May be a androguard tool issue. May need to be updated. Error Parsing
mkurtakoti opened this issue · comments
ENVIRONMENT
OS and Version: Mac Ventura
Python Version: 3.10.12
MobSF Version: Docker latest version available v3.9.3
EXPLANATION OF THE ISSUE
Tried to run MOBSF for publicly available app Tableau in Android Play store.
However, it gives error "Exception for the parsers. res1 must be zero!".
Upon checking found out that it is giving KeyError for resources.arsc.
File "/usr/local/lib/python3.8/dist-packages/androguard/core/bytecodes/apk.py", line 1556, in get_android_resources
return self.arsc["resources.arsc"]
KeyError: 'resources.arsc'
STEPS TO REPRODUCE THE ISSUE
1. This is the first step
Download app from public store Tableau (Android)
2. This is the second step
Extract base.apk file from the device.
3. Further steps, etc.
Load to MobSF
LOG FILE
2024-03-08 18:49:02
mobsf_container
�[32m[INFO] 08/Mar/2024 18:49:02 - Getting Hardcoded Certificates/Keystores�[0m
2024-03-08 18:49:02
mobsf_container
�[32m[INFO] 08/Mar/2024 18:49:02 - Getting AndroidManifest.xml from APK�[0m
2024-03-08 18:49:02
mobsf_container
�[32m[INFO] 08/Mar/2024 18:49:02 - Parsing AndroidManifest.xml�[0m
2024-03-08 18:49:02
mobsf_container
�[31m[ERROR] 08/Mar/2024 18:49:02 - Error Performing Static Analysis�[0m
2024-03-08 18:49:02
mobsf_container
Traceback (most recent call last):
2024-03-08 18:49:02
mobsf_container
File "/usr/local/lib/python3.8/dist-packages/androguard/core/bytecodes/apk.py", line 1556, in get_android_resources
2024-03-08 18:49:02
mobsf_container
return self.arsc["resources.arsc"]
2024-03-08 18:49:02
mobsf_container
KeyError: 'resources.arsc'
2024-03-08 18:49:02
mobsf_container
During handling of the above exception, another exception occurred:
2024-03-08 18:49:02
mobsf_container
Traceback (most recent call last):
2024-03-08 18:49:02
mobsf_container
File "/home/user/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/android/static_analyzer.py", line 174, in static_analyzer
2024-03-08 18:49:02
mobsf_container
app_dic['real_name'] = get_app_name(
2024-03-08 18:49:02
mobsf_container
File "/home/user/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/android/static_analyzer.py", line 626, in get_app_name
2024-03-08 18:49:02
mobsf_container
real_name = a.get_app_name()
2024-03-08 18:49:02
mobsf_container
File "/usr/local/lib/python3.8/dist-packages/androguard/core/bytecodes/apk.py", line 476, in get_app_name
2024-03-08 18:49:02
mobsf_container
res_parser = self.get_android_resources()
2024-03-08 18:49:02
mobsf_container
File "/usr/local/lib/python3.8/dist-packages/androguard/core/bytecodes/apk.py", line 1562, in get_android_resources
👋 @mkurtakoti
Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel
Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.
Upon checking further, it seems this is due to split APKs. For most of the app which has split APKs it worked fine. But for this one it was failing. When I merged APKs to one and tried. It worked fine.
It looks like same issue like #2352.
This can be replicated by any APK downloaded from recently published AAB on Google Play console. For example this attached archive APK created by Google Play console cause this error too.
APK generated directly with Gradle assemble task is analyzed without any error. So I guess it's caused by some change in bundle tool used by Google Play console.
Note: This app is secured by app integrity provided directly by Google Play.
I created issue in androguard: androguard/androguard#1014
Traceback (most recent call last):
File "/U***py3.10/lib/python3.10/site-packages/androguard/core/bytecodes/apk.py", line 1556, in get_android_resources
return self.arsc["resources.arsc"]
KeyError: 'resources.arsc'
This definitely is coming from androguard. I will will see if we can gracefully handle this exception and proceed with next steps.
We made changes to support latest androguard with the fix when it is made available. Awaiting for them to release a new release with the fix. Closing this issue here.
when will be this available in the docker image?