list index out of range

[shen771]

root@kali202003:~/ApkVulCheck-master# python2 AndroidCodeCheck.py --taskpath fixxB14976.apk --output json [init] - Decode the AndroidManifest.xml file Successfully！ outputpath=>/tmp/hades/result/fixxB1497658193 Exception in thread "main" org.jf.dexlib2.dexbacked.DexBackedDexFile$NotADexFile: Invalid magic value: 64 65 78 0a 30 33 37 00 at org.jf.dexlib2.dexbacked.DexBackedDexFile.verifyMagicAndByteOrder(DexBackedDexFile.java:151) at org.jf.dexlib2.dexbacked.DexBackedDexFile.(DexBackedDexFile.java:70) at org.jf.dexlib2.dexbacked.DexBackedDexFile.(DexBackedDexFile.java:96) at org.jf.dexlib2.DexFileFactory.loadDexFile(DexFileFactory.java:79) at org.jf.dexlib2.DexFileFactory.loadDexFile(DexFileFactory.java:54) at org.jf.baksmali.main.main(main.java:247) [init] - Decompile the dex file Successfully. sh: 1: lib/aapt2: Exec format error Traceback (most recent call last): File "AndroidCodeCheck.py", line 294, in startprocess() File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 829, in call return self.main(*args, **kwargs) File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 782, in main rv = self.invoke(ctx) File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 1066, in invoke return ctx.invoke(self.callback, **ctx.params) File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 610, in invoke return callback(*args, **kwargs) File "AndroidCodeCheck.py", line 288, in startprocess "output":kwargs.get("output") File "AndroidCodeCheck.py", line 27, in wrapper ret=func(*args,**kwargs) File "AndroidCodeCheck.py", line 166, in fastScanEngine apkname=os.popen("lib/aapt2 dump badging %s |grep application-label:" % filepath).read().replace("\n","").split(":")[1].replace("'","") IndexError: list index out of range

[shen771]

py3执行后也会报错：

python3 AndroidCodeCheck.py --taskpath fixxB14976.apk --output json [init] - Decode the AndroidManifest.xml file Successfully！ outputpath=>/tmp/hades/result/fixxB1497630594 Exception in thread "main" org.jf.dexlib2.dexbacked.DexBackedDexFile$NotADexFile: Invalid magic value: 64 65 78 0a 30 33 37 00 at org.jf.dexlib2.dexbacked.DexBackedDexFile.verifyMagicAndByteOrder(DexBackedDexFile.java:151) at org.jf.dexlib2.dexbacked.DexBackedDexFile.(DexBackedDexFile.java:70) at org.jf.dexlib2.dexbacked.DexBackedDexFile.(DexBackedDexFile.java:96) at org.jf.dexlib2.DexFileFactory.loadDexFile(DexFileFactory.java:79) at org.jf.dexlib2.DexFileFactory.loadDexFile(DexFileFactory.java:54) at org.jf.baksmali.main.main(main.java:247) [init] - Decompile the dex file Successfully. Traceback (most recent call last): File "/root/ApkVulCheck-master/AndroidCodeCheck.py", line 294, in startprocess() File "/usr/lib/python3/dist-packages/click/core.py", line 829, in call return self.main(*args, **kwargs) File "/usr/lib/python3/dist-packages/click/core.py", line 782, in main rv = self.invoke(ctx) File "/usr/lib/python3/dist-packages/click/core.py", line 1066, in invoke return ctx.invoke(self.callback, **ctx.params) File "/usr/lib/python3/dist-packages/click/core.py", line 610, in invoke return callback(*args, **kwargs) File "/root/ApkVulCheck-master/AndroidCodeCheck.py", line 285, in startprocess apkAnalysis().fastScanEngine({ File "/root/ApkVulCheck-master/AndroidCodeCheck.py", line 27, in wrapper ret=func(*args,**kwargs) File "/root/ApkVulCheck-master/AndroidCodeCheck.py", line 152, in fastScanEngine cptcheck.run() File "/root/ApkVulCheck-master/plugin/manifestAnalysis.py", line 138, in run self.android_manifest_check() File "/root/ApkVulCheck-master/plugin/manifestAnalysis.py", line 122, in android_manifest_check self.getUsesPermission(node) # usespermission File "/root/ApkVulCheck-master/plugin/manifestAnalysis.py", line 37, in getUsesPermission logging.info("- [VulScanEngine] " + "申请的权限名为：" + node.getAttribute('android:name').encode("utf-8")) TypeError: can only concatenate str (not "bytes") to str

[benniedaniel]

我也遇到了你说的这两个问题，我都解决了： 1、 filepath).read().replace("\n","").split(":")[1].replace("'","") 改成 filepath).read().replace("\n","").split(":")[0].replace("'","")

2、 logging.info("- [VulScanEngine] " + "申请的权限名为：" + node.getAttribute('android:name').encode("utf-8")) 改成 logging.info("- [VulScanEngine] " + "申请的权限名为：" + str(node.getAttribute('android:name').encode("utf-8")))