search

konstantia86 / androguard

Automatically exported from code.google.com/p/androguard
Apache License 2.0
0 stars 0 forks source link

Signature does not work (coredump / zero division) #44

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Created a signature that will look for AirPush Services:
[ { "SAMPLE" : "myairpushapp" }, { "BASE" : "AndroidOS", "NAME" : "AirPush", 
        "SIGNATURE" : 
        [   
            { "TYPE" : "CLASSSIM", "CN" : "Lcom/airpush/android/PushAds;" },  
            { "TYPE" : "CLASSSIM", "CN" : "Lcom/airpush/android/UserDetailsReceiver;" },                                                                                                      
            { "TYPE" : "CLASSSIM", "CN" : "Lcom/airpush/android/MessageReceiver;" } , 
            { "TYPE" : "CLASSSIM", "CN" : "Lcom/airpush/android/DeliveryReceiver;" }
        ],  
        "BF" : "a || b || c || d"  
    }   
]

2. run androcsign:
./androcsign.py -i ../androsign/airpush.sign -o signatures/testdb
3. run androsign on the same sample to verify:
./androsign.py -i myairpushapp -b signatures/testdb -c signatures/dbconfig -v

What is the expected output? What do you see instead?
Got the following output:

[...]
ADD ELEMENT 71
ADD ELEMENT 1542
ADD ELEMENT 126
ADD ELEMENT 297
ADD ELEMENT 4
ADD ELEMENT 4
ADD ELEMENT 145
 CMClustering init rows
 [SIGN:0 CLUSTERS:0 CMP_CLUSTERS:0 ELEMENTS:984 CMP_ELEMENTS:0 ERROR float division by zero

What version of the product are you using? On what operating system?
latest hg.

The Sample is also attached (pw infected)

Please provide any additional information below.

Original issue reported on code.google.com by 5hp...@gmail.com on 21 May 2012 at 9:37

Attachments:

GoogleCodeExporter commented 8 years ago

Original comment by anthony....@gmail.com on 21 May 2012 at 9:57

GoogleCodeExporter commented 8 years ago 
ok, fix in all repositories :
  hg pull
  hg update
  make clean && make

desnos@t0t0:~/androguard$ ./androsign.py -i apks/test/myairpushapp -b 
apks/test/testdb -c signatures/dbconfig 
apks/test/testdb signatures/dbconfig False
myairpushapp : ----> AirPush

Original comment by anthony....@gmail.com on 21 May 2012 at 1:34

GoogleCodeExporter commented 8 years ago 
thanks for fixing! Its working

Original comment by 5hp...@gmail.com on 21 May 2012 at 1:53

GoogleCodeExporter commented 8 years ago 
ok cool

Original comment by anthony....@gmail.com on 21 May 2012 at 1:54