areizen / android-malware-sandbox Goto Github PK
View Code? Open in Web Editor NEWAndroid Malware Sandbox
License: Apache License 2.0
Android Malware Sandbox
License: Apache License 2.0
Hello.
I made some minor mods to the JS in order to be compatible with the latest Frida releases. I'm not sure if this was related to my env only (Frida 16), but I had to apply some minor mods...anyway, if you are interested in them I can open a pull request.
Let me know.
Thanks
Hi,
I followed the readme and everything worked fine for the master branch. However, I noticed the dev branch seemed to have a lot of new features with improved reporting so I decided to try it out. But I am getting the below error-
Traceback (most recent call last):
File "main.py", line 1, in
from lib.adb import Physical, Emulator, DockerEmulator
File "/opt/AndroidSandbox/v2/Android-Malware-Sandbox/lib/adb/DockerEmulator.py", line 2, in
from external.containers.emu import docker_device, emu_docker, emu_downloads_menu
File "/opt/AndroidSandbox/v2/Android-Malware-Sandbox/external/containers/emu/docker_device.py", line 25, in
import docker
ModuleNotFoundError: No module named 'docker'
Could you suggest any solutions to this ? Thanks
Collecting zstandard<0.13.0,>=0.11.0
Using cached zstandard-0.12.0.tar.gz (648 kB)
ERROR: Command errored out with exit status 1:
command: /home/malware/Documents/Android-Malware-Sandbox/env/bin/python3 -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-wk65xodt/zstandard/setup.py'"'"'; file='"'"'/tmp/pip-install-wk65xodt/zstandard/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pip-install-wk65xodt/zstandard/pip-egg-info
cwd: /tmp/pip-install-wk65xodt/zstandard/
Complete output (13 lines):
Traceback (most recent call last):
File "", line 1, in
File "/tmp/pip-install-wk65xodt/zstandard/setup.py", line 70, in
import make_cffi
File "/tmp/pip-install-wk65xodt/zstandard/make_cffi.py", line 179, in
preprocessed = preprocess(header)
File "/tmp/pip-install-wk65xodt/zstandard/make_cffi.py", line 127, in preprocess
process = subprocess.Popen(args + [input_file], stdout=subprocess.PIPE,
File "/usr/lib/python3.8/subprocess.py", line 858, in init
self._execute_child(args, executable, preexec_fn, close_fds,
File "/usr/lib/python3.8/subprocess.py", line 1704, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'cc'
----------------------------------------
ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.
This seems to be related to MITMproxy. I am running on Python 3.8.10 and Ubuntu 20.04.4.
Hi,
I have set up the dev branch and trying to run using the below command -
sudo python3 main.py samples/org.benews.apk
In the end, it says the file is not a zip file. I do not understand why and which file is required to be zip. If I zip the apk and then run it, nothing is installed on the emulator. I get a report which is mostly empty
I am getting the below output -
2020-09-25 02:25:20 p-4 root[8928] INFO Launching device
2020-09-25 02:25:20 p-4 root[8928] DEBUG Emulator:start()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Device:kill_emulators()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Device:listing_devices()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Launching emulator : ['//opt/android/androidsdk/emulator/emulator', '@Nexus1', '-no-snapshot-load', '-wipe-data', '-no-audio', '-qemu', '-s']
2020-09-25 02:25:20 p-4 root[8928] DEBUG Device:listing_devices()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Waiting for device_id
2020-09-25 02:25:20 p-4 root[8928] DEBUG Device id : emulator-5554
2020-09-25 02:25:20 p-4 root[8928] DEBUG Checking if it is up
2020-09-25 02:25:20 p-4 root[8928] INFO Emulator launched
2020-09-25 02:25:20 p-4 root[8928] DEBUG Device:get_device_arch()
2020-09-25 02:25:20 p-4 root[8928] INFO Architecture of the device is : x86_64
2020-09-25 02:25:20 p-4 root[8928] DEBUG Device:get_root_shell()
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: base64_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: delete_file_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: dexclassloader_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: file_interaction_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: library_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: log_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: proxy_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: shared_preferences_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: anti_emulator_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: socket_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: cipher_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: location_spoofer_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: hide_app_icon_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: json_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: hash_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: proxy_url_plugin
2020-09-25 02:25:20 p-4 root[8928] INFO Plugin: tcpdump_plugin
2020-09-25 02:25:20 p-4 root[8928] DEBUG ProxyURL:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG TCPDump:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Socket:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG antiEmulator:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Proxy:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG DexClassLoader:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Library:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Cipher:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG deleteFile:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG FileInteraction:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Shared_Prefs_plugin:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Log:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Json:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Base64:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG Hash:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG LocationSpoofer:loaded()
2020-09-25 02:25:20 p-4 root[8928] DEBUG HideAppIcon:loaded()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Core:start_analysis()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Core:select_applications()
2020-09-25 02:25:21 p-4 root[8928] DEBUG ModuleGeneral:select()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Frida:compile()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Frida:generate_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Socket:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG DexClassLoader:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Library:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Cipher:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG deleteFile:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG FileInteraction:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Shared_Prefs_plugin:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Log:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Json:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Base64:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG Hash:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG LocationSpoofer:get_frida_script()
2020-09-25 02:25:21 p-4 root[8928] DEBUG HideAppIcon:get_frida_script()
2020-09-25 02:25:25 p-4 root[8928] INFO Compiled
2020-09-25 02:25:25 p-4 root[8928] DEBUG Device:install_frida()
2020-09-25 02:25:26 p-4 root[8928] INFO Frida Installed
2020-09-25 02:25:26 p-4 root[8928] DEBUG Core:analyse_sample()
2020-09-25 02:25:26 p-4 root[8928] ERROR File is not a zip file
Error: Cannot find module '@babel/plugin-transform-runtime' from '/root/andoid_tmp/git_android/Android-Malware-Sandbox' while parsing file: /root/andoid_tmp/git_android/Android-Malware-Sandbox/frida_scripts/agent.js
at Function.resolveSync [as sync] (/usr/local/lib/node_modules/frida-compile/node_modules/resolve/lib/sync.js:89:15)
at resolveStandardizedName (/usr/local/lib/node_modules/frida-compile/node_modules/@babel/core/lib/config/files/plugins.js:101:31)
at resolvePlugin (/usr/local/lib/node_modules/frida-compile/node_modules/@babel/core/lib/config/files/plugins.js:54:10)
at loadPlugin (/usr/local/lib/node_modules/frida-compile/node_modules/@babel/core/lib/config/files/plugins.js:62:20)
at createDescriptor (/usr/local/lib/node_modules/frida-compile/node_modules/@babel/core/lib/config/config-descriptors.js:154:9)
at items.map (/usr/local/lib/node_modules/frida-compile/node_modules/@babel/core/lib/config/config-descriptors.js:109:50)
at Array.map ()
at createDescriptors (/usr/local/lib/node_modules/frida-compile/node_modules/@babel/core/lib/config/config-descriptors.js:109:29)
at createPluginDescriptors (/usr/local/lib/node_modules/frida-compile/node_modules/@babel/core/lib/config/config-descriptors.js:105:10)
at alias (/usr/local/lib/node_modules/frida-compile/node_modules/@babel/core/lib/config/config-descriptors.js:63:53)
code: 'MODULE_NOT_FOUND',
filename: '/root/andoid_tmp/git_android/Android-Malware-Sandbox/frida_scripts/agent.js',
When I debug on ubuntu system, because Android simulator is x86 architecture, I installed the arm conversion plug-in, which can install apk of arm architecture normally. But when device.resume (pid) is running, the program will pop up "Open app again", and report an error at the end: "ERROR script is destroyed"
I installed the project on macOS Big Sur and was able to get it up and running if I disable the option for frida in the config otherwise I get the error: unable to connect to remote frida-server: closed
Someone else mentioned the same error here frida/frida#582 and it was solved by using:
adb forward tcp:27042 tcp:27042
adb forward tcp:27043 tcp:27043
I did try that after the emulator had started but it didn't seem to help (although the commands ran successfully).
I have configured the ams and analyzed multiple apk files of different malware families listed in the project description. However, in report detection section is empty no final conclusion is listed in it. Is it by default or should I expect some verdict in this section.
Screen shots attached. Kindly help in this regard.
ubuntu root[25916] ERROR Error while installing frida : b"adb server version (41) doesn't match this client (39); killing...\n* daemon started successfully\n"
ubuntu 20 python3.7 and adb is installed by apt
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.