ccgreen13 / androguard

Automatically exported from code.google.com/p/androguard
Apache License 2.0
0 stars 0 forks source link

androsign.py: "Undefined token" #108

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Try to scan an android malware that has a malware signature that is most 
likely in the malware database (./androsign.py -i 
_com.aijiaoyou.android.sipphone_1005_1.0.5.apk -b signatures/dbandroguard -c 
signatures/dbconfig)

What is the expected output? What do you see instead?
The expected output would be that a malware is found. Instead, I get the 
following output:
signatures/dbandroguard signatures/dbconfig False
RageagainstTheCage ERROR
Exploid ERROR
_com.aijiaoyou.android.sipphone_1005_1.0.5.apk :Undefined token "&& b && c " 
found at position 2.
Undefined token "&& b && c " found at position 2.
 ----> None

What version of the product are you using? On what operating system?
1.9 on Ubuntu

Please provide any additional information below.
I tried the latest dbandroguard and dbconfig from 
http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares#How_to_use_it 
and it still does not work. I tried this with several malware samples and all 
of them caused similar issues (I am not sure if it is a good idea to just 
attach them here, just tell me if you need them). I already searched through 
the issues and found http://code.google.com/p/androguard/issues/detail?id=56 
but I have no idea whether they are related. Would be great to get some help 
here.

Original issue reported on code.google.com by themagic...@googlemail.com on 6 Feb 2013 at 2:32

GoogleCodeExporter commented 9 years ago
Confirm. For example, rageagainstthecage in the z4root app (attached) is not 
detected.

Original comment by julian.s...@gmx.net on 14 Feb 2013 at 1:17

Attachments:

GoogleCodeExporter commented 9 years ago

Original comment by anthony....@gmail.com on 17 Feb 2013 at 4:58

GoogleCodeExporter commented 9 years ago
I have the same problem with other samples and "Undefined token "&& b " found 
at position 2."

*But I think I have found the solution:*

in Ubuntu 12.04 LTS you have libmuparser0debian1 in Version 1.34-2. In Rev 
2.0.0: 04.09.2011 (see http://muparser.beltoforion.de/) the changelog says: 
Removed features: >>intrinsic "and", "or" and "xor" operators have been 
removed<< 
New features: >>new intrinsic binary operators: "&&", "||" (logical and, or)<<

I think Anthony uses a current version of muparser.
If you known open the dbandroguard file with a editor and replaces "&&" with 
"and" and replaces "||" with "or". Everything works without error.

I have attached the modified dbandroguard file for the old muparser syntax. I 
hope this solve your problem.

Original comment by Hanno.Le...@gdata.de on 27 Feb 2014 at 3:11

Attachments:

GoogleCodeExporter commented 9 years ago
Yeah thx for the reply Hanno :)

Original comment by ades...@google.com on 27 Feb 2014 at 4:03