songhongji / androguard

Automatically exported from code.google.com/p/androguard
Apache License 2.0
1 stars 0 forks source link

DalvikVMFormat save() is broken #112

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
./androlyze.py -s
apk, d, dx = AnalyzeAPK("myapp.apk")
d.save()

> Attribute Eror: AnnotationSetRefList instance has no attribute 'get_length'

Please provide any additional information below.
synched to changeset 450:78082443153c (improve androdd) but reproduced it on 
v1.9 too)

Original issue reported on code.google.com by timothe....@gmail.com on 20 Feb 2013 at 4:49

GoogleCodeExporter commented 8 years ago

Original comment by anthony....@gmail.com on 20 Feb 2013 at 9:09

GoogleCodeExporter commented 8 years ago
Could you provide the file for testing ?

Original comment by anthony....@gmail.com on 20 Feb 2013 at 9:14

GoogleCodeExporter commented 8 years ago
Thanks for looking into this, veyr much appreciated.
I'm doing blackbox pentest on a not yet released app for a client, I can't 
really send you a sample unfortunately :(
That was on a non proguarded version though, while trying out the 
obfuscated+optimized version I got another kind of error:

In [5]: d.save()
---------------------------------------------------------------------------
error                                     Traceback (most recent call last)
androlyze.py in <module>()
----> 1 d.save()

dvm.pyc in save(self)
   7326           h_r[ idx ] = i
   7327 
-> 7328           length = i.get_length()
   7329 
   7330           s[ idx ] = length

dvm.pyc in get_length(self)
   6606       length = 0
   6607       for i in self.code :
-> 6608         length += i.get_size()
   6609       return length
   6610 

dvm.pyc in get_size(self)
   6546                      pack("=I", self.debug_info_off) + \
   6547                      pack("=I", self.insns_size) )
-> 6548       length += self.code.get_length()
   6549 
   6550       if (self.insns_size % 2 == 1) :

dvm.pyc in get_length(self)
   6282           :rtype: int
   6283       """ 
-> 6284       return len(self.get_raw())
   6285 
   6286 class TryItem :

dvm.pyc in get_raw(self)
   6274             :rtype: string
   6275         """ 
-> 6276         return ''.join(i.get_raw() for i in self.get_instructions())
   6277 
   6278     def get_length(self) :

dvm.pyc in <genexpr>((i,))
   6274             :rtype: string
   6275         """ 
-> 6276         return ''.join(i.get_raw() for i in self.get_instructions())
   6277 
   6278     def get_length(self) :

dvm.pyc in get_raw(self)
   4405 
   4406     def get_raw(self):
-> 4407       return pack("=H", (self.B << 12) | (self.A << 8) | self.OP)
   4408 
   4409 

error: ushort format requires 0 <= number <= USHRT_MAX

Both versions, proguarded and not are of reasonable size, weighting around 5MB.

Original comment by timothe....@gmail.com on 21 Feb 2013 at 1:15

GoogleCodeExporter commented 8 years ago
Hi, has this issue be fixed yet?

I was trying to modify the dex file and then save it. However, I am getting 
errors when I save it.

I did the same thing:
./androlyze.py -s
apk, d, dx = AnalyzeAPK("myapp.apk")
d.save()

for different malware samples and some apps I downloaded from google play. They 
all introduce errors.

I also tried the python script in the demo directory named dalvikvm_format_2.py.

It can run using the provided input. However, if I change the input dex file to 
other ones, there are errors for the save().

So if anyone have a clue on fix this, could you please share?

Original comment by shingo...@gmail.com on 13 Aug 2014 at 1:58