search

MobSF / Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
https://opensecurity.in
GNU General Public License v3.0
16.66k stars 3.16k forks source link

May be a androguard tool issue. May need to be updated. Error Parsing #2356

Closed mkurtakoti closed 3 months ago

mkurtakoti commented 3 months ago

ENVIRONMENT

OS and Version: Mac Ventura
Python Version: 3.10.12
MobSF Version: Docker latest version available v3.9.3

EXPLANATION OF THE ISSUE

Tried to run MOBSF for publicly available app Tableau in Android Play store.
However, it gives error "Exception for the parsers.   res1 must be zero!".

Upon checking found out that it is giving KeyError for resources.arsc. 
File "/usr/local/lib/python3.8/dist-packages/androguard/core/bytecodes/apk.py", line 1556, in get_android_resources

return self.arsc["resources.arsc"]

KeyError: 'resources.arsc'

STEPS TO REPRODUCE THE ISSUE

1. This is the first step
Download app from public store Tableau (Android)
2. This is the second step
Extract base.apk file from the device.
3. Further steps, etc.
Load to MobSF

LOG FILE

2024-03-08 18:49:02

mobsf_container
[INFO] 08/Mar/2024 18:49:02 - Getting Hardcoded Certificates/Keystores

2024-03-08 18:49:02

mobsf_container
[INFO] 08/Mar/2024 18:49:02 - Getting AndroidManifest.xml from APK

2024-03-08 18:49:02

mobsf_container
[INFO] 08/Mar/2024 18:49:02 - Parsing AndroidManifest.xml

2024-03-08 18:49:02

mobsf_container
[ERROR] 08/Mar/2024 18:49:02 - Error Performing Static Analysis

2024-03-08 18:49:02

mobsf_container
Traceback (most recent call last):

2024-03-08 18:49:02

mobsf_container
File "/usr/local/lib/python3.8/dist-packages/androguard/core/bytecodes/apk.py", line 1556, in get_android_resources

2024-03-08 18:49:02

mobsf_container
return self.arsc["resources.arsc"]

2024-03-08 18:49:02

mobsf_container
KeyError: 'resources.arsc'

2024-03-08 18:49:02

mobsf_container
During handling of the above exception, another exception occurred:

2024-03-08 18:49:02

mobsf_container
Traceback (most recent call last):

2024-03-08 18:49:02

mobsf_container
File "/home/user/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/android/static_analyzer.py", line 174, in static_analyzer

2024-03-08 18:49:02

mobsf_container
app_dic['real_name'] = get_app_name(

2024-03-08 18:49:02

mobsf_container
File "/home/user/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/android/static_analyzer.py", line 626, in get_app_name

2024-03-08 18:49:02

mobsf_container
real_name = a.get_app_name()

2024-03-08 18:49:02

mobsf_container
File "/usr/local/lib/python3.8/dist-packages/androguard/core/bytecodes/apk.py", line 476, in get_app_name

2024-03-08 18:49:02

mobsf_container
res_parser = self.get_android_resources()

2024-03-08 18:49:02

mobsf_container
File "/usr/local/lib/python3.8/dist-packages/androguard/core/bytecodes/apk.py", line 1562, in get_android_resources
github-actions[bot] commented 3 months ago

👋 @mkurtakoti Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

mkurtakoti commented 3 months ago

Upon checking further, it seems this is due to split APKs. For most of the app which has split APKs it worked fine. But for this one it was failing. When I merged APKs to one and tried. It worked fine.

arcao commented 3 months ago

It looks like same issue like #2352.

arcao commented 3 months ago

This can be replicated by any APK downloaded from recently published AAB on Google Play console. For example this attached archive APK created by Google Play console cause this error too.

240307133-archived.zip

APK generated directly with Gradle assemble task is analyzed without any error. So I guess it's caused by some change in bundle tool used by Google Play console.

Note: This app is secured by app integrity provided directly by Google Play.

arcao commented 3 months ago

I created issue in androguard: https://github.com/androguard/androguard/issues/1014

ajinabraham commented 3 months ago 
Traceback (most recent call last):
  File "/U***py3.10/lib/python3.10/site-packages/androguard/core/bytecodes/apk.py", line 1556, in get_android_resources
    return self.arsc["resources.arsc"]
KeyError: 'resources.arsc'

This definitely is coming from androguard. I will will see if we can gracefully handle this exception and proceed with next steps.

ajinabraham commented 3 months ago

We made changes to support latest androguard with the fix when it is made available. Awaiting for them to release a new release with the fix. Closing this issue here.

derekkddj commented 1 month ago

when will be this available in the docker image?