Mobile-Security-Framework-MobSF icon indicating copy to clipboard operation
Mobile-Security-Framework-MobSF copied to clipboard

Published 20 hours ago verified publisher icon MobSF

[FEATURE] Update Dockerfile to Include Latest Versions of APKTool and JADX

Open defencore opened this issue 1 year ago • 3 comments

Description:

To ensure MobSF always uses the latest versions of critical tools like APKTool and JADX, I propose adding commands to the Dockerfile to dynamically fetch and install their latest versions during the build process. This enhancement will improve compatibility with modern APKs and provide users with up-to-date decompilation capabilities.

Proposed Changes to Dockerfile

Add the following commands to the Dockerfile:

Update APKTool to the Latest Version

# APKTOOL latest version  
RUN APKTOOL_URL=$(curl -s https://bitbucket.org/iBotPeaches/apktool/downloads/  | grep -oP 'href="\K(.*?apktool_[^"]*\.jar)' | head -n 1) \  
    && curl -Lo /home/mobsf/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/tools/apktool.jar https://bitbucket.org$APKTOOL_URL \  
    && chmod +r /home/mobsf/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/tools/apktool.jar

Update JADX to the Latest Version

# JADX - Dex to Java Decompiler  
RUN JADX_VERSION=$(curl -s "https://api.github.com/repos/skylot/jadx/releases/latest" | grep -Po '"tag_name": "v\K[0-9.]+') \  
    && curl -Lo jadx.zip "https://github.com/skylot/jadx/releases/latest/download/jadx-${JADX_VERSION}.zip" \  
    && unzip jadx.zip -d jadx \  
    && mv jadx /home/mobsf/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/tools/jadx \  
    && rm -rf jadx.zip

Benefits:

  1. Freshness: Ensures MobSF always uses the latest tools without requiring manual updates.
  2. Compatibility: Improves support for modern APKs and their features.
  3. Ease of Maintenance: Automates the process of keeping APKTool and JADX up-to-date during Docker image builds.

Impact:

  • Simplifies updates for end-users relying on Dockerized MobSF.
  • Reduces the risk of outdated decompilation tools causing analysis issues.

Thank you for considering this request! I am happy to assist in testing or implementing these changes if needed.

defencore avatar Nov 27 '24 17:11 defencore

👋 @defencore Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

github-actions[bot] avatar Nov 27 '24 17:11 github-actions[bot]

At least for jadx, install code already exists in the project. That would make more sense for apktool though.

GameDungeon avatar Nov 28 '24 18:11 GameDungeon

Prefer pinned third party deps. We can maybe move apktool to tools_download.py

ajinabraham avatar Nov 29 '24 01:11 ajinabraham