±à¼ÍƼö: |
±¾ÎÄÊ×ÏÈ˵ÁËһϴ»·¾³¡¢È»ºó˵ÁËMobSF¾²Ì¬·ÖÎö¡¢½Ó×Å˵ÁËÔ´Âë¼°ÔÀí·ÖÎö£¬×îºó×ܽáÁËÈ«ÎÄÄÚÈÝ¡£
±¾ÎÄÀ´×ÔÓÚmaxwell-nc.github.io£¬ÓÉ»ðÁú¹ûÈí¼þAnna±à¼¡¢ÍƼö¡£
|
|
ǰÐò ´ËǰҲ½Ó´¥¹ýһЩµÚÈý·½¾²Ì¬·ÖÎö¹¤¾ß£¬ÒòΪ¹¤×÷ÔÒò½Ó´¥ÁËÒ»¿î¿ªÔ´Òƶ¯App°²È«¿ò¼ÜMobileSecurityFramework£¬¾¹ýÒ»·¬ÕÛÌÚºó¾ö¶¨Ð´ÏÂһƪ²©ÎļǼһÏÂÐĵá£
´î½¨»·¾³ ±¾ÎÄÊÇ»ùÓÚWindows´î½¨µÄAndroid App¾²Ì¬·ÖÎö»·¾³£¬Ê×ÏÈÊÇÏÈÒªµ½GithubÉÏÄÃÈ¥ÀÒ»·ÝÔ´ÂëÏÂÀ´¡£ÓÉÓÚÕâ¸ö¿ò¼ÜÊÇ»ùÓÚPython¿ª·¢µÄ£¬¶øÇÒÐèÒª·´±àÒëApk£¬ËùÒÔÎÒÃÇÁÐÏÂÐèÒªµÄ»·¾³Çåµ¥£º
Python 2.7(²»ÄÜʹ3.x°æ±¾£¬µÍÓÚ2.7ÎÒҲûÓÐÊÔ¹ý)
Oracle JDK 1.7+
MobSFÔ´Âë ÒÔÉÏÊǾ²Ì¬·ÖÎöÐèÒªµÄ»·¾³£¬ÁíÍâÔٹٷ½µÄÎĵµÖÐдÁËÒ»¾äÍÆ¼öʹÓÃÐéÄâ»ú»·¾³´î½¨£¬·ñÔò´æÔÚ°²È«ÎÊÌ⣬ÕâÀïÖ»ÊÇÊÔÓÃһϾͲ»Ê¹ÓÃÐéÄâ»úÁË¡£
Äõ½Ô´Âëºó½âѹµ½Ò»¸öĿ¼ÀÔÚÕâ¸öĿ¼´ò¿ªCMD£¬ÊäÈëÃüÁ
py -2 pip install
-r requirements.txt |
×¢ÒâÎÒÕâÀïÒòΪͬʱ°²×°ÁËPython2.xºÍ3.x£¬ËùÒÔʹÓÃpyÆô¶¯Æ÷À´Ö¸¶¨°æ±¾£¬Èç¹ûÖ»ÓÐPython2.x£¬¿ÉÒÔÖ±½Ó²ÉÓãº
pip install -r
requirements.txt |
ÆäÖÐrequirements.txtÊÇÔËÐÐMobSFµÄPythonÒÀÀµ»·¾³¡£Èç¹û°²×°Íê³É£¬½ÓÏÂÀ´¾ÍÊÇÔËÐÐMobSFµÄ·þÎñÆ÷ÁË£¬ÔÚÃüÁîÐÐÊäÈ룺
python manage.py
runserver |
ͬÑùÐèҪעÒâPython°æ±¾ÎÊÌ⣬µÚÒ»´ÎÆô¶¯·þÎñÆ÷»á×Ô¶¯°²×°·þÎñÆ÷ÐèÒªµÄ¶«Î÷£¬Ö÷ÒªÊÇnuget¡¢binskim¡¢binscopeµÈ¶«Î÷£¬¹úÄÚµÄÓû§×¢Òâ´úÀí£¬·ñÔò¿ÉÄÜ¿¨×¡²»¶¯¡£
note£ºÈç¹ûµÚÒ»´Î°²×°Ê§°Ü²»É÷Í˳öÁË£¬¿ÉÒÔ½øÈëinstallĿ¼ÏÈÔËÐÐsetup.pyÊÖ¶¯°²×°£¬È»ºóÔÚÖ´ÐÐrunserverÃüÁî¡£°²×°Ö®ºó»á×Ô¶¯Éú³ÉÒ»¸ö×ÔÆô¶¯batÎļþ£¬¸ù¾ÝÔ´´úÂë¿ÉÒÔ¿´³öʵ¼ÊÉÏËû¾ÍÊÇÔËÐÐrpc_client.py¡£
Èç¹ûÒ»ÇÐ˳ÀûµÄ»°£¬¿ÉÒÔ¿´µ½DjangoÔËÐгɹ¦£º

DjangoÕâ¸ö¼àÌý¶Ë¿Ú¿ÉÒÔͨ¹ýÖ¸¶¨Æô¶¯²ÎÊýÀ´Ð޸ģ¬È磺
python manage.py
runserver 8100 |
È»ºó¿ÉÒÔ´ò¿ªä¯ÀÀÆ÷ÊäÈëµØÖ·£¬±ÈÈçĬÈ϶˿ÚΪ£ºhttp://127.0.0.1:8000/£¬ÎÒÕâ±ß³öÏÖÁËÒ»¸öÕâÑùµÄÎÊÌ⣨ҲÐíÄã¿ÉÒÔÖ±½Ó¿´µ½³É¹¦»Ã棬¹§Ï²£©£º

Èç¹ûºÍÎÒÒ»Ñù³öÏÖ¡°Don't Play Around. An Error
just popped in!¡±µÄÅóÓÑ£¬¿ÉÒÔÖ´ÐкóÖØÐÂÆô¶¯·þÎñÆ÷£º
python manage.py
migrate
python manage.py makemigrations |
×¢ÒâÔÒòÊÇ¡°no such table: StaticAnalyzer_staticanalyzerandroid¡±²ÅÊÊÓÃÕâ¸ö·½·¨¡£³É¹¦Ö®ºó¾Í¿ÉÒÔ¿´µ½MobSFµÄ½çÃæ£º

ÕâÑù¾ÍËã´î½¨Íê³ÉÁË£¬µ±È»Ò²ÓпÉÄÜÉÏ´«AppÎļþµÄʱºò·¢Éú´íÎó£¬Õâ¾ÍÐèÒª´ó¼Ò¶¯¶¯ÄÔ´üÀ´´¦ÀíÁË¡£
MobSF¾²Ì¬·ÖÎö
ʹÓÃMobSFµÄ¾²Ì¬·ÖÎöÊ®·Ö¼òµ¥£¬Ö±½ÓÉÏ´«Ò»¸öApk°ü£¬µÈ´ý·þÎñÆ÷½â°ü·´±àÒë·ÖÎö½á¹û¼´¿É¡£²»¹ýÎÒʹÓÃÁ˶à´Î·¢ÏÖÕâ¸ö¿ò¼ÜºÜÓпÉÄÜ¿¨ÔÚMalwareAnalyzerÉÏÃæ£¬¿ÉÄÜÊÇÁªÍø¼ì²éµÄÎÊÌ⣬¾ßÌåÎÒ²¢Ã»ÓзÖÎö£¬È»ºó¼ÙÉèÄãÖжÏÁ˲Ù×÷£¬Ï´ÎÔÙÆô¶¯»áÖØÐ½â°üÖØÐ·ÖÎö£¬Ê®·ÖºÄʱ¡£Ò»ÇÐÕý³£µÄ»°£¬Ä㽫»á¿´µ½·ÖÎö±¨¸æÒ³Ã棺

Õâ¸ö·ÖÎö±¨¸æ¿ÉÒÔ˵¡°½ö¹©²Î¿¼¡±£¬±ÈÈç˵PERMISSIONµÄ¼ì²â£¬º¬ÓÐandroid.permission.INTERNET¾Í˵Dangerous£¨ºóÃæ»á·ÖÎöÔ´Â룩£¬ÕâÊDZȽÏÁîÈ˷ѽâµÄ¡£±Ï¾¹Õâ¸öȨÏÞÖ»ÒªÊÇÍøÂçÓ¦Óö¼»áʹÓõ½£¬ÄÇÆñ²»ÊÇËùÓеÄÓ¦Óö¼ÊÇΣÏÕ£¿£¿
¶ø¶ÔÓÚCode AnalysisÀïÃæµÄISSUE£¬ÆäÖÐÒ»¸ö¡°App can read/write
to External Storage. Any App can read data written
to External Storage.¡±Ò²ÊÇSEVERITYΪHigh£¬ÆäʵҲֻÊÇÌáʾÄãÆäËûApp¿ÉÄܻᴮ¸ÄÊý¾Ý¶øÒÑ£¬¶ø²»ÊÇ˵Äã²»ÄÜʹÓÃÍⲿ´æ´¢Æ÷£¬ËùÒÔÖ»ÒªÄã·ÃÎÊÁËÍⲿ´æ´¢Æ÷µÄAPI¾ÍÒ»¶¨»á±¨Õâ¸öÎÊÌ⣨º¹ÑÕ£©¡£
Ô´Âë¼°ÔÀí·ÖÎö
ÓÉÓÚÉÏÃæ¸ø³öµÄ·ÖÎö½á¹ûÓеãÈÃÈËÃþ²»×ÅÍ·ÄÔ£¬¶øÇÒҲûÓбê×¢´íÎóµÄλÖã¬ËùÒÔÖ»ÄÜ´ÓÔ´ÂëÈëÊÖ£¬·ÖÎöÆäÔÀí¡£Ô´ÂëµÄĿ¼½á¹¹Ê®·ÖÇåÎú£¬ÓÉÓÚÎÒÃDzÉÓõÄʾ²Ì¬·ÖÎö£¬¿ÉÒÔÖ±½ÓÕÒµ½StaticAnalyzerĿ¼¡£
©À©¤test_files
©À©¤tools
©¦ ©À©¤apkid
©¦ ©¦ ©¸©¤rules
©¦ ©À©¤d2j2
©¦ ©¦ ©¸©¤lib
©¦ ©À©¤enjarify
©¦ ©¦ ©À©¤enjarify
©¦ ©¦ ©¦ ©À©¤jvm
©¦ ©¦ ©¦ ©¦ ©À©¤constants
©¦ ©¦ ©¦ ©¦ ©¸©¤optimizatio
©¦ ©¦ ©¦ ©¸©¤typeinference
©¦ ©¦ ©¸©¤tests
©¦ ©¸©¤mac
©¸©¤views
©À©¤android
©¸©¤ios |
ͨ¹ý´òÓ¡StaticAnalyzerĿ¼µÄÊ÷½á¹¹¿ÉÒÔ´ÖÂÔÖªµÀ£¬migrationsÊÇÇ¨ÒÆÎļþ£¬test_filesÊÇÓÃÀ´²âÊÔ¾²Ì¬²âÊÔµÄÎļþ£¬toolsÊÇÓÃÀ´·´±àÒëµÈµÄ¹¤¾ß£¬views²ÅÊÇÎÒÃÇÏëÒªÕҵķÖÎöÔ´Âë¡£
??Ö±½Óµ½StaticAnalyzer\views\androidĿ¼Ï¿ÉÒԺܿìÕÒµ½¶ÔÓ¦·ÖÎöµÄÔ´Â루ʮ·ÖÇåÎúµÄÄ£¿éÃû£©¡£±ÈÈçÎÒÃÇÕÒÒ»ÏÂÉÏÎÄËùÊöµÄPremissionÎÊÌ⣬һÑÛ¿ÉÒÔ¿´µ½dvm_permissions.py,´ò¿ª·¢ÏÖÖ»ÊÇÒ»¸ö×ֵ䣬¶ÔӦÿ¸öȨÏÞºÍ״ֵ̬¡¢ÃèÊöµÈÐÅÏ¢£º
"INTERNET":
["dangerous", "full Internet access",
"Allows an application to create network
sockets."] |
Õ⻹²»ÄÜ˵Ã÷ʲô£¬ÎÒÃÇ¿ÉÒÔ¼ÌÐø·¢ÏÖmanifest_analysis.pyÎļþÖе¼ÈëÁËdvm_permissions£¬ÆäÖдúÂëÖУº
...
for permission in permissions:
perm.append(permission.getAttribute("android:name"))
for i in perm:
prm = i
pos = i.rfind(".")
if pos != -1:
prm = i[pos + 1:]
try:
dvm_perm[i] = DVM_PERMISSIONS["MANIFEST_PERMISSION"][prm]
except KeyError:
dvm_perm[i] = [
"dangerous",
"Unknown permission from android reference",
"Unknown permission from android reference"
] |
¿´ÒÔ¿´³öÕâ¸öȨÏ޵ļì²âÖ±½Ó¾ÍÊǸù¾Ýdvm_permissions.pyÖж¨ÒåµÄ×ÖµäÀ´¾ö¶¨µÄ£¬²¢Ã»Óиü¶àµÄÅжϹæÔò¡£
½ÓÏÂÀ´ÎÒÃÇ¿´¿´Code Analysis ISSUE£º¡°The App
uses an insecure Random Number Generator.¡±µÄÅжÏÔÀí¡£Í¬ÀíÎÒÃÇÒ²¿ÉÒÔÕÒµ½code_analysis.pyÎļþÖ±½Ó·ÖÎö¡£ÏÈÕÒµ½Ò»¸ö×Öµä×Ö¶ÎÃèÊöÕâ¸öÎÊÌ⣺
'rand':('The
App uses an insecure Random Number Generator.'), |
È»ºóÎÒÃÇËÑË÷key'rand'¿ÉÒÔ¿´µ½,
if typ == "apk":
java_src = os.path.join(app_dir, 'java_source/')
elif typ == "studio":
java_src = os.path.join(app_dir, 'app/src/main/java/')
elif typ == "eclipse":
java_src = os.path.join(app_dir, 'src/')
...
dat = file_pointer.read()
...
if re.findall(r'java\.util\.Random', dat):
code['rand'].append(jfile_path.replace(java_src,'')) |
±íʾֻҪʹÓÃÁËjava.util.RandomÕâ¸öÀà¾Í»á±¨Õâ¸öÎÊÌ⡣ʵ¼ÊÉϼ´Ê¹ÊÇjava.security.SecureRandomÒ²´æÔÚ°²È«·çÏÕ¡£ËùÒÔÕâÀàÎÊÌ⻹ÊDZȽÏÄÑ´¦ÀíµÄ£¬²»¹ýÈç¹û²»Éæ¼°°²È«µÄËæ»úÊý£¨±ÈÈçΪÓû§ÆðÒ»¸öËæ»úêdzƣ¬¶øÕâ¸öêdzƲ¢²»×÷ΪΨһ±êʶ£©£¬¼´Ê¹Ê¹ÓÃÁËҲûÓйØÏµ£¬ÕâÀï¾Í²»Õ¹¿ªÌÖÂÛÁË¡£
ÆäËû»¹Óкܶà¼ì²é´óÌåÔÀíÏàËÆ£¬Èç¹û¾³£ÐèÒªÓõ½Ä³Ò»¸ö¼ì²â£¬Ò²¿ÉÒÔ°ÑÄDz¿·ÖÔ´Âëµ¥¶À¿½³öÀ´×ö³ÉÒ»¸öµ¥¶À¼ì²â¹¤¾ß£¬ÕâÑù²»ÐèҪÿ´Î¶¼È¥ÍêÕûµÄ¼ì²â²ÅÖªµÀ½á¹û¡£
βÉù ʹÓùýºóÎÒ¾õµÃºÜʧÍû£¬ºÜ¶à¹¦Äܶ¼Ã»ÓУ¬±ÈÈ磺
²»Ö§³ÖÅųýµÚÈý·½
²»Ö§³ÖÏÔʾ´íÎóÐÐÊý»òÕßλÖÃ
²»Ö§³ÖMapping
²»Ö§³Ö×Ô¶¨Ò广Ôò
²»Ö§³Ö±ê¼ÇÒÑ´¦ÀíµÄÎÊÌ⠺ܶàÇé¿öÏÂʹÓÃÕâ¸ö¿ò¼Ü£¬¶¼ÊÇÓɳÌÐòÔ±´î½¨ºÃÒ»¸ö·þÎñÆ÷¹©¿ª·¢ÈËÔ±»òÕßÊÇ·Ç¿ª·¢ÈËԱȥ¼ì²âʹÓá£ÌÈÈô³öÁËÕâôһ·Ý³äÂúDangerousºÍHigh
SEVERITYµÄ±¨¸æ¸ø·Ç¼¼ÊõÈËÔ±¿´£¬¸üÖØÒªµÄÊÇÎÞÂÛÄãÔõô¸Ä¶¼ÎÞ·¨È¥µô£¬ÕâÏë±ØµÃ»¨ºÃÒ»¶Îʱ¼äÈ¥½âÎö°É£¿ËùÒÔ¸öÈ˲»ÊǺÜÍÆ¼öÕâ¸ö¿ò¼Ü¸ø·Ç¼¼ÊõÈËԱʹÓá£
µ±È»Ä¿Ç°Õâ¸ö¿ò¼Ü»¹´¦ÓÚBeta½×¶Î£¬°æ±¾ºÅҲûÓе½1.0£¬ÎÒ½ö½öʹÓÃÁËËüµÄ¾²Ì¬·ÖÎö¹¦ÄÜ£¬Ëü»¹Óж¯Ì¬·ÖÎöµÈµÈ£¬×ÜÌåÀ´ËµÕâÊÇÒ»¸öºÜ²»´íµÄ¹¤¾ß£¬µ«ÊÇ»¹Ã»ÓÐ×ã¹»µÄÍêÉÆ£¬ÎÒÃÇÆÚ´ýËû¸üºÃµØ·¢Õ¹¡£ÌرðÊǹæÔò×Ô¶¨Ò壬ϣÍû¿ÉÒÔµ¥¶À³öÀ´£¬ÕâÑù¿ÉÒÔÈøü¶à¿ªÔ´Á¦Á¿È¥Î¬»¤ÔöÇ¿Ëü¡£ |