AndroidJava: OMTG_DATAST_001_SQLite_Encrypted crashing in Nexus5X 7.1.1 and genymotion 9.0

[aoprea1982]

OMTG_DATAST_001_SQLite_Encrypted crashing in Nexus5X 7.1.1 and genymotion 9.0

logcat

AndroidRuntime: Shutting down VM ACRA caught a UnsatisfiedLinkError for sg.vp.owasp_mobile.omtg_android : java.lang.UnsatisfiedLinkError: dalvik.system.PathClassLoader[DexPathList[[zip file "/data/app/sg.vp.owasp_mobile.omtg_android-gzd4nYb_MOhksMCvv3KBDQ==/base.apk"],nativeLibraryDirectories=[/data/app/sg.vp.owasp_mobile.omtg_android-gzd4nYb_MOhksMCvv3KBDQ==/lib/x86, /system/lib, /system/vendor/lib]]] couldn't find "libnative.so"

The issue is similar for both physical device and emulator.

There is no libnative.so in the repository. Physical device: use releases .apk , emulator: build it

Please let me know if more information is needed?

Thanks, Tsubasa

[aoprea1982]

Additional information

I build the CPU specific apk from the source in the newest Android Studio. It resolved the issue that i had with OMTG_DATAST_001_SharedPreferences which showed MODE_WORLD_READABLE no longer supported when using https://github.com/OWASP/MSTG-Hacking-Playground/releases/download/1.0/MSTG-Android-Java.apk but this issue remains could not find "libnative.so"

splits { abi { enable true reset() include 'x86', 'x86_64', 'armeabi', 'armeabi-v7a', 'mips', 'mips64', 'arm64-v8a' universalApk true } }

I used arm64-v8a.apk.

[aoprea1982]

"libnative.so" is included in the debug .apk https://github.com/OWASP/MSTG-Hacking-Playground/tree/master/Android/MSTG-Android-Java-App/app but not in the release apk https://github.com/OWASP/MSTG-Hacking-Playground/releases

Is there a reason for this choice? OMTG_DATAST_001_SQLite_Encrypte needs the "libnative.so" library to work.

Thanks!

[sushi2k]

Hi @aoprea1982. Thanks for pointing out. Not sure why this was missed back then. The native library should of course also be part of the release build. In the meanwhile you can use the debug version, once I have some time I will replace the release version with the libnative.so.

[aoprea1982]

Hi @sushi2k

Thank you for the reply.

Using the debug apk also not working with OMTG_DATAST_001_SQLite_Encrypted in the end it asks for "libutils.so"

Also the debug version (app-arm-debug.apk) has the answer inside before running the Activity.

Thanks!

[aoprea1982]

Hi @sushi2k

Thank you for the reply.

Using the debug apk also not working with OMTG_DATAST_001_SQLite_Encrypted in the end it asks for "libutils.so"

Also the debug version (app-arm-debug.apk) has the answer inside before running the Activity.

Thanks!

[sushi2k]

I was just building the project and updating also to androidx libraries, but I am also getting the libnative.so missing error. For some reason the library is not created anymore. Need to dig a bit deeper.

[sushi2k]

Thanks again for raising @aoprea1982. I just fixed it https://github.com/OWASP/MSTG-Hacking-Playground/pull/28.

You can download the APK here https://github.com/OWASP/MSTG-Hacking-Playground/releases/tag/1.1. Let me know if there are still issues. I tested it on two devices (Google Pixel 3 and Xiaomi) and was working.