am I correct? If not pleae help me

Question

am I correct? If not pleae help me

Closed this issue 6 years ago · 8 comments

Hi Derr,

I'm trying to use Libscout for detecting the third party dependencies from apk file. However, I'm not succeeded yet by using the Libscout. Below are the steps I did, after downloading Libscout code.

Step 1: Generated the jar file using the ant script
Step 2: Downloaded the Android SDK from the Android Studio
Step 3: Downloaded Profiles from "LibScout Profiles" https://github.com/reddr/LibScout-Profiles
Step 4: Executed the below command to run the Libscout.jar on apk file, find the results as an attachment.
123.log
Calendar.log
diva-beta.log
LeafPic.log

java -jar c:\LibScout\build\LibScout.jar -opmode match -a c:\LibScout\lib\android.jar (downloaded in step2) -p c:\LibScout\profiles\profiles\md5\Android (Downloaded in Step3) -d c:\LibScout\log c:\LibScout\apk

Please correct me if there is any process wrong,

Also, I would like to request you to share "Original Library SDK" with me.

Answer 1 · 2018-07-27T16:07:18.000Z

Sorry for the late answer (vacations).
Everything looks good to me and I can't spot an error in the log files. So why do you think there's a problem?

One thing that I found in your invocation is that you only include the profiles of the "Android" category. If you like to use all profiles you have to change it to "-p c:\LibScout\profiles\profiles"

As for the original library SDKs you can use the scrapers in the scripts directory to download complete version histories of library SDKs.

Answer 2 · 2018-11-08T12:43:53.000Z

@reddr I've run below command:

F:\LibScout-master\build\libs>java -jar LibScout-master.jar -o match -p F:\LibScout-Profiles-master\profiles\md5\Android\ -a "F:\Android\sdk" F:\example.apk

But got this error:

Picked up _JAVA_OPTIONS: -Djava.net.preferIPv4Stack=true
16:09:29,540 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Could NOT find resource [logback.groovy]
16:09:29,540 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Could NOT find resource [logback-test.xml]
16:09:29,540 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Could NOT find resource [logback.xml]
16:09:29,541 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Setting up default configuration.
16:09:29,608 |-ERROR in ch.qos.logback.classic.joran.JoranConfigurator@7de26db8 - Could not open [.\logging\logback.xml]. java.io.FileNotFoundException: .\logging\logback.xml (The system cannot find the path specified)
at java.io.FileNotFoundException: .\logging\logback.xml (The system cannot find the path specified)
at at java.io.FileInputStream.open0(Native Method)
at at java.io.FileInputStream.open(Unknown Source)
at at java.io.FileInputStream.(Unknown Source)
at at ch.qos.logback.core.joran.GenericConfigurator.doConfigure(GenericConfigurator.java:75)
at at ch.qos.logback.core.joran.GenericConfigurator.doConfigure(GenericConfigurator.java:68)
at at de.infsec.tpl.TplCLI.initLogging(TplCLI.java:499)
at at de.infsec.tpl.TplCLI.main(TplCLI.java:129)

Answer 3 · 2018-11-09T10:17:19.000Z

@Drjacky please open a new issue next time, yours is unrelated to this one.

Looking it the trace, it seems that logconfig file cannot be found, i.e. ".\logging\logback.xml".

Can you check whether this file exists (if not grep it from the repo)
Further, which OS do you use, Windows?

Answer 4 · 2018-11-29T13:09:40.000Z

@Drjacky could you check whether this works:

F:\LibScout-master>java -jar build\libs\LibScout-master.jar -o match -p F:\LibScout-Profiles-master\profiles\md5\Android\ -a "F:\Android\sdk" F:\example.apk

If so, it might be related to issue #9

Answer 5 · 2018-11-29T14:54:44.000Z

@reddr It was related to exactly that issue.
Now I got this error:

18:23:02 ERROR TplCLI : java.io.FileNotFoundException: F:\Android\sdk (Access is denied)
at java.util.zip.ZipFile.open(Native Method)
at java.util.zip.ZipFile.(Unknown Source)
at java.util.zip.ZipFile.(Unknown Source)
at java.util.jar.JarFile.(Unknown Source)
at java.util.jar.JarFile.(Unknown Source)
at com.ibm.wala.dalvik.util.AndroidAnalysisScope.setUpAndroidAnalysisSco
pe(Unknown Source)
at de.infsec.tpl.LibraryIdentifier.createClassHierarchy(LibraryIdentifie
r.java:104)
at de.infsec.tpl.LibraryIdentifier.identifyLibraries(LibraryIdentifier.j
ava:138)
at de.infsec.tpl.TplCLI.main(TplCLI.java:155)

Answer 6 · 2018-11-29T15:03:36.000Z

@Drjacky remove the quotation marks and point to the jar file instead of the directory, e.g.
-a F:\Android\sdk\android.jar

Answer 7 · 2018-11-29T16:04:49.000Z

Worked! 🙏
Unfortunately, the result in Command Prompt windows is not really readable and most of the texts are like this:

19:30:58 INFO PackageTree : ظ¤é ظ¤é ظ¤£ظ¤�ظ¤� d (3)

Thanks again. I'll figure out by myself to how to use more efficiently this tool in the Windows machine.

Answer 8 · 2018-11-29T18:56:01.000Z

Alright, please file a new issue for this. Probably related to Windows and the special
characters used in the print function in
https://github.com/reddr/LibScout/blob/master/src/de/infsec/tpl/pkg/PackageTree.java (line 75ff)

The PackageTree gives you an overview on the package structure in the app. This does not affect the actual scanning results though.