dexcalibur icon indicating copy to clipboard operation
dexcalibur copied to clipboard

Published 20 hours ago verified publisher icon FrenchYeti

Error after uploading APK

Open olihough86 opened this issue 3 years ago • 2 comments

Hi

I'm getting the following error after uploading an apk to analyze. I'm afraid I'm not so knowledgeable on this I'm trying to follow a blog on reversing a malware sample https://blog.nviso.eu/2021/04/19/how-to-analyze-mobile-malware-a-cabassous-flubot-case-study/

I'm using the same sample as in the blog, though he mentions a couple of bugs, I see they have been patched now. I also get the same error with a more recent sample from today.

Any help here would be greatly appreciated

[INFO] [INSPECTOR MANAGER] Project[test], Step[POST_PLATFORM_SCAN] deploying inspectors : <none>
[INFO] Scanning default path : /home/user/dexcaliburWS/test/apk
)(in Lcom/RNFetchBlob/RNFetchBlobReq$e;
)(in Lcom/RNFetchBlob/RNFetchBlobReq$e;
)(in Lcom/RNFetchBlob/RNFetchBlobReq$e;
)(in [Lcom/RNFetchBlob/RNFetchBlobReq$e;
)(in Vknow type : 
)(in Vknow type : 
)(in Lcom/RNFetchBlob/RNFetchBlobReq$e;
 v0, Lcom/RNFetchBlob/RNFetchBlobReq$e;
TypeError: Cannot read property '1' of null
    at Object.setclass [as parse] (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/Opcode.js:356:20)
    at Object.parse (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/Opcode.js:1041:15)
    at SmaliParser.instr (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/SmaliParser.js:324:23)
    at SmaliParser.method (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/SmaliParser.js:629:32)
    at SmaliParser.parse (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/SmaliParser.js:751:34)
    at Analyzer.file (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/Analyzer.js:800:30)
    at /home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/Analyzer.js:839:18
    at Object.forEachFileOf (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/Utils.js:108:21)
    at Object.forEachFileOf (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/Utils.js:105:26)
    at Analyzer.path (/home/user/.nvm/versions/node/v12.22.1/lib/node_modules/dexcalibur/src/Analyzer.js:838:12)
[ERROR] ENGINE openProject() failed

best regards

olihough86 avatar Apr 26 '21 21:04 olihough86

hi,

Thank you for your issue.

This error occurs when malformed/unexpected tokens are encountered while Smali parsing. Such issues require a bit investigating from my side.

FrenchYeti avatar Apr 27 '21 06:04 FrenchYeti

thanks for the swift response!

Here are links to both samples I mention

my sample - https://bazaar.abuse.ch/sample/d6d2b6de7856b8cb1dc803b7ea26cc7982d4f22b4cbd890c1dfe4faf14ed319d/ sample from blog - https://bazaar.abuse.ch/sample/acb38742fddfc3dcb511e5b0b2b2a2e4cef3d67cc6188b29aeb4475a717f5f95/

best regards

olihough86 avatar Apr 27 '21 08:04 olihough86