i How to use Mobile Security Framework(MobSF) – All things in moderation

How to use Mobile Security Framework(MobSF)

Hi all! As promised today I will teach you how to use MobSF.

In folder of MobSF running MobSF by command:

sudo python manage.py runserver
or
sudo python manage.py runserver port

Results received:

  __  __       _    ____  _____          ___   ___   ____  
 |  \/  | ___ | |__/ ___||  ___| __   __/ _ \ / _ \ |___ \ 
 | |\/| |/ _ \| '_ \___ \| |_    \ \ / / | | | (_) |  __) |
 | |  | | (_) | |_) |__) |  _|    \ V /| |_| |\__, | / __/ 
 |_|  |_|\___/|_.__/____/|_|       \_/  \___(_) /_(_)_____|                                                                                                          
                                                            

[INFO] Loading User config from: /home/manh/.MobSF/config.py

[INFO] Finding JDK Location in Linux/MAC....

[INFO] Oracle Java is installed!

[INFO] JDK 1.7 or above is available
Performing system checks...

System check identified no issues (0 silenced).
September 06, 2016 - 14:25:31
Django version 1.8, using settings 'MobSF.settings'
Starting development server at http://127.0.0.1:8000/
Quit the server with CONTROL-C.

To address http://127.0.0.1:8000/ or http://ip_server:8000/
Mobsf web interface

Screenshot-from-2016-09-06-221943

Analyze Static

  • Select file you want analyze

mob_sf1

Results analyze

mob_sf2

In the infomation we have:
File information:
– File name
– Size
– Hash MD5
– SHA1
– SHA256
You can using infomation check the integrity of files.
App information
Number activities in app
Number service
Number receivers
Number providers

That is the initial information need to know about the sample to be analyzed

mob_sf3

Code Nature
You can view and download file:
– Java code

mob_sf4

  • View file smali

cmob_sf5

  • Manifest

mob_sf6

In this section you can choose dynamic analysis by clicking on the button Start Dynamic Analysis

mob_sf7

Permission
You can view Android Permission.

mob_sf8

Android API
You can view Android API used in app.

mob_sf9

Security Analysis
Đưa ra các đánh giá mức độ an toàn cho các phần: Manifest, Code and file

mob_sf10

Reconnaissance
Include information: URLs, Emails, Strings and Malware Check

mob_sf11

Conponents
Details about: Activities, Service….

mob_sf12

You can export to PDF file by click to button “Download Report”

mob_sf13

Dynamic Analysis
To be able to analyze the dynamic we need to enable virtual machine android.
We go to VirtualBox and running Mob_SF_xx installed.

mob_sf14

Results received when run successful virtual machines

Mob_SF

Step 1: Start Dynamic Analysis
You start dynamic analysis by click to button “Start Dynamic Analysis”

mob_sf15

Step 2: Crate Environment
Click to button “Crate Environment” in web interface

mob_sf16

Analytical results after completion:

mob_sf17

You can view results by click to button “Finish”. If you want to test other properties you can select by click to button.
Below is the result of dynamic analysis
mob_sf21

mob_sf18

mob_sf20

You can export to PDF file by click to button “Download/Print”
mobsf22

One Response

  1. Srikanth May 6, 2019

Leave a Reply