Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dynamic Analyzer > Pull & Static Analysis fails with split apks #2271

Open
jonathanbheadley opened this issue Sep 28, 2023 · 1 comment
Open

Dynamic Analyzer > Pull & Static Analysis fails with split apks #2271

jonathanbheadley opened this issue Sep 28, 2023 · 1 comment
Assignees
@ajinabraham
Labels
android sca Android Static Code Analysis related bug MobSF bugs static analyzer Static Analyzer related
Projects
MobSF 2024 Development

Comments

@jonathanbheadley
Copy link

jonathanbheadley commented Sep 28, 2023
edited

ENVIRONMENT

OS and Version: Kali Linux, 6.5.0-kali1-amd64
Distributor ID:	Kali
Description:	Kali GNU/Linux Rolling
Release:	2023.3
Codename:	kali-rolling

Python Version: Python 3.9.16
MobSF Version:  MobSF v3.7.8 Beta

EXPLANATION OF THE ISSUE

The "Pull & Static Analysis" button fails to pull an app with split apks. MobSF seems to be running adb pm path com.coinhako and then running adb pull <result> which improperly parses out the multiline return value:

image

image

STEPS TO REPRODUCE THE ISSUE

  1. Start Mobsf: sudo docker run --network="host" -it --rm -p 8000:8000 -p 1337:1337 -e MOBSF_ANALYZER_IDENTIFIER="emulator-5554" -e MOBSF_PLATFORM="somethingelse" opensecurity/mobile-security-framework-mobsf:latest

  2. Navigate to Dynamic Analyzer tab

  3. Click Pull & Static Analysis button

LOG FILE

For some reason, both debug files in ~/.MobSF and /root/.MobSF (since i'm using sudo) are empty...

I couldn't upload the apk(s), files were too large: https://play.google.com/store/apps/details?id=com.coinhako&hl=en_US&gl=US
@github-actions
Copy link

👋 @jonathanbheadley
Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel
Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

@ajinabraham ajinabraham self-assigned this Oct 7, 2023
@ajinabraham ajinabraham added the enhancement MobSF enhancements and feature requests label Oct 7, 2023
@ajinabraham ajinabraham added bug MobSF bugs static analyzer Static Analyzer related android sca Android Static Code Analysis related and removed enhancement MobSF enhancements and feature requests labels Dec 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ajinabraham ajinabraham

Labels
android sca Android Static Code Analysis related bug MobSF bugs static analyzer Static Analyzer related
Projects
MobSF 2024 Development
To do
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ajinabraham @jonathanbheadley