Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Update Dockerfile to Include Latest Versions of APKTool and JADX #2468

Open
defencore opened this issue Nov 27, 2024 · 3 comments
Open

[FEATURE] Update Dockerfile to Include Latest Versions of APKTool and JADX #2468

defencore opened this issue Nov 27, 2024 · 3 comments
Assignees
@ajinabraham
Labels
enhancement MobSF enhancements and feature requests

Comments

@defencore
Copy link

Description:

To ensure MobSF always uses the latest versions of critical tools like APKTool and JADX, I propose adding commands to the Dockerfile to dynamically fetch and install their latest versions during the build process. This enhancement will improve compatibility with modern APKs and provide users with up-to-date decompilation capabilities.

Proposed Changes to Dockerfile

Add the following commands to the Dockerfile:

Update APKTool to the Latest Version

# APKTOOL latest version  
RUN APKTOOL_URL=$(curl -s https://bitbucket.org/iBotPeaches/apktool/downloads/  | grep -oP 'href="\K(.*?apktool_[^"]*\.jar)' | head -n 1) \  
    && curl -Lo /home/mobsf/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/tools/apktool.jar https://bitbucket.org$APKTOOL_URL \  
    && chmod +r /home/mobsf/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/tools/apktool.jar

Update JADX to the Latest Version

# JADX - Dex to Java Decompiler  
RUN JADX_VERSION=$(curl -s "https://api.github.com/repos/skylot/jadx/releases/latest" | grep -Po '"tag_name": "v\K[0-9.]+') \  
    && curl -Lo jadx.zip "https://github.com/skylot/jadx/releases/latest/download/jadx-${JADX_VERSION}.zip" \  
    && unzip jadx.zip -d jadx \  
    && mv jadx /home/mobsf/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/tools/jadx \  
    && rm -rf jadx.zip

Benefits:

  1. Freshness: Ensures MobSF always uses the latest tools without requiring manual updates.
  2. Compatibility: Improves support for modern APKs and their features.
  3. Ease of Maintenance: Automates the process of keeping APKTool and JADX up-to-date during Docker image builds.

Impact:

  • Simplifies updates for end-users relying on Dockerized MobSF.
  • Reduces the risk of outdated decompilation tools causing analysis issues.

Thank you for considering this request! I am happy to assist in testing or implementing these changes if needed.
@defencore defencore added the enhancement MobSF enhancements and feature requests label Nov 27, 2024
@github-actions GitHub Actions
Copy link

👋 @defencore
Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel
Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

@CountingBeeps
Copy link

At least for jadx, install code already exists in the project. That would make more sense for apktool though.

@ajinabraham
Copy link
Member

Prefer pinned third party deps. We can maybe move apktool to tools_download.py

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ajinabraham ajinabraham

Labels
enhancement MobSF enhancements and feature requests
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ajinabraham @defencore @CountingBeeps