search

MobSF / Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
https://opensecurity.in
GNU General Public License v3.0
17.4k stars 3.23k forks source link

Don't Play Around. An Error just popped in! #263

Closed TokenDev18 closed 7 years ago

TokenDev18 commented 7 years ago

I am receiving the following error: Don't Play Around. An Error just popped in! 'NoneType' object is not iterable. Inappropriate argument type. This occurs when I am trying to analyze an IPA file. See error log below: [2016-11-10 21:17:20] [ERROR] Unzipping Error (MobSF/Mobile-Security-Framework-MobSF-0.9.2/StaticAnalyzer/views.py, LINE 956 "dat=subprocess.check_output(['unzip','-qq','-l',APP_PATH])"): Command '['unzip', '-qq', '-l', u'/MobSF/Mobile-Security-Framework-MobSF-0.9.2/uploads/10e096cf4c388211bedf6123013515c6/10e096cf4c388211bedf6123013515c6.ipa']' returned non-zero exit status 9 [INFO] Get Files, BIN Plist -> XML, and Normalize [INFO] Starting Binary Analysis

[2016-11-10 21:17:20] [ERROR] iOS Binary Analysis (MobSF/Mobile-Security-Framework-MobSF-0.9.2/StaticAnalyzer/views.py, LINE 2090 "dirs = os.listdir(SRC)"): [Errno 2] No such file or directory: '/MobSF/Mobile-Security-Framework-MobSF-0.9.2/uploads/10e096cf4c388211bedf6123013515c6/Payload/'

[2016-11-10 21:17:20] [ERROR] Static Analyzer iOS (MobSF/Mobile-Security-Framework-MobSF-0.9.2/StaticAnalyzer/views.py, LINE 1799 "INFO_PLIST,BIN_NAME,ID,VER,SDK,PLTFM,MIN,LIBS,BIN_ANAL=BinaryAnalysis(BIN_DIR,TOOLS_DIR,APP_DIR)"): 'NoneType' object is not iterable

ajinabraham commented 7 years ago

This happened because the unzipping operation is not successful.. from the logs, it seems you extracted MobSF to root. ("/MobSF/") This can cause problems, try moving to your home directory

SunnySangwan commented 6 years ago

Hi Ajin,

I am facing some error while running an apk in MobSf.

Below is the terminal data:

SunnySangwan commented 6 years ago

[INFO] Performing Static Analysis of Android APK [12/Jan/2018 09:03:13] "POST /upload/ HTTP/1.1" 200 137 [INFO] Starting Analysis on : iHomeSales.apk [INFO] Generating Hashes [INFO] Unzipping [INFO] Getting Hardcoded Certificates/Keystores [INFO] APK Extracted [INFO] Getting Manifest from Binary [INFO] AXML -> XML

[2018-01-12 09:03:13] [ERROR] AXMLPrinter2 Reading Manifest file (/home/appsec/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/manifest_analysis.py, LINE 1271 "dat = subprocess.check_output(args)"): [Errno 2] No such file or directory [INFO] Parsing AndroidManifest.xml [INFO] AXMLPrinter2 failed, trying with apktool [INFO] AXML -> XML

[2018-01-12 09:03:13] [ERROR] apktool Reading Manifest file (/home/appsec/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/manifest_analysis.py, LINE 1307 "subprocess.check_output(args)"): [Errno 2] No such file or directory

[2018-01-12 09:03:13] [ERROR] AXMLPrinter2 and apktool failed to extract AndroidManifest.xml or parsing failed (/home/appsec/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/manifest_analysis.py, LINE 32 "manifest = minidom.parse(manifest_file)"): 'NoneType' object has no attribute 'read' [WARNING] Using Fake XML to continue the Analysis [INFO] Fetching icon path [INFO] Extracting Manifest Data [INFO] Manifest Analysis Started [INFO] Static Android Binary Analysis Started [INFO] Static Android Resourse Analysis Started [INFO] Reading Code Signing Certificate

[2018-01-12 09:03:14] [ERROR] Reading Code Signing Certificate (/home/appsec/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/cert_analysis.py, LINE 64 "dat = subprocess.check_output(args)"): [Errno 2] No such file or directory [INFO] DEX -> JAR [INFO] Using JAR converter - dex2jar /home/appsec/Mobile-Security-Framework-MobSF/StaticAnalyzer/tools/d2j2/d2j_invoke.sh: 48: /home/appsec/Mobile-Security-Framework-MobSF/StaticAnalyzer/tools/d2j2/d2j_invoke.sh: java: not found [INFO] DEX -> SMALI

[2018-01-12 09:03:14] [ERROR] Converting DEX to SMALI (/home/appsec/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/converter.py, LINE 96 "subprocess.call(args)"): [Errno 2] No such file or directory [INFO] JAR -> JAVA

[2018-01-12 09:03:14] [ERROR] Converting JAR to JAVA (/home/appsec/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/converter.py, LINE 138 "subprocess.call(args)"): [Errno 2] No such file or directory [INFO] Static Android Code Analysis Started [INFO] Code Analysis Started on - /home/appsec/Mobile-Security-Framework-MobSF/uploads/c27ea0267d47e381f3481bfed3830c51/java_source/ [INFO] Performing Malware Check on extracted Domains [INFO] Finished Code Analysis, Email and URL Extraction

[INFO] Generating Java and Smali Downloads [INFO] Generating Downloads [INFO] Zipping [INFO] Zipping [INFO] Extracting Strings from APK

[2018-01-12 09:03:14] [ERROR] Extracting Strings from APK (/home/appsec/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/strings.py, LINE 23 "subprocess.call(args)"): [Errno 2] No such file or directory

[INFO] Connecting to Database

[INFO] Saving to Database

[2018-01-12 09:03:14] [ERROR] Saving to DB (/home/appsec/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/db_interaction.py, LINE 218 "CERT_INFO=cert_dic['cert_info'],"): 'NoneType' object has no attribute 'getitem'

[2018-01-12 09:03:14] [ERROR] Rendering to Template (/home/appsec/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/db_interaction.py, LINE 105 "'certinfo': cert_dic['cert_info'],"): 'NoneType' object has no attribute 'getitem' [ERROR] 'NoneType' object does not support item assignment [12/Jan/2018 09:03:14] "GET /StaticAnalyzer/?name=iHomeSales.apk&type=apk&checksum=c27ea0267d47e381f3481bfed3830c51 HTTP/1.1" 500 4747 [12/Jan/2018 09:03:14] "GET /static/bootstrap/css/bootstrap.min.css HTTP/1.1" 304 0 [12/Jan/2018 09:03:14] "GET /static/css/font-awesome.min.css HTTP/1.1" 304 0 [12/Jan/2018 09:03:14] "GET /static/css/ionicons.min.css HTTP/1.1" 304 0 [12/Jan/2018 09:03:14] "GET /static/dash/css/AdminLTE.min.css HTTP/1.1" 304 0 [12/Jan/2018 09:03:14] "GET /static/dash/css/skins/_all-skins.min.css HTTP/1.1" 304 0 [12/Jan/2018 09:03:14] "GET /static/css/style.css HTTP/1.1" 304 0 [12/Jan/2018 09:03:14] "GET /static/plugins/jQuery/jQuery-2.1.4.min.js HTTP/1.1" 304 0 [12/Jan/2018 09:03:14] "GET /static/bootstrap/js/bootstrap.min.js HTTP/1.1" 304 0 [12/Jan/2018 09:03:14] "GET /static/plugins/fastclick/fastclick.min.js HTTP/1.1" 304 0 [12/Jan/2018 09:03:14] "GET /static/dash/js/app.min.js HTTP/1.1" 304 0 [12/Jan/2018 09:03:14] "GET /static/js/docs.js HTTP/1.1" 304 0 [12/Jan/2018 09:03:14] "GET /static/plugins/slimScroll/jquery.slimscroll.min.js HTTP/1.1" 304 0

ajinabraham commented 6 years ago

Do you have Oracle JDK 1.7 available in default path? The error says " java: not found" ! Alternatively, you can set java path in settings.py

near line 311:


    # COMMON
    JAVA_DIRECTORY = ""
    VBOXMANAGE_BINARY = ""

    '''
    Examples:
    JAVA_DIRECTORY = "/usr/bin/"
    '''
SunnySangwan commented 6 years ago

Hi Ajin,

This is what is shown:

COMMON

JAVA_DIRECTORY = ""
VBOXMANAGE_BINARY = ""

'''
Examples:
JAVA_DIRECTORY = "C:/Program Files/Java/jdk1.7.0_17/bin/"
JAVA_DIRECTORY = "/usr/bin/"
DEX2JAR_BINARY = "/Users/ajin/dex2jar/d2j-dex2jar.sh"
ENJARIFY_DIRECTORY = "D:/enjarify/"
VBOXMANAGE_BINARY = "/usr/bin/VBoxManage"
CFR_DECOMPILER_BINARY = "/home/ajin/tools/cfr.jar"
'''
ajinabraham commented 6 years ago

I know that. You have to install Oracle JDK and make it the default one. Other wise, set the path to Oracle JDK bin dir to JAVA_DIRECTORY in settings.py

sanjayrk commented 5 years ago

Hi Ajin - Please help me to resolve the below issue:

I am getting the following error for IPA file analysis, but not for for apk file (apk analysis is working fine): Don't Play Around. An Error just popped in! Inappropriate argument type. 'NoneType' object is not iterable

Below is the error log: **[INFO] Performing Static Analysis of iOS IPA [27/Dec/2018 15:58:24] "POST /upload/ HTTP/1.1" 200 213 [INFO] iOS Static Analysis Started [INFO] iOS Binary (IPA) Analysis Started [INFO] Generating Hashes [INFO] Extracting IPA [INFO] Unzipping [INFO] Get Files, BIN Plist -> XML, and Normalize

[2018-12-27 15:58:26] [ERROR] iOS List Files (/root/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/ios/static_analyzer.py, LINE 100 "convert_bin_xml(file_path)"): Invalid file [ERROR] 'NoneType' object is not iterable Internal Server Error: /StaticAnalyzer_iOS/ [27/Dec/2018 15:58:26] "GET /StaticAnalyzer_iOS/?name=build.ipa&type=ipa&checksum=4d4df92a0b939f4065ee6296f444293d HTTP/1.1" 500 4843**

ajinabraham commented 5 years ago

I need the IPA to further investigate. Please join our slack channel and send the IPA in DM.

sanjayrk commented 5 years ago

I found the solution in the other thread - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/770.

Thank you Ajin 👍