Closed AmmeySaini closed 2 months ago
👋 @AmmeySaini Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.
I think this might have something to do with JADX, but I did notice a weird behavior after I changed the value for MOBSF_JADX_TIMEOUT
to 3600
, the default is 1800
, now it's stuck at Code Analysis Started on - java_source
for approx 5 hours
pls upload apk,i'll test it.
it's already mentioned in the description tho, but here is the URL again APK
It's tiktok. It's not surprising. You can't imagine this behemoth. It has more than 180,000 classes and more than 1 million methods. It is normal to be slow. It consumes CPU and memory extremely because it is too big. It is recommended to use SSD analysis to provide IO reading and writing efficiency, memory 64G or more
I kept it running the whole day yesterday and I did receive the same error logs Code Analysis kept running for 10+ hours (check logs for exact timings) and again crashed with the same error
Part of the Log (Full logs for the error are the same as uploaded initially, this log is just for timestamping the errors):
[INFO] 31/Mar/2024 09:51:38 - Code Analysis Started on - java_source Skipping large file /root/.MobSF/uploads/d19c637963fca0f77ab840b94e815468/java_source/X/C17010ld.java [WARNING] 31/Mar/2024 15:27:53 - Not Found: /.env [WARNING] 31/Mar/2024 18:24:13 - Not Found: /robots.txt [WARNING] 31/Mar/2024 18:24:13 - Not Found: /sitemap.xml [DEBUG] 31/Mar/2024 23:27:45 - Exception while resolving variable 'build_absolute_uri' in template 'unknown'. Traceback (most recent call last):
I believe this might be due to the big codebase of the APK, but there should be a better way to handle this kind of behavior
I'm using a dedicated VPS for this 1 TB SSD, 128 GB RAM, Ubuntu OS, I'm not sure about cores, but it's 16+ for sure
modify jadx(mobsf\StaticAnalyzer\tools\jadx\bin)
set DEFAULT_JVM_OPTS="-Xms128M" "-XX:MaxRAMPercentage=70.0" "-XX:+UseG1GC"
change to:
set DEFAULT_JVM_OPTS="-Xms16G" "-XX:MaxRAMPercentage=70.0" "-XX:+UseG1GC"
This did help. The entire analysis process only took a few minutes. I wonder if this information has already been mentioned in the documentation. If not, it should be included.
There might be another issue, the analysis was a success, but when I tried downloading the java code, the java (zip) file was all empty, not even able to view the codes in mobsf dashboard
Works for me on an MBP without any modification, 6 Core, 2.6 GHz Core i7 | 32GB RAM
[INFO] 11/Apr/2024 03:38:04 - Code Analysis Started on - java_source
Skipping large file /***/.MobSF/uploads/d19c637963fca0f77ab840b94e815468/java_source/X/C17010ld.java
[INFO] 11/Apr/2024 03:51:53 - Android SAST Completed
[INFO] 11/Apr/2024 03:51:53 - Android API Analysis Started
Skipping large file /***/.MobSF/uploads/d19c637963fca0f77ab840b94e815468/java_source/X/C17010ld.java
[INFO] 11/Apr/2024 03:58:31 - Android Permission Mapping Started
Skipping large file /***/.MobSF/uploads/d19c637963fca0f77ab840b94e815468/java_source/X/C17010ld.java
[INFO] 11/Apr/2024 04:39:00 - Android Permission Mapping Completed
[INFO] 11/Apr/2024 04:41:32 - Finished Code Analysis, Email and URL Extraction
[INFO] 11/Apr/2024 04:41:32 - Extracting Data from APK
[INFO] 11/Apr/2024 04:41:42 - Extracting Data from Source Code
[INFO] 11/Apr/2024 04:43:19 - Detecting Firebase URL(s)
[INFO] 11/Apr/2024 04:43:19 - Performing Malware Check on extracted Domains
[INFO] 11/Apr/2024 04:43:20 - Maltrail Database is outdated!
[INFO] 11/Apr/2024 04:43:20 - Updating Maltrail Database
[INFO] 11/Apr/2024 04:43:50 - Saving to Database
[INFO] 11/Apr/2024 04:44:06 - Scan Hash: d19c637963fca0f77ab840b94e815468
[INFO] 11/Apr/2024 04:44:06 - Starting Analysis on: tiktok-v31.5.3.apk
[INFO] 11/Apr/2024 04:44:06 - Analysis is already Done. Fetching data from the DB...
ENVIRONMENT
EXPLANATION OF THE ISSUE
STEPS TO REPRODUCE THE ISSUE
LOG FILE
debug.log