search

sslab-gatech / avpass

Tool for leaking and bypassing Android malware detection system
GNU General Public License v2.0
286 stars 90 forks source link

errors when using avpass #6

Closed Qian-Han closed 6 years ago

Qian-Han commented 6 years ago

When I use AVPASS with a command like the following:

python gen_disguise.py -i empty.apk individual

It will output some Android errors like the following:

: error: No resource identifier found for attribute 'roundIcon' in package 'android' W: Exception in thread "main" brut.androlib.AndrolibException: brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/var/folders/ds/4c705gj543dbtxtxsl5hb5br0000gn/T/brut_util_Jar_1187342378421299518.tmp, p, --forced-package-id, 127, --min-sdk-version, 9, --target-sdk-version, 25, --version-code, 1, --version-name, 1.0, --no-version-vectors, -F, /var/folders/ds/4c705gj543dbtxtxsl5hb5br0000gn/T/APKTOOL7694642950317619290.tmp, -0, arsc, -0, arsc, -I, /Users/hang12/Library/apktool/framework/1.apk, -S, /Users/hang12/Desktop/Research/Project_codes/avpass/src/temp_obfus/res, -M, /Users/hang12/Desktop/Research/Project_codes/avpass/src/temp_obfus/AndroidManifest.xml]

Could you help me figure it out?

Thank you so much!

jinhojun commented 6 years ago

Qian, could you send me the sample file ('empty.apk')?

to : jinho.jung@gatech.edu

-Jinho

Qian-Han commented 6 years ago

Hi Jinho,

I have attached the empty.apk and this apk is included in your github repo originally.

Thank you!

Best,

Qian

From: Jinho Jung notifications@github.com Sent: Monday, February 19, 2018 12:53:55 PM To: sslab-gatech/avpass Cc: Qian Han; Author Subject: Re: [sslab-gatech/avpass] errors when using avpass (#6)

Qian, could you send me the sample file ('empty.apk')?

to : jinho.jung@gatech.edumailto:jinho.jung@gatech.edu

-Jinho

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsslab-gatech%2Favpass%2Fissues%2F6%23issuecomment-366764641&data=02%7C01%7Cqian.han.gr%40dartmouth.edu%7Cccc9544de9c2433251a308d577c1bf8c%7C995b093648d640e5a31ebf689ec9446f%7C0%7C0%7C636546596386274482&sdata=wSBrOYeB5JtO42V6tE8sXbQPJ76tcEqnnGiJqJjttmM%3D&reserved=0, or mute the threadhttps://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAXxUXJ0aN9Iz92EvWELkd-IaS5qPMt6Bks5tWbUzgaJpZM4SK5BH&data=02%7C01%7Cqian.han.gr%40dartmouth.edu%7Cccc9544de9c2433251a308d577c1bf8c%7C995b093648d640e5a31ebf689ec9446f%7C0%7C0%7C636546596386274482&sdata=KYKvf%2BYUdMLE58L4nBqCTYnjguouFq2j4x5GaqtJuHA%3D&reserved=0.

jinhojun commented 6 years ago

I see, the "empty.apk" is minimal of apk file which contains almost nothing. We put the APK file to work as template for the imitation mode (we inject specific feature from another APK into the empty.apk file). I recommend you to try disguise any normal APK file.

One issue we recently found is that Java-reflection module is not working correctly on the new APK file that has built from latest version of AndroidStudio and we are working on it, so you can try any previous version of malware such as DREBIN dataset.

-Jinho

Qian-Han commented 6 years ago

Gotcha, thanks for your explanation.