areizen / android-malware-sandbox Goto Github PK

View Code? Open in Web Editor NEW

274.0 274.0 53.0 11.85 MB

Android Malware Sandbox

License: Apache License 2.0

Python 7.30% JavaScript 76.62% Shell 0.29% Dockerfile 0.28% CSS 11.88% Jinja 3.62%

android-malware-sandbox's People

Contributors

Stargazers

Watchers

android-malware-sandbox's Issues

unable to find application with identifier...

everything seems to work until Frida starts and the apk file cannot be identified...

How do i solve this?

Mods for new Frida release

Hello.

I made some minor mods to the JS in order to be compatible with the latest Frida releases. I'm not sure if this was related to my env only (Frida 16), but I had to apply some minor mods...anyway, if you are interested in them I can open a pull request.
Let me know.
Thanks

ModuleNotFoundError: No module named 'docker'

Hi,

I followed the readme and everything worked fine for the master branch. However, I noticed the dev branch seemed to have a lot of new features with improved reporting so I decided to try it out. But I am getting the below error-

Traceback (most recent call last):
File "main.py", line 1, in
from lib.adb import Physical, Emulator, DockerEmulator
File "/opt/AndroidSandbox/v2/Android-Malware-Sandbox/lib/adb/DockerEmulator.py", line 2, in
from external.containers.emu import docker_device, emu_docker, emu_downloads_menu
File "/opt/AndroidSandbox/v2/Android-Malware-Sandbox/external/containers/emu/docker_device.py", line 25, in
import docker
ModuleNotFoundError: No module named 'docker'

Could you suggest any solutions to this ? Thanks

MITMproxy from requirements.txt gives error when installing with pip

Collecting zstandard<0.13.0,>=0.11.0
Using cached zstandard-0.12.0.tar.gz (648 kB)
ERROR: Command errored out with exit status 1:
command: /home/malware/Documents/Android-Malware-Sandbox/env/bin/python3 -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-wk65xodt/zstandard/setup.py'"'"'; file='"'"'/tmp/pip-install-wk65xodt/zstandard/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pip-install-wk65xodt/zstandard/pip-egg-info
cwd: /tmp/pip-install-wk65xodt/zstandard/
Complete output (13 lines):
Traceback (most recent call last):
File "", line 1, in
File "/tmp/pip-install-wk65xodt/zstandard/setup.py", line 70, in
import make_cffi
File "/tmp/pip-install-wk65xodt/zstandard/make_cffi.py", line 179, in
preprocessed = preprocess(header)
File "/tmp/pip-install-wk65xodt/zstandard/make_cffi.py", line 127, in preprocess
process = subprocess.Popen(args + [input_file], stdout=subprocess.PIPE,
File "/usr/lib/python3.8/subprocess.py", line 858, in init
self._execute_child(args, executable, preexec_fn, close_fds,
File "/usr/lib/python3.8/subprocess.py", line 1704, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'cc'
----------------------------------------
ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.

This seems to be related to MITMproxy. I am running on Python 3.8.10 and Ubuntu 20.04.4.

File is not a zip file

Hi,

I have set up the dev branch and trying to run using the below command -

sudo python3 main.py samples/org.benews.apk

In the end, it says the file is not a zip file. I do not understand why and which file is required to be zip. If I zip the apk and then run it, nothing is installed on the emulator. I get a report which is mostly empty

I am getting the below output -

2020-09-25 02:25:20 p-4 root[8928] INFO Launching device
2020-09-25 02:25:20 p-4 root[8928] DEBUG Emulator:start()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Device:kill_emulators()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Device:listing_devices()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Launching emulator : ['//opt/android/androidsdk/emulator/emulator', '@Nexus1', '-no-snapshot-load', '-wipe-data', '-no-audio', '-qemu', '-s']
2020-09-25 02:25:20 p-4 root[8928] DEBUG Device:listing_devices()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Waiting for device_id
2020-09-25 02:25:20 p-4 root[8928] DEBUG Device id : emulator-5554
2020-09-25 02:25:20 p-4 root[8928] DEBUG Checking if it is up
2020-09-25 02:25:20 p-4 root[8928] INFO Emulator launched
2020-09-25 02:25:20 p-4 root[8928] DEBUG Device:get_device_arch()
2020-09-25 02:25:20 p-4 root[8928] INFO Architecture of the device is : x86_64
2020-09-25 02:25:20 p-4 root[8928] DEBUG Device:get_root_shell()
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: base64_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: delete_file_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: dexclassloader_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: file_interaction_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: library_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: log_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: proxy_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: shared_preferences_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: anti_emulator_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: socket_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: cipher_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: location_spoofer_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: hide_app_icon_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: json_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: hash_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: proxy_url_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: tcpdump_plugin
2020-09-25 02:25:20 p-4 root[8928] DEBUG ProxyURL:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG TCPDump:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Socket:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG antiEmulator:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Proxy:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG DexClassLoader:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Library:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Cipher:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG deleteFile:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG FileInteraction:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Shared_Prefs_plugin:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Log:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Json:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Base64:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Hash:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG LocationSpoofer:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG HideAppIcon:loaded()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Core:start_analysis()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Core:select_applications()
2020-09-25 02:25:21 p-4 root[8928] DEBUG ModuleGeneral:select()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Frida:compile()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Frida:generate_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Socket:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG DexClassLoader:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Library:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Cipher:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG deleteFile:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG FileInteraction:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Shared_Prefs_plugin:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Log:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Json:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Base64:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Hash:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG LocationSpoofer:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG HideAppIcon:get_frida_script()
2020-09-25 02:25:25 p-4 root[8928] INFO Compiled
2020-09-25 02:25:25 p-4 root[8928] DEBUG Device:install_frida()
2020-09-25 02:25:26 p-4 root[8928] INFO Frida Installed
2020-09-25 02:25:26 p-4 root[8928] DEBUG Core:analyse_sample()
2020-09-25 02:25:26 p-4 root[8928] ERROR File is not a zip file

error in run js file

Error: Cannot find module '@babel/plugin-transform-runtime' from '/root/andoid_tmp/git_android/Android-Malware-Sandbox' while parsing file: /root/andoid_tmp/git_android/Android-Malware-Sandbox/frida_scripts/agent.js
at Function.resolveSync [as sync] (/usr/local/lib/node_modules/frida-compile/node_modules/resolve/lib/sync.js:89:15)
at resolveStandardizedName (/usr/local/lib/node_modules/frida-compile/node_modules/@babel/core/lib/config/files/plugins.js:101:31)
at resolvePlugin (/usr/local/lib/node_modules/frida-compile/node_modules/@babel/core/lib/config/files/plugins.js:54:10)
at loadPlugin (/usr/local/lib/node_modules/frida-compile/node_modules/@babel/core/lib/config/files/plugins.js:62:20)
at createDescriptor (/usr/local/lib/node_modules/frida-compile/node_modules/@babel/core/lib/config/config-descriptors.js:154:9)
at items.map (/usr/local/lib/node_modules/frida-compile/node_modules/@babel/core/lib/config/config-descriptors.js:109:50)
at Array.map ()
at createDescriptors (/usr/local/lib/node_modules/frida-compile/node_modules/@babel/core/lib/config/config-descriptors.js:109:29)
at createPluginDescriptors (/usr/local/lib/node_modules/frida-compile/node_modules/@babel/core/lib/config/config-descriptors.js:105:10)
at alias (/usr/local/lib/node_modules/frida-compile/node_modules/@babel/core/lib/config/config-descriptors.js:63:53)
code: 'MODULE_NOT_FOUND',
filename: '/root/andoid_tmp/git_android/Android-Malware-Sandbox/frida_scripts/agent.js',

A question about README.md

Here should be pip3？

CPU architecture problem

When I debug on ubuntu system, because Android simulator is x86 architecture, I installed the arm conversion plug-in, which can install apk of arm architecture normally. But when device.resume (pid) is running, the program will pop up "Open app again", and report an error at the end: "ERROR script is destroyed"

unable to connect to remote frida-server: closed

I installed the project on macOS Big Sur and was able to get it up and running if I disable the option for frida in the config otherwise I get the error: unable to connect to remote frida-server: closed

Someone else mentioned the same error here frida/frida#582 and it was solved by using:
adb forward tcp:27042 tcp:27042
adb forward tcp:27043 tcp:27043

I did try that after the emulator had started but it didn't seem to help (although the commands ran successfully).

Detection Verdict

I have configured the ams and analyzed multiple apk files of different malware families listed in the project description. However, in report detection section is empty no final conclusion is listed in it. Is it by default or should I expect some verdict in this section.

Screen shots attached. Kindly help in this regard.

adb error when running

ubuntu root[25916] ERROR Error while installing frida : b"adb server version (41) doesn't match this client (39); killing...\n* daemon started successfully\n"

ubuntu 20 python3.7 and adb is installed by apt

areizen / android-malware-sandbox Goto Github PK

android-malware-sandbox's People

Contributors

Stargazers

Watchers

Forkers

android-malware-sandbox's Issues

unable to find application with identifier...

Mods for new Frida release

ModuleNotFoundError: No module named 'docker'

MITMproxy from requirements.txt gives error when installing with pip

File is not a zip file

error in run js file

A question about README.md

CPU architecture problem

unable to connect to remote frida-server: closed

Detection Verdict

adb error when running

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent