Mobile-Security-Framework-MobSF icon indicating copy to clipboard operation
Mobile-Security-Framework-MobSF copied to clipboard

Published 20 hours ago verified publisher icon MobSF

JADX tool disappear in docker-compose instance

Open Antiksec opened this issue 10 months ago • 3 comments

JADX installed during Docker build to mobsf_home/tools directory will disappear in docker-compose setup because of mounting docker volume to the mobsf_home directory (https://github.com/MobSF/Mobile-Security-Framework-MobSF/blob/d1d3b7a9aeb1a8c8c7c229a3455b19ade9fa8fe0/docker/docker-compose.yml#L48) which is clean at the beggining. If then tools_download.py didn't download it (because of proxy settings, for example) it will crash

[ERROR] 30/Jan/2025 11:36:18 - Decompiling with JADX failed mobsf-1 | Traceback (most recent call last): mobsf-1 | File "/home/mobsf/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/android/converter.py", line 101, in apk_2_java mobsf-1 | os.chmod(str(jadx), stat.S_IEXEC) mobsf-1 | FileNotFoundError: [Errno 2] No such file or directory: '/home/mobsf/.MobSF/tools/jadx/jadx-1.5.0/bin/jadx'

Probable solution is to use different directory for JADX install

Antiksec avatar Jan 30 '25 15:01 Antiksec

👋 @Antiksec Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

github-actions[bot] avatar Jan 30 '25 15:01 github-actions[bot]

JADX is dynamically downloaded at first run, if not found in the volume mount. If there is a proxy config error, other things in MobSF will fail as well.

Having correct proxy configured is a requirement. There is also a way to define JADX binary path using the environment variable: https://github.com/MobSF/Mobile-Security-Framework-MobSF/blob/05206e72cae35b311615a70e51e1a946955c5e83/mobsf/MobSF/settings.py#L460

ajinabraham avatar Feb 05 '25 05:02 ajinabraham

Yep, but download_file func which uses to download Jadx uses system proxy instead of upstream_proxy func here https://github.com/MobSF/Mobile-Security-Framework-MobSF/blob/ae34f7c055aa64fca58e995b70bc7f19da6ca33a/mobsf/MobSF/tools_download.py#L24

I made PR to fix this

Antiksec avatar Feb 06 '25 20:02 Antiksec

Addressed in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2530

ajinabraham avatar Jun 23 '25 07:06 ajinabraham