Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

APKS incomplete analysis, misses info about native libs #2478

Open
tosiara opened this issue Dec 22, 2024 · 3 comments
Open

APKS incomplete analysis, misses info about native libs #2478

tosiara opened this issue Dec 22, 2024 · 3 comments

Comments

@tosiara
Copy link

tosiara commented Dec 22, 2024

ENVIRONMENT

OS and Version: official docker image, opensecurity/mobile-security-framework-mobsf:latest
MobSF Version: v4.0.3

EXPLANATION OF THE ISSUE

Performed analysis of an .apks file, the report was missing info about native libs and strings were not extracted from them. App contents:

sample.apks:

base.apk
split_config.arm64_v8a.apk
split_config.en.apk
split_config.xxhdpi.apk

split_config.arm64_v8a.apk:

lib/arm64-v8a/libapp.so
lib/arm64-v8a/libflutter.so

STEPS TO REPRODUCE THE ISSUE

1. Analyzed sample.apks file
2. Opened static analysis report
3. Flutter native lib is not mentioned anywhere, strings not extracted from it

LOG FILE

[INFO] 21/Dec/2024 20:13:37 - Extracting Manifest Data
[INFO] 21/Dec/2024 20:13:37 - Performing Static Analysis on: XXX (xxx)
[INFO] 21/Dec/2024 20:13:37 - Fetching Details from Play Store: xxx
[INFO] 21/Dec/2024 20:13:38 - Manifest Analysis Started
[INFO] 21/Dec/2024 20:13:38 - App Link Assetlinks Check - [xxx.MainActivity] https://xxxx
[INFO] 21/Dec/2024 20:13:39 - Checking for Malware Permissions
[INFO] 21/Dec/2024 20:13:39 - Fetching icon path
[INFO] 21/Dec/2024 20:13:39 - Library Binary Analysis Started
[INFO] 21/Dec/2024 20:13:39 - Reading Code Signing Certificate
[INFO] 21/Dec/2024 20:13:39 - Getting Signature Versions
[INFO] 21/Dec/2024 20:13:39 - Running APKiD 2.1.5
[INFO] 21/Dec/2024 20:13:42 - Trackers Database is up-to-date
[INFO] 21/Dec/2024 20:13:42 - Detecting Trackers
[INFO] 21/Dec/2024 20:13:44 - APK -> JAVA
[INFO] 21/Dec/2024 20:13:44 - Decompiling to Java with jadx
[INFO] 21/Dec/2024 20:14:01 - DEX -> SMALI
[INFO] 21/Dec/2024 20:14:01 - Converting classes.dex to Smali Code
[INFO] 21/Dec/2024 20:14:01 - Converting classes2.dex to Smali Code
[INFO] 21/Dec/2024 20:14:01 - Converting classes3.dex to Smali Code
[INFO] 21/Dec/2024 20:14:01 - Code Analysis Started on - java_source
[INFO] 21/Dec/2024 20:14:44 - Android SAST Completed
[INFO] 21/Dec/2024 20:14:44 - Android API Analysis Started
[INFO] 21/Dec/2024 20:15:29 - Android Permission Mapping Started
[INFO] 21/Dec/2024 20:15:45 - Android Permission Mapping Completed
[INFO] 21/Dec/2024 20:15:48 - Finished Code Analysis, Email and URL Extraction
[INFO] 21/Dec/2024 20:15:48 - Extracting Data from APK
[INFO] 21/Dec/2024 20:15:48 - Extracting Data from Source Code
[INFO] 21/Dec/2024 20:15:51 - Detecting Firebase URL(s)
[INFO] 21/Dec/2024 20:15:51 - Performing Malware Check on extracted Domains
[INFO] 21/Dec/2024 20:15:52 - Maltrail Database is up-to-date
[INFO] 21/Dec/2024 20:15:55 - Saving to Database

Expected results

Expected to see strings extracted from native library

I cannot share this private apks file, but I will try to build a sample flutter app and see if I can reproduce
@github-actions GitHub Actions
Copy link

👋 @tosiara
Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel
Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

@tosiara
Copy link
Author

tosiara commented Dec 22, 2024

Thanks, bot, I believe this is a bug tho

@tosiara
Copy link
Author

tosiara commented Dec 22, 2024
edited
Loading

Here is a flutter sample app that you can use to reproduce: sample.apks.zip

Screenshot from 2024-12-22 17-05-16

[INFO] 22/Dec/2024 15:08:02 - MIME Type: application/octet-stream FILE: sample.apks
[INFO] 22/Dec/2024 15:08:02 - Performing Static Analysis of Android Split APK
[INFO] 22/Dec/2024 15:08:02 - Scan Hash: 15a6a8ecafc5d15871b56eed8877526e
[INFO] 22/Dec/2024 15:08:02 - Starting Analysis on: sample.apks
[INFO] 22/Dec/2024 15:08:02 - Unzipping
[INFO] 22/Dec/2024 15:08:03 - Generating Hashes
[INFO] 22/Dec/2024 15:08:03 - Unzipping
[INFO] 22/Dec/2024 15:08:03 - APK Extracted
[INFO] 22/Dec/2024 15:08:03 - Getting Hardcoded Certificates/Keystores
[INFO] 22/Dec/2024 15:08:03 - Getting AndroidManifest.xml from APK
[INFO] 22/Dec/2024 15:08:03 - Converting AXML to XML
[INFO] 22/Dec/2024 15:08:04 - Parsing AndroidManifest.xml
[INFO] 22/Dec/2024 15:08:04 - Parsing APK with androguard
[INFO] 22/Dec/2024 15:08:04 - Starting analysis on AndroidManifest.xml
[INFO] 22/Dec/2024 15:08:04 - Extracting Manifest Data
[INFO] 22/Dec/2024 15:08:04 - Performing Static Analysis on: Learn Flutter (com.magicforstudio.learnflutter)
[INFO] 22/Dec/2024 15:08:04 - Fetching Details from Play Store: com.magicforstudio.learnflutter
[INFO] 22/Dec/2024 15:08:05 - Manifest Analysis Started
[INFO] 22/Dec/2024 15:08:05 - Checking for Malware Permissions
[INFO] 22/Dec/2024 15:08:05 - Fetching icon path
[WARNING] 22/Dec/2024 15:08:05 - res1 must be zero!
[WARNING] 22/Dec/2024 15:08:05 - res1 must be zero!
[WARNING] 22/Dec/2024 15:08:05 - res1 must be zero!
[WARNING] 22/Dec/2024 15:08:05 - res1 must be zero!
[WARNING] 22/Dec/2024 15:08:05 - res1 must be zero!
[WARNING] 22/Dec/2024 15:08:05 - res1 must be zero!
[WARNING] 22/Dec/2024 15:08:05 - res1 must be zero!
[WARNING] 22/Dec/2024 15:08:05 - res1 must be zero!
[WARNING] 22/Dec/2024 15:08:05 - res1 must be zero!
[WARNING] 22/Dec/2024 15:08:05 - res1 must be zero!
[WARNING] 22/Dec/2024 15:08:05 - res1 must be zero!
[WARNING] 22/Dec/2024 15:08:05 - res1 must be zero!
[WARNING] 22/Dec/2024 15:08:05 - res1 must be zero!
[WARNING] 22/Dec/2024 15:08:05 - res1 must be zero!
[INFO] 22/Dec/2024 15:08:05 - Library Binary Analysis Started
[INFO] 22/Dec/2024 15:08:05 - Reading Code Signing Certificate
[INFO] 22/Dec/2024 15:08:05 - Getting Signature Versions
[INFO] 22/Dec/2024 15:08:05 - Running APKiD 2.1.5
[INFO] 22/Dec/2024 15:08:07 - Trackers Database is up-to-date
[INFO] 22/Dec/2024 15:08:07 - Detecting Trackers
[INFO] 22/Dec/2024 15:08:08 - APK -> JAVA
[INFO] 22/Dec/2024 15:08:08 - Decompiling to Java with jadx
[INFO] 22/Dec/2024 15:08:23 - DEX -> SMALI
[INFO] 22/Dec/2024 15:08:23 - Converting classes.dex to Smali Code
[INFO] 22/Dec/2024 15:08:23 - Code Analysis Started on - java_source
[INFO] 22/Dec/2024 15:08:31 - Android SAST Completed
[INFO] 22/Dec/2024 15:08:31 - Android API Analysis Started
[INFO] 22/Dec/2024 15:08:37 - Android Permission Mapping Started
[INFO] 22/Dec/2024 15:08:41 - Android Permission Mapping Completed
[INFO] 22/Dec/2024 15:08:41 - Finished Code Analysis, Email and URL Extraction
[INFO] 22/Dec/2024 15:08:41 - Extracting Data from APK
[INFO] 22/Dec/2024 15:08:41 - Extracting Data from Source Code
[INFO] 22/Dec/2024 15:08:42 - Detecting Firebase URL(s)
[INFO] 22/Dec/2024 15:08:42 - Performing Malware Check on extracted Domains
[INFO] 22/Dec/2024 15:08:43 - Maltrail Database is up-to-date
[INFO] 22/Dec/2024 15:08:43 - Saving to Database

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tosiara