quark-engine icon indicating copy to clipboard operation
quark-engine copied to clipboard

Published 20 hours ago verified publisher icon quark-engine

Quark Fails to do analysis on certain APKs

Open ajinabraham opened this issue 4 years ago • 6 comments

Describe the bug

Exception happens here

Traceback (most recent call last):                                                                                                                           
  File "/home/seclab/Mobile-Security-Framework-MobSF/mobsf/MalwareAnalyzer/views/quark.py", line 48, in quark_analysis                                       
    data.run(rule_checker)                                                                                                                                   
  File "/home/seclab/Mobile-Security-Framework-MobSF/venv/lib/python3.9/site-packages/quark/Objects/quark.py", line 317, in run                              
    if self.check_parameter(parent_function, first_wrapper, second_wrapper):                                                                                 
  File "/home/seclab/Mobile-Security-Framework-MobSF/venv/lib/python3.9/site-packages/quark/Objects/quark.py", line 190, in check_parameter                  
    pyeval.eval[instruction[0]](instruction)                                                                                                                 
  File "/home/seclab/Mobile-Security-Framework-MobSF/venv/lib/python3.9/site-packages/quark/Evaluator/pyeval.py", line 31, in warp                           
    func(*args, **kwargs)                                                                                                                                    
  File "/home/seclab/Mobile-Security-Framework-MobSF/venv/lib/python3.9/site-packages/quark/Evaluator/pyeval.py", line 336, in AGET_OBJECT                   
    array_obj = self.table_obj.get_obj_list(                                                                                                                 
AttributeError: 'NoneType' object has no attribute 'pop'

Ref: https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1774

To Reproduce Steps to reproduce the behavior:

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'
  4. See error

Expected behavior A clear and concise description of what you expected to happen.

Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

  • OS: [e.g. iOS]
  • Browser [e.g. chrome, safari]
  • Version [e.g. 22]

Smartphone (please complete the following information):

  • Device: [e.g. iPhone6]
  • OS: [e.g. iOS8.1]
  • Browser [e.g. stock browser, safari]
  • Version [e.g. 22]

Additional context Add any other context about the problem here.

ajinabraham avatar Aug 05 '21 21:08 ajinabraham

Hi ajinabraham, We've received this issue and will investigate it. Thanks for your report!

sharteeya avatar Aug 06 '21 10:08 sharteeya

Hi ajinabraham, Since we want to reproduce the error, may we have the APK used in the issue for fixing the bug? Thanks!

sharteeya avatar Aug 09 '21 07:08 sharteeya

I don't have, but requested the issue reporter to provide an APK to replicate this.

ajinabraham avatar Aug 11 '21 15:08 ajinabraham

Since we can not reproduce the error and the issue raiser of reference issue in MobSF has no reply yet. I will close the issue and will re-open it once we know how the error happened. Thank you for telling us the issue!

sharteeya avatar Oct 12 '21 05:10 sharteeya

I have this error on the Telegram apk with md5 0c50f15ec0ef1a4419236867c9b21ef4 . A quick google will give the apk.

A very similar error can be introduced on latest Quark (v21.10.2):

quark -a telegram.apk -d
 14%|███████████████████▌                                                                                                                    | 26/181 [33:38<3:20:33, 77.63s/it]
Traceback (most recent call last):
  File "/home/kali/secenv/bin/quark", line 8, in <module>
    sys.exit(entry_point())
  File "/home/kali/secenv/lib/python3.9/site-packages/click/core.py", line 1137, in __call__
    return self.main(*args, **kwargs)
  File "/home/kali/secenv/lib/python3.9/site-packages/click/core.py", line 1062, in main
    rv = self.invoke(ctx)
  File "/home/kali/secenv/lib/python3.9/site-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/kali/secenv/lib/python3.9/site-packages/click/core.py", line 763, in invoke
    return __callback(*args, **kwargs)
  File "/home/kali/secenv/lib/python3.9/site-packages/quark/cli.py", line 340, in entry_point
    data.run(rule_checker)
  File "/home/kali/secenv/lib/python3.9/site-packages/quark/core/quark.py", line 458, in run
    if self.check_parameter(
  File "/home/kali/secenv/lib/python3.9/site-packages/quark/core/quark.py", line 227, in check_parameter
    pyeval.eval[instruction[0]](instruction)
  File "/home/kali/secenv/lib/python3.9/site-packages/quark/evaluator/pyeval.py", line 34, in warp
    func(*args, **kwargs)
  File "/home/kali/secenv/lib/python3.9/site-packages/quark/evaluator/pyeval.py", line 495, in AGET_WIDE_KIND
    value_type = self.table_obj.pop(array_reg_index).current_type[1:]
  File "/home/kali/secenv/lib/python3.9/site-packages/quark/core/struct/tableobject.py", line 64, in pop
    return self.hash_table[index][-1]
IndexError: list index out of range

Not the exact same error, but this apk does give the same error as the original post on MobSF.

@sharteeya please reopen and investigate :)

TheDauntless avatar Oct 18 '21 12:10 TheDauntless

Hi @TheDauntless Thank you for telling us the error can be reproduced in Telegram. I'm going to re-open this issue now.

sharteeya avatar Oct 20 '21 05:10 sharteeya