Open rdek opened 5 years ago
Another one with little different flags:
C:\Users\ComputerUzer\AppData\Local\Programs\Python\Python36\Scripts>qark.exe --build-path C:\Users\user\VMShared\playground\Android_androidApp_Mobile_APP\QARK\build-path\ --apk C:\Users\user\VMShared\playground\Android_androidApp_Mobile_APP\QARK\apk\androidApp_COM_v2.3.apk --java C:\Users\user\VMShared\playground\Android_androidApp_Mobile_APP\QARK\java\ --report-type html --exploit-apk
Decompiling...
Running scans...
Traceback (most recent call last):
File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\runpy.py", line 193, in _run_module_as_main
"__main__", mod_spec)
File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\runpy.py", line 85, in _run_code
exec(code, run_globals)
File "C:\Users\ComputerUzer\AppData\Local\Programs\Python\Python36\Scripts\qark.exe\__main__.py", line 9, in <module>
File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 764, in __call__
return self.main(*args, **kwargs)
File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 717, in main
rv = self.invoke(ctx)
File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 555, in invoke
return callback(*args, **kwargs)
File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\decorators.py", line 17, in new_func
return f(get_current_context(), *args, **kwargs)
File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\qark\qark.py", line 90, in cli
scanner.run()
File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\qark\scanner\scanner.py", line 64, in run
self._run_checks(plugins)
File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\qark\scanner\scanner.py", line 78, in _run_checks
current_file_subject.notify(filepath)
File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\qark\scanner\scanner.py", line 125, in notify
observer.update(file_path, call_run=True)
File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\qark\scanner\plugin.py", line 239, in update
super(CoroutinePlugin, self).update(file_path)
File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\qark\scanner\plugin.py", line 185, in update
JavaASTPlugin.java_ast = javalang.parse.parse(self.file_contents)
File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\javalang\parse.py", line 52, in parse
parser = Parser(tokens)
File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\javalang\parser.py", line 95, in __init__
self.tokens = util.LookAheadListIterator(tokens)
File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\javalang\util.py", line 92, in __init__
self.list = list(iterable)
File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\javalang\tokenizer.py", line 531, in tokenize
self.read_string()
File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\javalang\tokenizer.py", line 201, in read_string
self.error('Unterminated character/string literal')
File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\javalang\tokenizer.py", line 572, in error
raise error
javalang.tokenizer.LexerError: Unterminated character/string literal at "'", line 150: public final /* varargs */ c<Params, Progress, Result> a(org.benf.cfr.reader.util.ConfusedCFRException: VARARGS method doesn't have an array as last arg!!
without --exploit-apk flag - qark generate raport and everything seems to be legit...
2nd error duplicate of #317
/> java -version
java version "1.8.0_181"
Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)
which version of java is supported?
Hey, wanna test some app with PoC one from qark:
C:\Users\ComputerUzer\AppData\Local\Programs\Python\Python36\Scripts>qark.exe --java C:\Users\user\VMShared\playground\Android_Mobile_APP\com.androidApp.stragan\ --exploit-apk Decompiling... Running scans... Finish scans... Writing report... Finish writing report to c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\qark\report\report.html ... Building exploit APK... Traceback (most recent call last): File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\runpy.py", line 193, in _run_module_as_main "__main__", mod_spec) File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\runpy.py", line 85, in _run_code exec(code, run_globals) File "C:\Users\ComputerUzer\AppData\Local\Programs\Python\Python36\Scripts\qark.exe\__main__.py", line 9, in <module> File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 764, in __call__ return self.main(*args, **kwargs) File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 717, in main rv = self.invoke(ctx) File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 956, in invoke return ctx.invoke(self.callback, **ctx.params) File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 555, in invoke return callback(*args, **kwargs) File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\decorators.py", line 17, in new_func return f(get_current_context(), *args, **kwargs) File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\qark\qark.py", line 100, in cli exploit_builder = APKBuilder(exploit_apk_path=build_path, issues=scanner.issues, apk_name=decompiler.apk_name, AttributeError: 'Decompiler' object has no attribute 'apk_name'
This _AttributeError: 'Decompiler' object has no attribute 'apkname' - what I can do with that?
try using --apk instead of --java Looking at the source code Decompiler object will be initialized using the apk you pass to qark. If you use --java option, Decompiler object will not have apk_name attribute, because there's no apk.
I had the same problem and tried to use "--apk" instead of --java when I use APK file. the CLI tool stay stuck on the decompiling process I don't know why
Hey, wanna test some app with PoC one from qark:
This _AttributeError: 'Decompiler' object has no attribute 'apkname' - what I can do with that?