search

linkedin / qark

Tool to look for several security related Android application vulnerabilities
Other
3.19k stars 643 forks source link

Failed to create exploit-apk. #319

Open rdek opened 5 years ago

rdek commented 5 years ago

Hey, wanna test some app with PoC one from qark:

C:\Users\ComputerUzer\AppData\Local\Programs\Python\Python36\Scripts>qark.exe --java C:\Users\user\VMShared\playground\Android_Mobile_APP\com.androidApp.stragan\ --exploit-apk
Decompiling...
Running scans...
Finish scans...
Writing report...
Finish writing report to c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\qark\report\report.html ...
Building exploit APK...
Traceback (most recent call last):
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "C:\Users\ComputerUzer\AppData\Local\Programs\Python\Python36\Scripts\qark.exe\__main__.py", line 9, in <module>
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 717, in main
    rv = self.invoke(ctx)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\decorators.py", line 17, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\qark\qark.py", line 100, in cli
    exploit_builder = APKBuilder(exploit_apk_path=build_path, issues=scanner.issues, apk_name=decompiler.apk_name,
AttributeError: 'Decompiler' object has no attribute 'apk_name'

This _AttributeError: 'Decompiler' object has no attribute 'apkname' - what I can do with that?

rdek commented 5 years ago

Another one with little different flags:

C:\Users\ComputerUzer\AppData\Local\Programs\Python\Python36\Scripts>qark.exe --build-path C:\Users\user\VMShared\playground\Android_androidApp_Mobile_APP\QARK\build-path\ --apk C:\Users\user\VMShared\playground\Android_androidApp_Mobile_APP\QARK\apk\androidApp_COM_v2.3.apk --java C:\Users\user\VMShared\playground\Android_androidApp_Mobile_APP\QARK\java\ --report-type html --exploit-apk
Decompiling...
Running scans...
Traceback (most recent call last):
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "C:\Users\ComputerUzer\AppData\Local\Programs\Python\Python36\Scripts\qark.exe\__main__.py", line 9, in <module>
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 717, in main
    rv = self.invoke(ctx)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\decorators.py", line 17, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\qark\qark.py", line 90, in cli
    scanner.run()
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\qark\scanner\scanner.py", line 64, in run
    self._run_checks(plugins)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\qark\scanner\scanner.py", line 78, in _run_checks
    current_file_subject.notify(filepath)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\qark\scanner\scanner.py", line 125, in notify
    observer.update(file_path, call_run=True)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\qark\scanner\plugin.py", line 239, in update
    super(CoroutinePlugin, self).update(file_path)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\qark\scanner\plugin.py", line 185, in update
    JavaASTPlugin.java_ast = javalang.parse.parse(self.file_contents)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\javalang\parse.py", line 52, in parse
    parser = Parser(tokens)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\javalang\parser.py", line 95, in __init__
    self.tokens = util.LookAheadListIterator(tokens)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\javalang\util.py", line 92, in __init__
    self.list = list(iterable)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\javalang\tokenizer.py", line 531, in tokenize
    self.read_string()
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\javalang\tokenizer.py", line 201, in read_string
    self.error('Unterminated character/string literal')
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\javalang\tokenizer.py", line 572, in error
    raise error
javalang.tokenizer.LexerError: Unterminated character/string literal at "'", line 150: public final /* varargs */ c<Params, Progress, Result> a(org.benf.cfr.reader.util.ConfusedCFRException: VARARGS method doesn't have an array as last arg!!

without --exploit-apk flag - qark generate raport and everything seems to be legit...

nwalsh-lnk commented 5 years ago

2nd error duplicate of #317

rdek commented 5 years ago 
/> java -version
java version "1.8.0_181"
Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)

which version of java is supported?

AndyCyberSec commented 4 years ago

Hey, wanna test some app with PoC one from qark:

C:\Users\ComputerUzer\AppData\Local\Programs\Python\Python36\Scripts>qark.exe --java C:\Users\user\VMShared\playground\Android_Mobile_APP\com.androidApp.stragan\ --exploit-apk
Decompiling...
Running scans...
Finish scans...
Writing report...
Finish writing report to c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\qark\report\report.html ...
Building exploit APK...
Traceback (most recent call last):
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "C:\Users\ComputerUzer\AppData\Local\Programs\Python\Python36\Scripts\qark.exe\__main__.py", line 9, in <module>
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 717, in main
    rv = self.invoke(ctx)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\click\decorators.py", line 17, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "c:\users\ComputerUzer\appdata\local\programs\python\python36\lib\site-packages\qark\qark.py", line 100, in cli
    exploit_builder = APKBuilder(exploit_apk_path=build_path, issues=scanner.issues, apk_name=decompiler.apk_name,
AttributeError: 'Decompiler' object has no attribute 'apk_name'

This _AttributeError: 'Decompiler' object has no attribute 'apkname' - what I can do with that?

try using --apk instead of --java Looking at the source code Decompiler object will be initialized using the apk you pass to qark. If you use --java option, Decompiler object will not have apk_name attribute, because there's no apk.

redcatsec commented 3 years ago

I had the same problem and tried to use "--apk" instead of --java when I use APK file. the CLI tool stay stuck on the decompiling process I don't know why