search

MobSF / Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
https://opensecurity.in
GNU General Public License v3.0
17.56k stars 3.25k forks source link

App Crashes when starting Frida Instrumentation #2207

Closed W0lfbane closed 1 year ago

W0lfbane commented 1 year ago

ENVIRONMENT

OS and Version: Ubuntu 22.04.1
Python Version: 3.10.6
MobSF Version: 3.6.8

EXPLANATION OF THE ISSUE

This appears to only happen with split APKs, here is the issue:

First, after scanning the "base.apk" of a split apk package, I run the DAST scan against it. The DAST scanner only brings in base.apk and nothing else, so the application does not function normally. I am able to resolve this by running "adb install-multiple " to get the full app installed. Once this is done, I'm able to run activities and start the app normally, however when I click the button for instrumentation the app crashes immediately and I can find this in the logstream:

07-06 21:21:15.646 18593 18593 I dex2oat : /system/bin/dex2oat --dex-file=/data/data/com.step.step/cache/frida7760912772265853138.dex --output-vdex-fd=79 --oat-fd=82 --oat-location=/data/data/com.step.step/cache/oat/x86_64/frida7760912772265853138.odex --compiler-filter=quicken --class-loader-context=&\n'
...
07-06 21:21:16.181 18480 18606 E Braze v18.0.1 .bo.app.r: java.lang.ClassNotFoundException: Didn\'t find class "[L[B;" on path: DexPathList[[dex file "/data/data/com.step.step/cache/frida7760912772265853138.dex"],nativeLibraryDirectories=[/system/lib64]]\n'
07-06 21:21:16.259 18480 18607 E Braze v18.0.1 .bo.app.r: java.lang.ClassNotFoundException: Didn\'t find class "[L[B;" on path: DexPathList[[dex file "/data/data/com.step.step/cache/frida7760912772265853138.dex"],nativeLibraryDirectories=[/system/lib64]]\n'
...
07-06 21:21:17.146 18480 18606 E Braze v18.0.1 .bo.app.r: java.lang.ClassNotFoundException: Didn\'t find class "[L[B;" on path: DexPathList[[dex file "/data/data/com.step.step/cache/frida7760912772265853138.dex"],nativeLibraryDirectories=[/system/lib64]]\n'
07-06 21:21:17.447 18480 18625 E AndroidRuntime: Process: com.step.step, PID: 18480\n'
07-06 21:21:17.447 18480 18625 E AndroidRuntime: java.lang.Error: java.lang.ClassNotFoundException: Didn\'t find class "[L[B;" on path: DexPathList[[dex file "/data/data/com.step.step/cache/frida7760912772265853138.dex"],nativeLibraryDirectories=[/system/lib64]]\n'
07-06 21:21:17.447 18480 18625 E AndroidRuntime: Caused by: java.lang.ClassNotFoundException: Didn\'t find class "[L[B;" on path: DexPathList[[dex file "/data/data/com.step.step/cache/frida7760912772265853138.dex"],nativeLibraryDirectories=[/system/lib64]]\n'

STEPS TO REPRODUCE THE ISSUE

1. Start DAST scanner
3. adb install-multiple <your-split-apks>
4. Click instrumentation button

LOG FILE

debug.log

github-actions[bot] commented 1 year ago

👋 @W0lfbane Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

ajinabraham commented 1 year ago

If you can run the application from the VM/emulator, you should be able to run it with frida. We are launching the app with frida instrumentation https://github.com/MobSF/Mobile-Security-Framework-MobSF/blob/3c7c9afecd2ba6cd51dd860112331ce352a4b692/mobsf/DynamicAnalyzer/views/android/frida_core.py#L130

Couple of things can happen or to try out.

  1. Install the app via Play store and use the same for dynamic analysis.
  2. The app has anti frida code that detects frida server and triggers a crash.
  3. Try running with most of the frida hooks disabled and see if that works.
  4. Use a different VM/emulator like Corellium
  5. Check with frida support as the exception happens after we attempt to run the app with frida.