Analyzing lib/arm64-v8a/libab153x-peq.so
[INFO] 13/Apr/2023 14:03:34 - Analyzing lib/arm64-v8a/libaivs_jni.so
[INFO] 13/Apr/2023 14:03:34 - Analyzing lib/arm64-v8a/libAMapSDK_MAP_v9_4_0.so
[INFO] 13/Apr/2023 14:03:34 - Analyzing lib/arm64-v8a/libantidebug-lib.so
[INFO] 13/Apr/2023 14:03:34 - Analyzing lib/arm64-v8a/libantirepack-lib.so
[INFO] 13/Apr/2023 14:03:34 - Analyzing lib/arm64-v8a/libBodyfat.so
[INFO] 13/Apr/2023 14:03:34 - Analyzing lib/arm64-v8a/libbsdiffpatch.so
[INFO] 13/Apr/2023 14:03:34 - Analyzing lib/arm64-v8a/libc++_shared.so
[INFO] 13/Apr/2023 14:03:35 - Analyzing lib/arm64-v8a/libcardioDecider.so
[INFO] 13/Apr/2023 14:03:35 - Analyzing lib/arm64-v8a/libcardioRecognizer.so
[INFO] 13/Apr/2023 14:03:35 - Analyzing lib/arm64-v8a/libcardioRecognizer_tegra2.so
[INFO] 13/Apr/2023 14:03:35 - Analyzing lib/arm64-v8a/libcrypto-lib.so
[INFO] 13/Apr/2023 14:03:35 - Analyzing lib/arm64-v8a/libdataProcess.so
[INFO] 13/Apr/2023 14:03:35 - Analyzing lib/arm64-v8a/libdevice-compress.so
[INFO] 13/Apr/2023 14:03:35 - Analyzing lib/arm64-v8a/libdevice-encrypt.so
[INFO] 13/Apr/2023 14:03:35 - Analyzing lib/arm64-v8a/libete.so
[INFO] 13/Apr/2023 14:03:35 - Analyzing lib/arm64-v8a/libfb.so
[INFO] 13/Apr/2023 14:03:35 - Analyzing lib/arm64-v8a/libfolly_json.so
[INFO] 13/Apr/2023 14:03:35 - Analyzing lib/arm64-v8a/libglog.so
[INFO] 13/Apr/2023 14:03:36 - Analyzing lib/arm64-v8a/libglog_init.so
[INFO] 13/Apr/2023 14:03:36 - Analyzing lib/arm64-v8a/libgps-filter.so
[INFO] 13/Apr/2023 14:03:36 - Analyzing lib/arm64-v8a/libHealthCare.so
[INFO] 13/Apr/2023 14:03:36 - Analyzing lib/arm64-v8a/libhtBodyfatBia4TwoLegs.so
[INFO] 13/Apr/2023 14:03:36 - Analyzing lib/arm64-v8a/libimagepipeline.so
[INFO] 13/Apr/2023 14:03:36 - Analyzing lib/arm64-v8a/libimage_processing_util_jni.so
[INFO] 13/Apr/2023 14:03:36 - Analyzing lib/arm64-v8a/libiwds.so
[INFO] 13/Apr/2023 14:03:37 - Analyzing lib/arm64-v8a/libJhmSignal.so
[INFO] 13/Apr/2023 14:03:37 - Analyzing lib/arm64-v8a/libjni_liveness_silent.so
[INFO] 13/Apr/2023 14:03:37 - Analyzing lib/arm64-v8a/libjsc.so
[INFO] 13/Apr/2023 14:03:37 - Analyzing lib/arm64-v8a/libjscexecutor.so
[INFO] 13/Apr/2023 14:03:37 - Analyzing lib/arm64-v8a/libjsinspector.so
[INFO] 13/Apr/2023 14:03:37 - Analyzing lib/arm64-v8a/libkoom-fast-dump.so
[INFO] 13/Apr/2023 14:03:37 - Analyzing lib/arm64-v8a/libkoom-strip-dump.so
[INFO] 13/Apr/2023 14:03:38 - Analyzing lib/arm64-v8a/libkwai-android-base.so
[INFO] 13/Apr/2023 14:03:38 - Analyzing lib/arm64-v8a/liblogan.so
[INFO] 13/Apr/2023 14:03:38 - Analyzing lib/arm64-v8a/libmibraindec.so
[INFO] 13/Apr/2023 14:03:38 - Analyzing lib/arm64-v8a/libmibrainjni.so
[INFO] 13/Apr/2023 14:03:38 - Analyzing lib/arm64-v8a/libmibrainsdk.so
[INFO] 13/Apr/2023 14:03:38 - Analyzing lib/arm64-v8a/libmmkv.so
[INFO] 13/Apr/2023 14:03:38 - Analyzing lib/arm64-v8a/libocr-sdk.so
[INFO] 13/Apr/2023 14:03:38 - Analyzing lib/arm64-v8a/libopencv_core.so
[INFO] 13/Apr/2023 14:03:39 - Analyzing lib/arm64-v8a/libopencv_imgproc.so
[INFO] 13/Apr/2023 14:03:39 - Analyzing lib/arm64-v8a/libopencv_java4.so
[INFO] 13/Apr/2023 14:03:40 - Analyzing lib/arm64-v8a/libopustool.so
[INFO] 13/Apr/2023 14:03:41 - Analyzing lib/arm64-v8a/libpng2tga.so
[INFO] 13/Apr/2023 14:03:41 - Analyzing lib/arm64-v8a/libquicklz.so
[INFO] 13/Apr/2023 14:03:41 - Analyzing lib/arm64-v8a/libreactnativejni.so
[INFO] 13/Apr/2023 14:03:41 - Analyzing lib/arm64-v8a/libresample.so
[INFO] 13/Apr/2023 14:03:41 - Analyzing lib/arm64-v8a/libsdk_patcher_jni.so
[INFO] 13/Apr/2023 14:03:41 - Analyzing lib/arm64-v8a/libsharewind.so
[INFO] 13/Apr/2023 14:03:41 - Analyzing lib/arm64-v8a/libsogouenc.so
[INFO] 13/Apr/2023 14:03:41 - Analyzing lib/arm64-v8a/libsport-run.so
[INFO] 13/Apr/2023 14:03:41 - Analyzing lib/arm64-v8a/libstidsilent_liveness.so
[INFO] 13/Apr/2023 14:03:41 - Analyzing lib/arm64-v8a/libtha.so
[INFO] 13/Apr/2023 14:03:41 - Analyzing lib/arm64-v8a/libuptsmblesdk.so
[INFO] 13/Apr/2023 14:03:41 - Analyzing lib/arm64-v8a/libuptsmblesdkservice.so
[INFO] 13/Apr/2023 14:03:42 - Analyzing lib/arm64-v8a/libvad2.so
[INFO] 13/Apr/2023 14:03:42 - Analyzing lib/arm64-v8a/libweibosdkcore.so
[INFO] 13/Apr/2023 14:03:42 - Analyzing lib/arm64-v8a/libxhook_lib.so
[INFO] 13/Apr/2023 14:03:42 - Analyzing lib/arm64-v8a/libxmd.so
[INFO] 13/Apr/2023 14:03:43 - Analyzing lib/arm64-v8a/libyoga.so
[INFO] 13/Apr/2023 14:03:43 - Reading Code Signing Certificate
[INFO] 13/Apr/2023 14:03:43 - Running APKiD 2.1.4
[INFO] 13/Apr/2023 14:04:06 - Trackers Database is up-to-date
[INFO] 13/Apr/2023 14:04:06 - Detecting Trackers
[INFO] 13/Apr/2023 14:04:21 - APK -> JAVA
[INFO] 13/Apr/2023 14:04:21 - Decompiling to Java with jadx
[INFO] 13/Apr/2023 14:06:17 - DEX -> SMALI
[INFO] 13/Apr/2023 14:06:17 - Converting classes.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes10.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes11.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes12.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes13.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes14.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes15.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes16.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes17.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes18.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes19.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes2.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes20.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes21.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes22.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes23.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes24.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes3.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes4.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes5.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes6.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes7.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes8.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Converting classes9.dex to Smali Code
[INFO] 13/Apr/2023 14:06:17 - Code Analysis Started on - java_source

the apk just by this url (it's so big that upload fail) https://mega.nz/file/YGgEiarD#yRR8dZK3UCb3t09TWt4I5c67aGQbtXVSmi5yCvyqKPk

github-actions[bot] commented 1 year ago

👋 @berial5 Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

ajinabraham commented 1 year ago

Reproduced this, code analysis works at my end, but there is a pid kill happening just before string extraction.

berial5 commented 1 year ago

So Memory leak is not true? And Could you tell me some advices to continue the process ? update ?

ajinabraham commented 1 year ago

We need to investigate this and identify the root cause of why the PID is getting killed, the error code suggests that it is a memory leak, but can only confirm after investigation.

I guess you cannot scan the said APK(s) until this is fixed.

cibermike20 commented 1 year ago

Hi guys, I got the same problem with another APK, stuck during the Code Analysis on MobSF 3.6.6 Beta. Find below the error logs after several hours running:

[INFO] 28/Apr/2023 12:08:46 - Code Analysis Started on - java_source [2023-04-28 23:32:46 +0200] [59117] [CRITICAL] WORKER TIMEOUT (pid:59118) [2023-04-28 23:32:47 +0200] [59117] [WARNING] Worker with pid 59118 was terminated due to signal 9 [2023-04-28 23:32:47 +0200] [59525] [INFO] Booting worker with pid: 59525 [2023-04-29 01:33:34 +0200] [59117] [CRITICAL] WORKER TIMEOUT (pid:59525) [2023-04-29 01:33:35 +0200] [59535] [INFO] Booting worker with pid: 59535 [2023-04-29 05:09:50 +0200] [59117] [CRITICAL] WORKER TIMEOUT (pid:59535) [2023-04-29 05:09:50 +0200] [59604] [INFO] Booting worker with pid: 59604 [2023-04-29 07:02:55 +0200] [59117] [CRITICAL] WORKER TIMEOUT (pid:59604) [2023-04-29 07:02:56 +0200] [59648] [INFO] Booting worker with pid: 59648 [2023-04-29 09:03:44 +0200] [59117] [CRITICAL] WORKER TIMEOUT (pid:59648) [2023-04-29 09:03:44 +0200] [59655] [INFO] Booting worker with pid: 59655 [2023-04-29 10:21:33 +0200] [59117] [CRITICAL] WORKER TIMEOUT (pid:59655) [2023-04-29 10:21:33 +0200] [59658] [INFO] Booting worker with pid: 59658

Regards!

junwei-liu commented 1 year ago

Hi, guys: I got the same problem with another APK, stuck during the Code Analysis on MobSF 3.6.6 Beta.

[INFO] 15/May/2023 09:41:19 -

| \/ | _ | |_/ || | | / / /
| |\/| |/ | '_ _ | | \ \ / / | | ' \ | | | | () | |_) |) | | \ V / ) | () | || ||\/|_./__/|| _/ |____()___/

[INFO] 15/May/2023 09:41:19 - Mobile Security Framework v3.6.3 Beta [INFO] 15/May/2023 09:41:19 - OS: Linux [INFO] 15/May/2023 09:41:19 - Platform: Linux-5.4.0-146-generic-x86_64-with-glibc2.27 [INFO] 15/May/2023 09:41:20 - Dist: ubuntu 18.04 Bionic Beaver [INFO] 15/May/2023 09:41:20 - MobSF Basic Environment Check [WARNING] 15/May/2023 09:41:20 - Dynamic Analysis related functions will not work. Make sure a Genymotion Android VM/Android Studio Emulator is running before performing Dynamic Analysis. [INFO] 15/May/2023 09:41:24 - MIME Type: application/octet-stream FILE: InceptioIda.ipa [INFO] 15/May/2023 09:41:24 - Performing Static Analysis of iOS IPA [INFO] 15/May/2023 09:41:25 - Checking for Update. [INFO] 15/May/2023 09:41:25 - No updates available. [INFO] 15/May/2023 09:42:08 -

If you use the API interface to upload the installation package for static analysis, you will get stuck here.

Unkn0wnHunt commented 1 year ago

Hello guys,

It is also the same with me. Stuck on the analysis after uploading the APK. I've been waiting for it to complete for hours but no luck.

image

junwei-liu commented 1 year ago

I have avoided this problem by modifying the process and triggering an additional submission through the API. This method may only be regarded as a temporary solution, for your reference only.

HackJJ commented 1 year ago

I have avoided this problem by modifying the process and triggering an additional submission through the API. This method may only be regarded as a temporary solution, for your reference only.

Any steps to reproduce this?

I get something similar. An IPA at 100Mb+ is fine but an APK at 40Mb breaks with the following

[INFO] 01/Jun/2023 09:03:20 - Converting classes9.dex to Smali Code
[INFO] 01/Jun/2023 09:03:20 - Converting classes11.dex to Smali Code
[INFO] 01/Jun/2023 09:03:20 - Converting classes3.dex to Smali Code
[INFO] 01/Jun/2023 09:03:20 - Converting classes7.dex to Smali Code
[INFO] 01/Jun/2023 09:03:21 - Converting classes6.dex to Smali Code
[INFO] 01/Jun/2023 09:03:21 - Converting classes.dex to Smali Code
[INFO] 01/Jun/2023 09:03:21 - Converting classes13.dex to Smali Code
[INFO] 01/Jun/2023 09:03:21 - Converting classes5.dex to Smali Code
[INFO] 01/Jun/2023 09:03:21 - Converting classes4.dex to Smali Code
[INFO] 01/Jun/2023 09:03:21 - Converting classes2.dex to Smali Code
[INFO] 01/Jun/2023 09:03:21 - Converting classes8.dex to Smali Code
[INFO] 01/Jun/2023 09:03:21 - Converting classes10.dex to Smali Code
[INFO] 01/Jun/2023 09:03:21 - Converting classes12.dex to Smali Code
[INFO] 01/Jun/2023 09:03:21 - Code Analysis Started on - java_source
[2023-06-01 09:04:48 +0000] [56] [WARNING] Worker with pid 3467 was terminated due to signal 9
[2023-06-01 09:04:48 +0000] [4189] [INFO] Booting worker with pid: 4189
[INFO] 01/Jun/2023 09:05:27 -
  __  __       _    ____  _____       _____  __
 |  \/  | ___ | |__/ ___||  ___|_   _|___ / / /_
 | |\/| |/ _ \| '_ \___ \| |_  \ \ / / |_ \| '_ \
 | |  | | (_) | |_) |__) |  _|  \ V / ___) | (_) |
 |_|  |_|\___/|_.__/____/|_|     \_/ |____(_)___/

[INFO] 01/Jun/2023 09:05:27 - Mobile Security Framework v3.6.3 Beta
REST API Key: XXX
[INFO] 01/Jun/2023 09:05:27 - OS: Linux
[INFO] 01/Jun/2023 09:05:27 - Platform: Linux-5.15.90.1-microsoft-standard-WSL2-x86_64-with-glibc2.29
[INFO] 01/Jun/2023 09:05:27 - Dist: ubuntu 20.04 Focal Fossa
[INFO] 01/Jun/2023 09:05:27 - MobSF Basic Environment Check
[INFO] 01/Jun/2023 09:05:28 - Checking for Update.
[INFO] 01/Jun/2023 09:05:28 - No updates available.
Unkn0wnHunt commented 1 year ago

I have avoided this problem by modifying the process and triggering an additional submission through the API. This method may only be regarded as a temporary solution, for your reference only.

Are you using it on a docker environment? Can you give a tutorial on how you did the work around please? Thanks mate!

Unkn0wnHunt commented 1 year ago

Upon checking some of the past versions of MobSF, the following versions all have the same issue of getting stuck.

Then after trying the version MobSF v3.4.0 Beta it works.

The problem here is I want to use the latest version. I hope this get fixed soon.

Additional information.

The versions that are getting stuck is stopped around the logs below.

[INFO] 02/Jun/2023 06:11:39 - Trackers Database is outdated!
[INFO] 02/Jun/2023 06:11:39 - Updating Trackers Database....
[INFO] 02/Jun/2023 06:11:39 - Detecting Trackers
[INFO] 02/Jun/2023 06:11:40 - APK -> JAVA
[INFO] 02/Jun/2023 06:11:40 - Decompiling to Java with jadx
[INFO] 02/Jun/2023 06:11:49 - DEX -> SMALI
[INFO] 02/Jun/2023 06:11:49 - Converting classes.dex to Smali Code
[INFO] 02/Jun/2023 06:11:49 - Code Analysis Started on - java_source
[INFO] 02/Jun/2023 06:11:53 - Running NIAP Analyzer
[INFO] 02/Jun/2023 06:12:06 - Finished Code Analysis, Email and URL Extraction
[INFO] 02/Jun/2023 06:12:06 - Extracting Strings from APK
[INFO] 02/Jun/2023 06:12:06 - Detecting Firebase URL(s)
[INFO] 02/Jun/2023 06:12:06 - Performing Malware Check on extracted Domains
[INFO] 02/Jun/2023 06:12:07 - Maltrail Database is outdated!
[INFO] 02/Jun/2023 06:12:07 - Updating Maltrail Database
[INFO] 02/Jun/2023 06:12:07 - Connecting to Database
[INFO] 02/Jun/2023 06:12:07 - Saving to Database
sebastiantia commented 1 year ago

I have avoided this problem by modifying the process and triggering an additional submission through the API. This method may only be regarded as a temporary solution, for your reference only.

Hey there, I'm hoping you could give some more information about your temporary solution

Unkn0wnHunt commented 1 year ago

I have avoided this problem by modifying the process and triggering an additional submission through the API. This method may only be regarded as a temporary solution, for your reference only.

I seconded, may we please know what is this? Up to now the issue is still persisting.

kieranlee130 commented 6 months ago

Hi, I'm having the same issue albeit with a few extra steps to reproduce.

Environment: Ubuntu 22.04.2 LTS (Jammy Jellyfish) MobSF 3.8.6 Beta

Steps to reproduce:

  1. ./run.sh
  2. Use the static analyzer on an Android apk
  3. Run the dynamic analyzer and inject any Frida scripts
  4. Attempt to use the static analyzer on a different Android apk
  5. Stuck on code analysis

I can fix this temporarily by restarting the MobSF instance. I was wondering, if am I using the tool incorrectly and if are there any steps that I have to do after running the Frida scripts in the dynamic analysis before I can use the static analyzer on a separate file.

ajinabraham commented 6 months ago

This is unrelated. The code analysis being stuck is probably due to a regex dos/catastrophic backtracking from one of the SAST rules.

ajinabraham commented 6 months ago

Can folks share problematic APKs here so that we can take a look at the files and the rules causing the issue?

luk0y commented 6 months ago

Got the same issue while doing the static analysis. I uploaded myjio apk version 7.0.55 and got stuck at the same point

(Downloaded the apk from apkmirror)

I’m currently on Mobsf v3.7.6

Tried on docker(It Took a lot of time on docker for jadx and jadx timeout error thrown) and got stuck at Code Analysis Started on - java_source

Tried on bare metal (windows 11 home). It’s also got stuck (but no jadx timeout error thrown)

EvilWatermelon commented 5 months ago

It worked on the latest Signal APK on v3.9.2 Beta on Docker. Downloaded the APK from apkpure.net

HackJJ commented 5 months ago

Make sure the apk is all lowercase and alphanumeric characters, maybe even just 3 letters e.g. app.apk and test. I found when it didn't work, renaming it fixed it 99.99% of the time

2008shivamjha commented 3 months ago

My whole system got stuck when i tried to upload a large size apk for static analysis , Please! Provide me some solution for the same

ajinabraham commented 1 month ago

Probably unavoidable, will consider adding a timeout by default.

ohyeah521 commented 1 month ago

I tested it, and it has something to do with the machine configuration. If the memory is 128G or more, there will be no problem. Most of the freezes are because the memory is exhausted.

ohyeah521 commented 1 month ago

Another situation is that the java code generated by some apk decompilation is in the same file, resulting in a single java code file size of 2-10M, so it will get stuck in it during regular matching.