search

MobSF / Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
https://opensecurity.in
GNU General Public License v3.0
16.66k stars 3.16k forks source link

[BUG] app_icon is missing for iOS-ipa Static scans #2397

Open syselement opened 4 weeks ago

syselement commented 4 weeks ago

ENVIRONMENT

OS and Version: Linux ubuntu-ad 6.8.0-35-generic
Python Version: 3.12.3
MobSF Version: v4.0.3 (since v3.7.6)

EXPLANATION OF THE ISSUE

Any IPA scanning generates a PNG file for the icon but it results unreadable (CgBI format).
This is happening since v3.7.6 both with docker image and with local build from scratch.

STEPS TO REPRODUCE THE ISSUE

1. Run mobsf with persistence

`docker run -it --rm --name mobsf -p 8000:8000 -v ~/docker/mobsf:/home/mobsf/.MobSF opensecurity/mobile-security-framework-mobsf:latest`

2. Upload `UnCrackable-Level1.ipa` (any ipa has the bug) file and wait for scanning completion.

3. Generated icon is missing/error.

4. Icon has **CgBI** file format, Apple's proprietary PNG extension.

I have tried the CgbiPngFix tool and it's working. You could integrate it someway in MobSF.

SCREENSHOTS

image image image

LOG FILE

[INFO] 05/Jun/2024 06:54:37 - Author: Ajin Abraham | opensecurity.in
[INFO] 05/Jun/2024 06:54:37 - Mobile Security Framework v4.0.3
[INFO] 05/Jun/2024 06:54:37 - OS Environment: Linux (ubuntu 22.04 Jammy Jellyfish) Linux-6.8.0-35-generic-x86_64-with-glibc2.35
[INFO] 05/Jun/2024 06:54:37 - MobSF Basic Environment Check
[INFO] 05/Jun/2024 06:54:37 - Checking for Update.
[INFO] 05/Jun/2024 06:54:37 - No updates available.
[INFO] 05/Jun/2024 06:55:19 - MIME Type: application/octet-stream FILE: UnCrackable-Level1.ipa
[INFO] 05/Jun/2024 06:55:19 - Performing Static Analysis of iOS IPA
[INFO] 05/Jun/2024 06:55:19 - iOS Binary (IPA) Analysis Started
[INFO] 05/Jun/2024 06:55:19 - Generating Hashes
[INFO] 05/Jun/2024 06:55:19 - Extracting IPA
[INFO] 05/Jun/2024 06:55:19 - Unzipping
[INFO] 05/Jun/2024 06:55:19 - Get Files, BIN Plist -> XML, and Normalize
[WARNING] 05/Jun/2024 06:55:19 - Failed to convert plist
[INFO] 05/Jun/2024 06:55:19 - iOS Info.plist Analysis Started
[INFO] 05/Jun/2024 06:55:19 - Finding Info.plist in iOS Binary
[INFO] 05/Jun/2024 06:55:19 - Checking Permissions
[INFO] 05/Jun/2024 06:55:19 - Checking for Insecure Connections
[INFO] 05/Jun/2024 06:55:19 - Fetching Details from App Store: sg.vp.UnCrackable1
[WARNING] 05/Jun/2024 06:55:21 - Unable to get app details.
[INFO] 05/Jun/2024 06:55:21 - Starting Binary Analysis
[INFO] 05/Jun/2024 06:55:21 - Running MachO Analysis on: UnCrackable Level 1
[INFO] 05/Jun/2024 06:55:21 - Getting Binary Information
[INFO] 05/Jun/2024 06:55:21 - Dumping classes
[INFO] 05/Jun/2024 06:55:21 - Running jtool against the binary for dumping classes
[INFO] 05/Jun/2024 06:55:21 - Running strings against the Binary
[INFO] 05/Jun/2024 06:55:21 - Library Binary Analysis Started
[INFO] 05/Jun/2024 06:55:21 - Framework Binary Analysis Started
[INFO] 05/Jun/2024 06:55:21 - Fetching icon path
[INFO] 05/Jun/2024 06:55:21 - Starting IPA URL and Email Extraction
[INFO] 05/Jun/2024 06:55:21 - Performing Malware Check on extracted Domains
[INFO] 05/Jun/2024 06:55:23 - Maltrail Database is outdated!
[INFO] 05/Jun/2024 06:55:23 - Updating Maltrail Database
[INFO] 05/Jun/2024 06:55:24 - Finished URL and Email Extraction
[INFO] 05/Jun/2024 06:55:25 - Trackers Database is outdated!
[INFO] 05/Jun/2024 06:55:25 - Updating Trackers Database....
[INFO] 05/Jun/2024 06:55:25 - Detecting Trackers from Domains
[INFO] 05/Jun/2024 06:55:25 - Detecting Firebase URL(s)
[INFO] 05/Jun/2024 06:55:25 - Connecting to DB
[INFO] 05/Jun/2024 06:55:25 - Saving to Database
[INFO] 05/Jun/2024 06:55:25 - Analysis is already Done. Fetching data from the DB...
[WARNING] 05/Jun/2024 06:55:33 - Not Found: /favicon.ico

Thanks

github-actions[bot] commented 4 weeks ago

👋 @syselement Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

ajinabraham commented 3 weeks ago

It’s Apple proprietary. I don't know of any lib or utility that does this in non apple ecosystem, the last time I checked. Closing this since we cannot address this today.

syselement commented 3 weeks ago

It’s Apple proprietary. I don't know of any lib or utility that does this in non apple ecosystem, the last time I checked. Closing this since we cannot address this today.

Yeah, got it. Have you tried https://github.com/poolqa/CgbiPngFix ?

ajinabraham commented 2 weeks ago

Interesting, let me take a look at this.