Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Split Analysis Process and Add API for Listing Analyzed APKs #2467

Open
defencore opened this issue Nov 27, 2024 · 2 comments
Open

[FEATURE] Split Analysis Process and Add API for Listing Analyzed APKs #2467

defencore opened this issue Nov 27, 2024 · 2 comments
Assignees
@ajinabraham
Labels
enhancement MobSF enhancements and feature requests

Comments

@defencore
Copy link

Description:

I propose adding new features to MobSF to improve its flexibility:

1. Split the Analysis Process into Two Steps

The suggested feature splits the analysis process into:

  • APK Unpacking: A step where the file is prepared for analysis.
  • APK Analysis: The actual static analysis of the application.

This would allow users to intervene when issues arise during the unpacking stage, such as when MobSF's built-in tools fail to process an APK. Users could manually prepare the APK and then continue with the analysis.

2. API Endpoint to List Analyzed APKs

I propose adding an API endpoint to retrieve a list of APKs that have already been analyzed in MobSF. This endpoint would return:

  • MD5 hash
  • File name
  • Package name

This feature would streamline MobSF integration with other tools and avoid redundant analysis of previously processed APKs.

Integration with Existing Logic:

  • New routes have been added in urls.py: 
    re_path(r'^api/v1/apk/unpack$', api_sz.api_apk_unpack),
re_path(r'^api/v1/apk/analyze$', api_sz.api_apk_analyze),
re_path(r'^api/v1/apk/list$', api_sz.api_apk_list),
  • Two new methods handle the unpacking and analysis processes:
    • static_analyzer_apk_unpack(request, checksum, api=False)
    • static_analyzer_apk_analyze(request, checksum, api=False)
      These methods save the unpacked APK's context (app_dic) into a {checksum}.dic file, allowing users to resume the analysis after manual intervention.
  • Added API endpoints:
    • api_apk_unpack(request): Handles APK unpacking via API.
    • api_apk_analyze(request): Handles APK analysis via API.
    • api_apk_list(request): Returns a list of MD5 hashes, file names, and package names for all analyzed APKs.

Expected Impact:

  • Improved flexibility in handling non-standard APKs.
  • Enhanced integration of MobSF with external systems through APIs to retrieve analysis data.

mobsf_api_static_analysis.patch
mobsf_static_analyzer.patch
mobsf_urls.patch
@defencore defencore added the enhancement MobSF enhancements and feature requests label Nov 27, 2024
@github-actions GitHub Actions
Copy link

👋 @defencore
Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel
Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

@ajinabraham
Copy link
Member

We did some major refactoring on APK analysis and these patches are kind of unusable from v4.2.8
Also I do not have a strong preference to split analysis into unpacking vs analysis. We can do analysis even with unpacking failure from v4.2.8 onwards.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ajinabraham ajinabraham

Labels
enhancement MobSF enhancements and feature requests
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ajinabraham @defencore