Saturday, November 5, 2022
HomeHackerStatic Taint Evaluation Platform To Scan Vulnerabilities In An Android App

Static Taint Evaluation Platform To Scan Vulnerabilities In An Android App




Appshark is a static taint evaluation platform to scan vulnerabilities in an Android app.

Conditions

Appshark requires a particular model of JDK — JDK 11. After testing, it doesn’t work on different LTS variations, JDK 8 and JDK 16, because of the dependency compatibility difficulty.

Constructing/Compiling AppShark

We assume that you’re working within the root listing of the undertaking repo. You may construct the entire undertaking with the gradle instrument.

$ ./gradlew construct  -x check 

After executing the above command, you will notice an artifact file AppShark-0.1.1-all.jar within the listing construct/libs.

Working AppShark

Just like the earlier step, we assume that you’re nonetheless within the root folder of the undertaking. You may run the instrument with

$ java -jar construct/libs/AppShark-0.1.1-all.jar  config/config.json5

The config.json5 has the next configuration contents.

{
"apkPath": "/Customers/apks/app1.apk",
"out": "out",
"guidelines": "unZipSlip.json",
"maxPointerAnalyzeTime": 600
}

Every JSON discipline is defined beneath.

  • apkPath: the trail of the apk file to research
  • out: the trail of the output listing
  • guidelines: the trail(s) of the rule file(s), might be greater than 1 guidelines
  • maxPointerAnalyzeTime: the timeout length in seconds set for the evaluation began from an entry level
  • debugRule: specify the rule title that permits logging for debugging

For those who present a configuration JSON file which units the output path as out within the undertaking root listing, you’ll discover the end result file out/outcomes.json after working the evaluation.

Deciphering the Outcomes

Beneath is an instance of the outcomes.json.

{
"AppInfo": {
"AppName": "check",
"PackageName": "web.bytedance.safety.app",
"min_sdk": 17,
"target_sdk": 28,
"versionCode": 1000,
"versionName": "1.0.0"
},
"SecurityInfo": {
"FileRisk": {
"unZipSlip": {
"class": "FileRisk",
"element": "",
"mannequin": "2",
"title": "unZipSlip",
"chance": "4",
"vulners": [
{
"details": {
"position": "<net.bytedance.security.app.pathfinder.testdata.ZipSlip: void UnZipFolderFix1(java.lang.String,java.lang.String)>",
"Sink": "<net.bytedance.security.app.pathfinder.testdata.ZipSlip: void UnZipFolderFix1(java.lang.String,java.lang.String)>->$r31",
"entryMethod": "<net.bytedance.security.app.pathfinder.testdata.ZipSlip: void f()>",
"Source": "<net.byte dance.security.app.pathfinder.testdata.ZipSlip: void UnZipFolderFix1(java.lang.String,java.lang.String)>->$r3",
"url": "/Volumes/dev/zijie/appshark-opensource/out/vuln/1-unZipSlip.html",
"target": [
"<net.bytedance.security.app.pathfinder.testdata.ZipSlip: void UnZipFolderFix1(java.lang.String,java.lang.String)>->$r3",
"pf{obj{<net.bytedance.security.app.pathfinder.testdata.ZipSlip: void UnZipFolderFix1(java.lang.String,java.lang.String)>:35=>java.lang.StringBuilder}(unknown)->@data}",
"<net.bytedance.security.app.pathfinder.testdata.ZipSlip: void UnZipFolderFix1(java.lang.String,java.lang.String)>->$r11",
"<net.bytedance.security.app.pathfinder.testdata.ZipSlip: void UnZipFolderFix1(java.lang.String,java.lang.String)>->$r31"
]
},
"hash": "ec57a2a3190677ffe78a0c8aaf58ba5aee4d 2247",
"chance": "4"
},
{
"particulars": {
"place": "<web.bytedance.safety.app.pathfinder.testdata.ZipSlip: void UnZipFolder(java.lang.String,java.lang.String)>",
"Sink": "<web.bytedance.safety.app.pathfinder.testdata.ZipSlip: void UnZipFolder(java.lang.String,java.lang.String)>->$r34",
"entryMethod": "<web.bytedance.safety.app.pathfinder.testdata.ZipSlip: void f()>",
"Supply": "<web.bytedance.safety.app.pathfinder.testdata.ZipSlip: void UnZipFolder(java.lang.String,java.lang.String)>->$r3",
"url": "/Volumes/dev/zijie/appshark-opensource/out/vuln/2-unZipSlip.html",
"goal": [
"<net.bytedance.security.app.pathfinder.testdata.ZipSlip: void UnZipFolder(java.lang.String,java.lang.String)>->$r3",
"pf{obj{<net.bytedance.security.a pp.pathfinder.testdata.ZipSlip: void UnZipFolder(java.lang.String,java.lang.String)>:33=>java.lang.StringBuilder}(unknown)->@data}",
"<net.bytedance.security.app.pathfinder.testdata.ZipSlip: void UnZipFolder(java.lang.String,java.lang.String)>->$r14",
"<net.bytedance.security.app.pathfinder.testdata.ZipSlip: void UnZipFolder(java.lang.String,java.lang.String)>->$r34"
]
},
"hash": "26c6d6ee704c59949cfef78350a1d9aef04c29ad",
"chance": "4"
}
],
"wiki": "",
"deobfApk": "/Volumes/dev/zijie/appshark-opensource/app.apk"
}
}
},
"DeepLinkInfo": {
},
"HTTP_API": [
],
"JsBridgeInfo": [
],
"BasicInfo": {
"ComponentsInfo": {
},
"JSNativeInterface": [
]
},
"UsePermissions": [
],
"DefinePermis sions": {
},
"Profile": "/Volumes/dev/zijie/appshark-opensource/out/vuln/3-profiler.json"
}



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments