Data center: Ashburn, VA

Telegram Chat : MBHH_x86

Email Us:

Mobile Hacker For Hire, hire a hacker, hiring a hacker, hacker with proof

Static Taint Analysis Platform To Scan Vulnerabilities In An Android App

Table of Contents

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.


Appshark requires a specific version of JDK — JDK 11. After testing, it does not work on other LTS versions, JDK 8 and JDK 16, due to the dependency compatibility issue.

Building/Compiling AppShark

We assume that you are working in the root directory of the project repo. You can build the whole project with the gradle tool.

$ ./gradlew build  -x test 

After executing the above command, you will see an artifact file AppShark-0.1.1-all.jar in the directory build/libs.

Running AppShark

Like the previous step, we assume that you are still in the root folder of the project. You can run the tool with

$ java -jar build/libs/AppShark-0.1.1-all.jar  config/config.json5

The config.json5 has the following configuration contents.

"apkPath": "/Users/apks/app1.apk",
"out": "out",
"rules": "unZipSlip.json",
"maxPointerAnalyzeTime": 600

Each JSON field is explained below.

  • apkPath: the path of the apk file to analyze
  • out: the path of the output directory
  • rules: the path(s) of the rule file(s), can be more than 1 rules
  • maxPointerAnalyzeTime: the timeout duration in seconds set for the analysis started from an entry point
  • debugRule: specify the rule name that enables logging for debugging

If you provide a configuration JSON file which sets the output path as out in the project root directory, you will find the result file out/results.json after running the analysis.

Interpreting the Results

Below is an example of the results.json.

"AppInfo": {
"AppName": "test",
"PackageName": "",
"min_sdk": 17,
"target_sdk": 28,
"versionCode": 1000,
"versionName": "1.0.0"
"SecurityInfo": {
"FileRisk": {
"unZipSlip": {
"category": "FileRisk",
"detail": "",
"model": "2",
"name": "unZipSlip",
"possibility": "4",
"vulners": [
"details": {
"position": "< void UnZipFolderFix1(java.lang.String,java.lang.String)>",
"Sink": "< void UnZipFolderFix1(java.lang.String,java.lang.String)>->$r31",
"entryMethod": "< void f()>",
"Source": "<net.byte void UnZipFolderFix1(java.lang.String,java.lang.String)>->$r3",
"url": "/Volumes/dev/zijie/appshark-opensource/out/vuln/1-unZipSlip.html",
"target": [
"< void UnZipFolderFix1(java.lang.String,java.lang.String)>->$r3",
"pf{obj{< void UnZipFolderFix1(java.lang.String,java.lang.String)>:35=>java.lang.StringBuilder}(unknown)->@data}",
"< void UnZipFolderFix1(java.lang.String,java.lang.String)>->$r11",
"< void UnZipFolderFix1(java.lang.String,java.lang.String)>->$r31"
"hash": "ec57a2a3190677ffe78a0c8aaf58ba5aee4d 2247",
"possibility": "4"
"details": {
"position": "< void UnZipFolder(java.lang.String,java.lang.String)>",
"Sink": "< void UnZipFolder(java.lang.String,java.lang.String)>->$r34",
"entryMethod": "< void f()>",
"Source": "< void UnZipFolder(java.lang.String,java.lang.String)>->$r3",
"url": "/Volumes/dev/zijie/appshark-opensource/out/vuln/2-unZipSlip.html",
"target": [
"< void UnZipFolder(java.lang.String,java.lang.String)>->$r3",
"pf{obj{< pp.pathfinder.testdata.ZipSlip: void UnZipFolder(java.lang.String,java.lang.String)>:33=>java.lang.StringBuilder}(unknown)->@data}",
"< void UnZipFolder(java.lang.String,java.lang.String)>->$r14",
"< void UnZipFolder(java.lang.String,java.lang.String)>->$r34"
"hash": "26c6d6ee704c59949cfef78350a1d9aef04c29ad",
"possibility": "4"
"wiki": "",
"deobfApk": "/Volumes/dev/zijie/appshark-opensource/app.apk"
"DeepLinkInfo": {
"JsBridgeInfo": [
"BasicInfo": {
"ComponentsInfo": {
"JSNativeInterface": [
"UsePermissions": [
"DefinePermis sions": {
"Profile": "/Volumes/dev/zijie/appshark-opensource/out/vuln/3-profiler.json"

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!