Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

installation instructions omit steps and information #9

Closed
ghost opened this issue Mar 22, 2019 · 1 comment · Fixed by #12
Closed

installation instructions omit steps and information #9

ghost opened this issue Mar 22, 2019 · 1 comment · Fixed by #12
Assignees
@pnu-s
Labels
documentation

Comments

@ghost
Copy link

ghost commented Mar 22, 2019
edited by ghost
Loading

It's unclear from the installation instructions which commands need to run as root and which run as a user. There also seems to be an underlying assumption that users are familiar with python usage. My guesswork made for a rough experience but it worked out in the end. Here's a walk-through:

Looking ahead, a package is needed (dexdump). So that should be installed first because if that fails there's no point in doing the manual steps.

sudo aptitude install dexdump

It's clear that I must choose a location and it's likely that root should run this since I'm doing a systemwide install. So root does cd /usr/local/src/, followed by:

$ torsocks git clone https://github.com/Exodus-Privacy/exodus-standalone.git
$ cd exodus-standalone

As a user:

nano ~/.config/gplaycli/gplaycli.conf

Then as root:

$ virtualenv venv -p python3
bash: virtualenv: command not found

Oops, missed a package. That should be added to the first step.

$ sudo aptitude install virtualenv
$ virtualenv venv -p python3
$ source venv/bin/activate

This next step is labeled "Install dependencies":

$ pip install -r requirements.txt

I don't think I've used pip before, but I wish I had realized that it would download stuff from the WAN, so that I would have known to prefix torsocks. The instructions should really say "download and install dependencies", to prompt Tor users to make arrangements. I was expecting the git clone to have done the downloading.. I wasn't careful enough to notice how little came from the clone and to then realize that pip would download stuff. Others will likely get stung by that too.

So now that installation is complete, as a user I run:

$ python /usr/local/src/exodus-standalone/exodus_analyze.py -h
Traceback (most recent call last):
  File "/usr/local/src/exodus-standalone/exodus_analyze.py", line 5, in <module>
    from exodus_core.analysis.static_analysis import StaticAnalysis
ImportError: No module named exodus_core.analysis.static_analysis

If root runs that command inside the virtualenv then it works, but root only happened to be in the virtualenv as part of the installation process, which is now over. When root does a control-d to exit that virtualenv, the whole shell is killed off including the parent. That's also astonishing. So something apparently did an exec to avoid forking. Whatever the proper way to exit that environment is, it should be documented.

So I first figured the virtualenv command needs to run every time. But that errors. After doing source venv/bin/activate as a user, it worked. So the activate script should be repeated in the "Analyze an APK file" steps. So this is how the instructions should say to run the tool:

$ source <root pkg dir>/exodus-standalone/venv/bin/activate
$ python <root pkg dir>/exodus-standalone/exodus_analyze.py "$apkfile"

Note that some APK files cause that to barf up this:

Traceback (most recent call last):
  File "/usr/local/src/exodus-standalone/exodus_analyze.py", line 56, in <module>
    analysis = AnalysisHelper(apk_file)
  File "/usr/local/src/exodus-standalone/venv/lib/python3.5/site-packages/exodus_core/analysis/static_analysis.py", line 96, in __init__
    self.load_apk()
  File "/usr/local/src/exodus-standalone/venv/lib/python3.5/site-packages/exodus_core/analysis/static_analysis.py", line 130, in load_apk
    self.apk = APK(self.apk_path)
  File "/usr/local/src/exodus-standalone/venv/lib/python3.5/site-packages/androguard/core/bytecodes/apk.py", line 117, in __init__
    self.zip = zipfile.ZipFile(io.BytesIO(self.__raw), mode="r")
  File "/usr/lib/python3.5/zipfile.py", line 1026, in __init__
    self._RealGetContents()
  File "/usr/lib/python3.5/zipfile.py", line 1094, in _RealGetContents
    raise BadZipFile("File is not a zip file")
zipfile.BadZipFile: File is not a zip file

But that's related to the APK.. some APKs work.

Anyway, I think I'm sorted now. But the instructions need to guide people away from the above pitfalls. It would also be good to state whether the activate or exodus_analyze.py scripts need the Internet, so users can firejail and or torsocks it. A firejail profile would also perhaps be useful.
@pnu-s
Copy link
Member

pnu-s commented May 10, 2019

Hi and thanks for your issue.
I just tried to follow the steps described in the README on a new machine and everything worked as expected. I ran every command as a user (except for the dexdump installation), as required.

What I think we could do:

  • precise that pip install will download the requirements
  • precise that you need to install virtualenv if you want to use it

@pnu-s pnu-s mentioned this issue May 15, 2019
Merged
@pnu-s pnu-s self-assigned this May 15, 2019
@pnu-s pnu-s closed this as completed in #12 Jun 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pnu-s pnu-s

Labels
documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add omitted steps in README Exodus-Privacy/exodus-standalone
1 participant
@pnu-s