Mobile-Security-Framework-MobSF icon indicating copy to clipboard operation
Mobile-Security-Framework-MobSF copied to clipboard

Published 20 hours ago verified publisher icon MobSF

[FEATURE] SHA256 hash after a POST request

Open taaaahahaha opened this issue 1 year ago • 2 comments

After a POST request has been sent using REST api; a MD5 hash is returned. Due to this, a rare occur but two apk's have a better chance of getting overlapped using this MD5. If SHA256 is being retuned, gives a better chance for scanning the uploaded apks

taaaahahaha avatar Apr 12 '24 07:04 taaaahahaha

👋 @taaaahahaha Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

github-actions[bot] avatar Apr 12 '24 07:04 github-actions[bot]

We are aware of MD5 hash collision. Do you have an example that caused an issue? Will keep this as an enhancement ticket to migrate from MD5 to sha2 or similar.

ajinabraham avatar May 05 '24 00:05 ajinabraham

Tracked separately.

ajinabraham avatar May 20 '24 16:05 ajinabraham

Duplicate https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1930

ajinabraham avatar May 20 '24 16:05 ajinabraham

I was using AndroZoo's APK library and this collision caused an inconsistency in my dataset; I do not have the APK at the moment.

taaaahahaha avatar Jun 09 '24 01:06 taaaahahaha