Objective
The previous article in this series said that for an information security contest, I chose an apk behavioral Analysis topic. has been in the study of Android programming, and then looked at the APK analysis of the book, feel that there is no goal, do not know how to start, occasionally in the freebuf wandering, casually searched this information, and really found two articles:
- Http://www.freebuf.com/sectool/99475.html
- Http://www.freebuf.com/sectool/98607.html
The first article is about the tool I chose for a C/s architecture MOBSF, written in Django+python. The author is Ajin Abraham, the project he posted on GitHub above Https://github.com/ajinabraham/Mobile-Security-Framework-MobSF, has been updated, So if you submit issue, he'll be back soon.
I didn't know how to do my own reading, so I decided to rewrite the project with C++/QT. Subsequent articles will synchronize the development process.
Installing MOBSF
How to install MOBSF in Freebuf's article has been said very clearly, the source code, virtual machine, Java, dependencies downloaded after installation, it should be this:
Enter Terminal input
python manage.py runserver
Obviously, mistakes are unavoidable:
Open java.py directly from the error prompt to resolve the first error (should be a Java path problem)
The problem is on line 65th:
proc = subprocess.Popen(args,stdout=subprocess.PIPE,stderr=subprocess.STDOUT,)
Subprocess. The detailed usage and function of popen function can Baidu, here with args as the parameter opens a new process, since the problem is here, and the args parameter is passed in, back to call Runprocess (args) Where:
can see:
MAC_LINUX_JAVA="/usr/bin/"args=[MAC_LINUX_JAVA+"java"]
In other words, subprocess. Popen () actually executed a command here:/usr/bin/java
It is the same as we enter this command at the command line. Then we try to enter this command at the command line:
Obviously, the path is wrong. My Java is not directly installed in the/usr/bin directory:
But under the/usr/bin/jdk1.8.0_91.
Locate the executable file Java, under/usr/bin/jdk1.8.0_91/bin/:
At the command line, enter
/usr/bin/jdk1.8.0_91/bin/java
After reading the output of the terminal, we can understand the meaning of this section of the author's code in java.py:
is to detect that there is no "Oracle" field in the output of the detection terminal after running the Java executable, thus determining if Java is installed.
That being the case, we have two choices:
1. Modify the source code
2. Modify the Java installation address
Obviously, it is more convenient to modify the source code:
Modify java.py 43rd behavior:
MAC_LINUX_JAVA="/usr/bin/jdk1.8.0_91/bin/"
Run manage.py again:
Ok.
Open Web site 127.0.0.1:8000
Upload an apk for analysis, and the results are error-free:
The first error should be a python third-party package xhtml2pdf installed a problem that could not be imported, the problem is not resolved on ubuntu16.04lts, ignored, attention to the second error. should be a coding error, the source folder copied to the home, so that the folder path does not contain Chinese, re-execute, OK:
Other
About the use of MOBSF need to do their own research, the next section will be MOBSF from the static analysis part of the source analysis, and begin the first step: use Zlib unzip the APK folder.
"Installation Experience" MOBSF, an open source mobile security testing Framework