What steps will reproduce the problem?
I tried to decompile a Malware called BadNews, which has strange strings inside
its classes.dex
In [2]: d,dx =
AnalyzeDex("/mnt/AndroidOS_Malware_Samples/AndroguardBreakage/BadNews.dex",
decompiler="dad")
---------------------------------------------------------------------------
TypeError Traceback (most recent call last)
/home/elias/androguard/androlyze.py in <module>()
----> 1 d,dx =
AnalyzeDex("/mnt/AndroidOS_Malware_Samples/AndroguardBreakage/BadNews.dex",
decompiler="dad")
/home/elias/androguard/androlyze.py in AnalyzeDex(filename, raw, decompiler)
138 d = None
139 if raw == False:
--> 140 d = DalvikVMFormat(open(filename, "rb").read())
141 else:
142 d = DalvikVMFormat(filename)
/home/elias/androguard/androguard/core/bytecodes/dvm.pyc in __init__(self,
buff, decompiler, config)
7247
7248 self._preload(buff)
-> 7249 self._load(buff)
7250
7251 def _preload(self, buff):
/home/elias/androguard/androguard/core/bytecodes/dvm.pyc in _load(self, buff)
7258 bytecode.Warning("no map list ...")
7259 else:
-> 7260 self.map_list = MapList( self.CM, self.__header.map_off,
self )
7261
7262 self.classes = self.map_list.get_item_type( "TYPE_CLASS_DEF_ITEM" )
/home/elias/androguard/androguard/core/bytecodes/dvm.pyc in __init__(self, cm,
off, buff)
7140 idx = buff.get_idx()
7141
-> 7142 mi = MapItem( buff, self.CM )
7143 self.map_item.append( mi )
7144
/home/elias/androguard/androguard/core/bytecodes/dvm.pyc in __init__(self,
buff, cm)
6658 self.next_lazy(buff, cm)
6659 else :
-> 6660 self.next(buff, cm)
6661
6662 def get_off(self) :
/home/elias/androguard/androguard/core/bytecodes/dvm.pyc in next(self, buff, cm)
6715
6716 elif TYPE_MAP_ITEM[ self.type ] == "TYPE_STRING_DATA_ITEM" :
-> 6717 self.item = [ StringDataItem( buff, cm ) for i in xrange(0,
self.size) ]
6718
6719 elif TYPE_MAP_ITEM[ self.type ] == "TYPE_DEBUG_INFO_ITEM" :
/home/elias/androguard/androguard/core/bytecodes/dvm.pyc in __init__(self,
buff, cm)
1751 self.offset = buff.get_idx()
1752
-> 1753 self.utf16_size = readuleb128( buff )
1754 self.data = buff.read( self.utf16_size + 1 )
1755
/home/elias/androguard/androguard/core/bytecodes/dvm.pyc in readuleb128(buff)
175
176 def readuleb128(buff) :
--> 177 result = ord( buff.read(1) )
178 if result > 0x7f :
179 cur = ord( buff.read(1) )
TypeError: ord() expected a character, but string of length 0 found
What is the expected output? What do you see instead?
I'm expecting to be able to analyze the Malware, but instead I get the error
shown above.
What version of the product are you using? On what operating system?
Androguard ver.: 1.9,
================================
Androlyze ver: 2.0,
(the latest as of 23.07.2014)
=================================
PRETTY_NAME="Kali GNU/Linux 1.0"
NAME="Kali GNU/Linux"
ID=kali
VERSION="1.0"
VERSION_ID="1.0"
ID_LIKE=debian
ANSI_COLOR="1;31"
HOME_URL="http://www.kali.org/"
SUPPORT_URL="http://forums.kali.org/"
BUG_REPORT_URL="http://bugs.kali.org/"
I attached the classes.dex of the sample to this ticket.
Password: "infected" (without the quotations)
Original issue reported on code.google.com by tibiel...@gmail.com on 10 Dec 2014 at 1:35
Original issue reported on code.google.com by
tibiel...@gmail.comon 10 Dec 2014 at 1:35Attachments: