search

MobSF / Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
https://opensecurity.in
GNU General Public License v3.0
16.68k stars 3.16k forks source link

ResParserError: res1 must be zero! #2352

Closed RubenPauwelsUniWeb closed 4 months ago

RubenPauwelsUniWeb commented 4 months ago

ENVIRONMENT

OS and Version: Mac OS Sonoma 14.1.2
Python Version: Python 3.10.12 (Included in docker)
MobSF Version: v3.9.4 Beta (latest)

EXPLANATION OF THE ISSUE

When I try to upload an APK for static analysis I get the following error:

[ERROR] 06/Mar/2024 13:48:10 - Error Performing Static Analysis
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/dist-packages/androguard/core/bytecodes/apk.py", line 1556, in get_android_resources
    return self.arsc["resources.arsc"]
KeyError: 'resources.arsc'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/mobsf/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/android/static_analyzer.py", line 199, in static_analyzer
    app_dic['real_name'] = get_app_name(
  File "/home/mobsf/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/android/app.py", line 28, in get_app_name
    return a.get_app_name()
  File "/usr/local/lib/python3.10/dist-packages/androguard/core/bytecodes/apk.py", line 476, in get_app_name
    res_parser = self.get_android_resources()
  File "/usr/local/lib/python3.10/dist-packages/androguard/core/bytecodes/apk.py", line 1562, in get_android_resources
    self.arsc["resources.arsc"] = ARSCParser(self.zip.read("resources.arsc"))
  File "/usr/local/lib/python3.10/dist-packages/androguard/core/bytecodes/axml/__init__.py", line 1321, in __init__
    self.packages[package_name].append(ARSCResTypeSpec(self.buff, pc))
  File "/usr/local/lib/python3.10/dist-packages/androguard/core/bytecodes/axml/__init__.py", line 2181, in __init__
    raise ResParserError("res1 must be zero!")
androguard.core.bytecodes.axml.ResParserError: res1 must be zero!
[ERROR] 06/Mar/2024 13:48:10 - res1 must be zero!
[ERROR] 06/Mar/2024 13:48:10 - Internal Server Error: /static_analyzer/24b9b2533eab445fa8937cc31ba87253/

STEPS TO REPRODUCE THE ISSUE

  1. Run MobSF with the following command: docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
  2. Upload APK

LOG FILE

debug.log

github-actions[bot] commented 4 months ago

đź‘‹ @RubenPauwelsUniWeb Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

ajinabraham commented 4 months ago

This looks like an issue in a third party, androguard. You might want to report it upstream.

BrotherOfJhonny commented 3 months ago

Test carried out on 03/18/2024 Version: v3.9.5 Beta

Error persists, follow log.

[ERROR] 18/Mar/2024 12:20:48 - res1 must be zero! [ERROR] 18/Mar/2024 12:20:48 - Internal Server Error: /static_analyzer/9181a2f943285c469eb07916da7f962d/ [INFO] 18/Mar/2024 12:20:48 - Scan Hash: 9181a2f943285c469eb07916da7f962d [INFO] 18/Mar/2024 12:20:48 - Starting Analysis on: Aplicativo.apk [INFO] 18/Mar/2024 12:20:48 - Generating Hashes [INFO] 18/Mar/2024 12:20:48 - Unzipping [INFO] 18/Mar/2024 12:20:49 - APK Extracted [INFO] 18/Mar/2024 12:20:49 - Getting Hardcoded Certificates/Keystores [INFO] 18/Mar/2024 12:20:49 - Getting AndroidManifest.xml from APK [INFO] 18/Mar/2024 12:20:49 - Parsing AndroidManifest.xml [INFO] 18/Mar/2024 12:20:49 - Parsing APK with androguard [ERROR] 18/Mar/2024 12:20:49 - Error Performing Static Analysis Traceback (most recent call last): File "/usr/local/lib/python3.10/dist-packages/androguard/core/bytecodes/apk.py", line 1556, in get_android_resources return self.arsc["resources.arsc"] KeyError: 'resources.arsc'

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/home/mobsf/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/android/static_analyzer.py", line 199, in static_analyzer app_dic['real_name'] = get_app_name( File "/home/mobsf/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/android/app.py", line 28, in get_app_name return a.get_app_name() File "/usr/local/lib/python3.10/dist-packages/androguard/core/bytecodes/apk.py", line 476, in get_app_name res_parser = self.get_android_resources() File "/usr/local/lib/python3.10/dist-packages/androguard/core/bytecodes/apk.py", line 1562, in get_android_resources self.arsc["resources.arsc"] = ARSCParser(self.zip.read("resources.arsc")) File "/usr/local/lib/python3.10/dist-packages/androguard/core/bytecodes/axml/init.py", line 1321, in init self.packages[package_name].append(ARSCResTypeSpec(self.buff, pc)) File "/usr/local/lib/python3.10/dist-packages/androguard/core/bytecodes/axml/init.py", line 2181, in init raise ResParserError("res1 must be zero!") androguard.core.bytecodes.axml.ResParserError: res1 must be zero! [ERROR] 18/Mar/2024 12:20:49 - res1 must be zero!

ajinabraham commented 3 months ago

This is fixed in latest master branch, but not available in the docker image yet. The docker builds are failing due to pyQT dependency issue for ARM arch. You could build an image locally or use the code from latest master to fix this.