search

rednaga / APKiD

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
Other
2.04k stars 298 forks source link

Internal yara.Error 34 when scanning .dex #237

Closed nullsection closed 4 years ago

nullsection commented 4 years ago

First off sorry if this is the incorrect medium for this issue. I installed the requirements and tool as per the documentation.

I've tried scanning a dex file with the following hash ee238205f4032b4ae02b0e2d3ace72e71c8d88d516966788e3b4b27c1919a9a5

Result returns the exception: 

Exception scanning ee238205f4032b4ae02b0e2d3ace72e71c8d88d516966788e3b4b27c1919a9a5.dex: Traceback (most recent call last):
  File "/usr/local/lib/python3.7/dist-packages/apkid/apkid.py", line 123, in scan_file
    results: Dict[str, List[yara.Match]] = self.scan_file_obj(f, file_path)
  File "/usr/local/lib/python3.7/dist-packages/apkid/apkid.py", line 139, in scan_file_obj
    matches: List[yara.Matches] = self.rules.match(data=file.read(), timeout=self.options.timeout)
yara.Error: internal error: 34

I've tried the obvious of reinstalling packages. Still get the same issue.

CalebFenton commented 4 years ago

Hey MitchHS, this is the ideal medium for the issue.

That error is defined here: https://github.com/VirusTotal/yara/blob/ce470b7bd492c6be6eba5158b750832c62441832/libyara/include/yara/error.h#L79

This would suggest your environment is not setup properly. Could you include the output of pip freeze?

nullsection commented 4 years ago

Thanks Caleb.

Here is the full output for pip freeze

AdvancedHTTPServer==2.2.0
ajpy==0.0.4
alembic==1.4.2.dev0
aniso8601==8.0.0
apkid==2.1.0
asn1crypto==1.4.0
basemap==1.2.1
bcrypt==3.1.7
beautifulsoup4==4.9.3
binwalk==2.2.0
blinker==1.4
boltons==19.1.0
Brlapi==0.6.7
Brotli==1.0.7
certifi==2020.6.20
chardet==3.0.4
chrome-gnome-shell==0.0.0
click==7.1.2
colorama==0.4.3
configobj==5.0.6
cryptography==2.8
cupshelpers==1.0
cycler==0.10.0
dbus-python==1.2.12
debtags==2.1
decorator==4.4.2
dicttoxml==1.7.4
distro==1.5.0
distro-info==0.24
dnspython==1.16.0
ecdsa==0.15
email-validator==1.1.1
entrypoints==0.3
fierce==1.4.0
Flask==1.1.2
future==0.18.2
geoip2==2.9.0
geojson==2.5.0
graphene==2.1.7
graphene-sqlalchemy==2.1.2
graphql-core==2.2.1
graphql-relay==2.0.0
gyp==0.1
h11==0.9.0
h2==3.2.0
hashID==3.1.4
hpack==3.0.0
html5lib==1.0.1
httplib2==0.18.1
hyperframe==5.2.0
icalendar==4.0.3
idna==2.10
IPy==1.0
ipython-genutils==0.2.0
itsdangerous==1.1.0
Jinja2==2.11.2
jsonschema==2.6.0
jupyter-core==4.6.3
kaitaistruct==0.8
keyring==18.0.1
keyrings.alt==4.0.0
KismetCaptureFreaklabsZigbee==2018.7.0
KismetCaptureRtl433==2019.9.1
KismetCaptureRtladsb==2019.10.1
KismetCaptureRtlamr==2019.10.1
kiwisolver==1.0.1
ldap3==2.7
louis==3.10.0
lxml==4.3.3
Mako==1.0.7
Markdown==3.2.2
MarkupSafe==1.1.0
matplotlib==3.0.2
maxminddb==1.4.1
mitmproxy==4.0.4
msgpack==0.5.6
mysqlclient==1.3.10
nassl==3.0.0
nbformat==5.0.7
numpy==1.16.5
olefile==0.46
packaging==20.4
paramiko==2.6.0
passlib==1.7.2
patator==0.7
Pillow==6.2.1
plotly==4.9.0
pluginbase==1.0.0
ply==3.11
promise==2.2
protobuf==3.6.1
psutil==5.5.1
psycopg2==2.8.3
pyasn1==0.4.8
pycairo==1.16.2
pycrypto==2.6.1
pycryptodomex==3.6.1
pycups==1.9.73
pycurl==7.43.0.2
Pygments==2.3.1
PyGObject==3.34.0
pyinotify==0.9.6
PyNaCl==1.4.0
PyOpenGL==3.1.5
pyOpenSSL==19.1.0
pyotp==2.3.0
pyparsing==2.4.7
pyperclip==1.8.0
pyproj==1.9.6
pyqtgraph==0.10.0
pyserial==3.4
pyshp==2.1.2
PySimpleSOAP==1.16.2
pysmbc==1.0.15.6
pysmi==0.3.2
pysnmp==4.4.12
python-apt==1.8.4
python-dateutil==2.8.1
python-debian==0.1.38
python-debianbts==3.0.2
python-editor==1.0.3
python-pam==1.8.4
pytz==2020.1
pyxdg==0.26
PyYAML==5.1.2
reportbug==7.7.0
requests==2.23.0
requests-file==1.5.1
retrying==1.3.3
ruamel.yaml==0.15.34
rule-engine==1.1.0
Rx==1.6.1
scipy==1.2.2
SecretStorage==2.3.1
simplejson==3.16.0
sip==4.19.18
six==1.15.0
smoke-zephyr==2.0.0
sortedcontainers==2.1.0
soupsieve==2.0.1
SQLAlchemy==1.3.1
sslyze==2.1.4
termcolor==1.1.0
terminator==1.92
tls-parser==1.2.2
tornado==5.1.1
traitlets==5.0.4
tzlocal==2.1
unattended-upgrades==0.1
unicodecsv==0.14.1
urllib3==1.25.9
urwid==2.0.1
wafw00f==2.1.0
webencodings==0.5.1
websocket-client==0.57.0
Werkzeug==1.0.1
wfuzz==2.4.5
wifite==2.5.5
wsproto==0.15.0
XlsxWriter==1.1.2
yara-python==3.11.0
apkunpacker commented 4 years ago

exactly same error i getting in termux after installing apkid with pip install apkid

CalebFenton commented 4 years ago

I wasn't able to reproduce following the readme. Are you sure you have the dex module enabled when you install yara-python?

pip install --upgrade wheel
pip wheel --wheel-dir=/tmp/yara-python --build-option="build" --build-option="--enable-dex" git+https://github.com/VirusTotal/yara-python.git@v3.11.0
pip install --no-index --find-links=/tmp/yara-python yara-python

Make sure the output has no errors. If there are errors, feel free to post them here but it may be a problem with yara-python.

nullsection commented 4 years ago

Found the issue. Should've figured this out earlier. 

pip install --no-index --find-links=/tmp/yara-python yara-python
Looking in links: /tmp/yara-python
Requirement already satisfied: yara-python in /usr/lib/python3/dist-packages (3.10.0)

Fixed by deleting the dir at /usr/lib/python3/dist-packages/yara_python-X.XX.X.egg-info and retrying the command.

Thanks for the help.

CalebFenton commented 4 years ago

Thanks for reporting. Hopefully it helps someone else :D

apkunpacker commented 4 years ago

@MitchHS thanks for idea , it fixed that error . now i can enjoy running apkid in termux perfectly 👍

apkunpacker commented 3 years ago

Steps To Use APKID on Android Termux ( If anyone faced error )

pip install --upgrade wheel

pip wheel --wheel-dir=/data/data/com.termux/files/usr/yara-python --build-option="build" --build-option="--enable-dex" git+https://github.com/VirusTotal/yara-python.git@v3.11.0

pip install --no-index --find-links=/data/data/com.termux/files/usr/yara-python yara-python

pip install apkid