exodus icon indicating copy to clipboard operation
exodus copied to clipboard
verified publisher icon Exodus-Privacy

Weird Versions with MobilePass

Open yoshimo opened this issue 4 years ago • 4 comments

With Safenets Mobile Pass App (securecomputing.devices.android.controller) i think the version parsing is off It started fine with 8.4.2.24 and then you only get versions like @7F0C0011 which do not match what is installed.

The recent 8.4.5 isn't shown as "scanned" but also won't show as recent when you ask exodus for a new report. Do we have a package parsing issue here? The "number" looks more like an offset or memory location of some kind

yoshimo avatar Aug 17 '21 16:08 yoshimo

That's an interesting one indeed, good catch and thanks for reporting it to us!

We don't do any parsing on our side, we simply get the android version name and version code from https://github.com/androguard/androguard

May be worth creating an issue there if we can reproduce and see what are indeed the versionCode and versionName in the manifest of this app!

pnu-s avatar Aug 17 '21 17:08 pnu-s

androguard axml reports


[INFO    ] androguard.axml: Styles Offset given, but styleCount is zero. This is not a problem but could indicate packers.
[WARNING ] androguard.axml: Name 'android:versionName' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:UNKNOWN_SYSTEM_ATTRIBUTE_01010572' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:UNKNOWN_SYSTEM_ATTRIBUTE_01010573' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:minSdkVersion' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:targetSdkVersion' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:name' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:name' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:theme' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:label' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:allowClearUserData' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:contentDescription' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:allowBackup' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:UNKNOWN_SYSTEM_ATTRIBUTE_0101057a' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:label' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:taskAffinity' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:launchMode' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:screenOrientation' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.axml: Name 'android:configChanges' starts with 'android:' prefix! The Manifest seems to be broken? Removing prefix.
[WARNING ] androguard.apk: XML Seems to be packed, operations on the AndroidManifest.xml might fail.
[WARNING ] androguard.apk: Failed to get the attribute 'name' on tag 'uses-permission' with namespace. But found the same attribute without namespace!
[WARNING ] androguard.apk: Failed to get the attribute 'name' on tag 'uses-permission' with namespace. But found the same attribute without namespace!
<manifest xmlns:android="http://schemas.android.com/apk/res/android" android:versionCode="84500" versionName="@7F0C0011" UNKNOWN_SYSTEM_ATTRIBUTE_01010572="28" UNKNOWN_SYSTEM_ATTRIBUTE_01010573="9" package="securecomputing.devices.android.controller" platformBuildVersionCode="84500" platformBuildVersionName="@7F0C0011">
  <uses-sdk minSdkVersion="21" targetSdkVersion="28"/>
  <uses-permission name="android.permission.INTERNET"/>
  <uses-permission name="android.permission.ACCESS_WIFI_STATE"/>
  <application theme="@7F0D0006" label="@7F0C00AF" android:icon="@7F070068" allowClearUserData="false" contentDescription="" allowBackup="false" UNKNOWN_SYSTEM_ATTRIBUTE_0101057a="android.support.v4.app.CoreComponentFactory">
    <activity label="@7F0C00AF" android:name=".AndroidToken" taskAffinity="" launchMode="2" screenOrientation="1" configChanges="0x00000020">
      <intent-filter>
        <action android:name="android.intent.action.MAIN"/>
        <category android:name="android.intent.category.LAUNCHER"/>
      </intent-filter>
      <intent-filter>
        <action android:name="com.safenet.mpsdk.core.AUTO_ENROLL_ACTION"/>
        <category android:name="android.intent.category.DEFAULT"/>
        <category android:name="android.intent.category.BROWSABLE"/>
      </intent-filter>
    </activity>
    <activity android:name="com.safenet.tests.TestActivity"/>
  </application>
</manifest>

yoshimo avatar Aug 17 '21 18:08 yoshimo

The App is protected with dexguard, lots of unreadable nonascii names used and the control flow is also messed up. No wonder why the parsing breaks

yoshimo avatar Aug 18 '21 14:08 yoshimo

Same problem on name app https://reports.exodus-privacy.eu.org/reports/com.umouse.clear/latest @7F0 (12 reports); @7F1 (6 reports)

Jean-BaptisteC avatar Dec 13 '21 17:12 Jean-BaptisteC