jrgifford / androguard

Automatically exported from code.google.com/p/androguard
Apache License 2.0
3 stars 2 forks source link

DAD error when tryiong to decompile SMForw malware class #162

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Problem description:
====================
I tried to decompile the source code of a Malware called Trojan.AndroidOS.SMForw
MD5 of DEX is 2e2790287cdbca1b681d825c4a96dfe8 
The following class yielded an error (see error report below):

Lcom/android/systemsetting/a/c;

I'm expecting to see the decompiled source code, instead I get an error that 
points to DAD:

In [4]: d.CLASS_Lcom_android_systemsetting_a_c.source()
---------------------------------------------------------------------------
AttributeError                            Traceback (most recent call last)
/home/elias/androguard/androlyze.py in <module>()
----> 1 d.CLASS_Lcom_android_systemsetting_a_c.source()

/home/elias/androguard/androguard/core/bytecodes/dvm.pyc in source(self)
   3385             :rtype: string
   3386         """
-> 3387         self.__CM.decompiler_ob.display_all(self)
   3388 
   3389     def get_source(self):

/home/elias/androguard/androguard/decompiler/decompiler.pyc in 
display_all(self, _class)
    494 
    495     def display_all(self, _class):
--> 496         result = self.get_source_class(_class)
    497 
    498         if PYGMENTS:

/home/elias/androguard/androguard/decompiler/decompiler.pyc in 
get_source_class(self, _class)
    487     def get_source_class(self, _class):
    488         c = decompile.DvClass(_class, self.vmx)
--> 489         c.process()
    490 
    491         result = c.get_source()

/home/elias/androguard/androguard/decompiler/dad/decompile.pyc in process(self)
    195             klass.process()
    196         for meth in self.methods:
--> 197             self.process_method(meth)
    198 
    199     def get_source(self):

/home/elias/androguard/androguard/decompiler/dad/decompile.pyc in 
process_method(self, num)
    184                 method.set_instructions([i for i in method.get_instructions()])
    185                 meth = methods[num] = DvMethod(self.vma.get_method(method))
--> 186                 meth.process()
    187                 method.set_instructions([])
    188             else:

/home/elias/androguard/androguard/decompiler/dad/decompile.pyc in process(self)
    114 
    115         idoms = graph.immediate_dominators()
--> 116         identify_structures(graph, idoms)
    117 
    118         if not __debug__:

/home/elias/androguard/androguard/decompiler/dad/control_flow.pyc in 
identify_structures(graph, idoms)
    356     node_map = {}
    357 
--> 358     short_circuit_struct(graph, idoms, node_map)
    359     update_dom(idoms, node_map)
    360 

/home/elias/androguard/androguard/decompiler/dad/control_flow.pyc in 
short_circuit_struct(graph, idom, node_map)
    286                 if node in (then, els):
    287                     continue
--> 288                 if then.type.is_cond and len(graph.preds(then)) == 1:
    289                     if then.false is els:  # node && t
    290                         change = True

AttributeError: 'NoneType' object has no attribute 'type'
What version of the product are you using? On what operating system?
Androguard ver.: 1.9, 
================================
Androlyze ver: 2.0,
(the latest as of 23.07.2014)
=================================
PRETTY_NAME="Kali GNU/Linux 1.0"
NAME="Kali GNU/Linux"
ID=kali
VERSION="1.0"
VERSION_ID="1.0"
ID_LIKE=debian
ANSI_COLOR="1;31"
HOME_URL="http://www.kali.org/"
SUPPORT_URL="http://forums.kali.org/"
BUG_REPORT_URL="http://bugs.kali.org/"

I attached the DEX sample to this ticket.
Password: "infected" (without the quotations)

Original issue reported on code.google.com by tibiel...@gmail.com on 23 Jul 2014 at 11:29

Attachments: