You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It's unclear from the installation instructions which commands need to run as root and which run as a user. There also seems to be an underlying assumption that users are familiar with python usage. My guesswork made for a rough experience but it worked out in the end. Here's a walk-through:
Looking ahead, a package is needed (dexdump). So that should be installed first because if that fails there's no point in doing the manual steps.
sudo aptitude install dexdump
It's clear that I must choose a location and it's likely that root should run this since I'm doing a systemwide install. So root does cd /usr/local/src/, followed by:
$ torsocks git clone https://github.com/Exodus-Privacy/exodus-standalone.git
$ cd exodus-standalone
As a user:
nano ~/.config/gplaycli/gplaycli.conf
Then as root:
$ virtualenv venv -p python3
bash: virtualenv: command not found
Oops, missed a package. That should be added to the first step.
I don't think I've used pip before, but I wish I had realized that it would download stuff from the WAN, so that I would have known to prefix torsocks. The instructions should really say "download and install dependencies", to prompt Tor users to make arrangements. I was expecting the git clone to have done the downloading.. I wasn't careful enough to notice how little came from the clone and to then realize that pip would download stuff. Others will likely get stung by that too.
So now that installation is complete, as a user I run:
$ python /usr/local/src/exodus-standalone/exodus_analyze.py -h
Traceback (most recent call last):
File "/usr/local/src/exodus-standalone/exodus_analyze.py", line 5, in <module>
from exodus_core.analysis.static_analysis import StaticAnalysis
ImportError: No module named exodus_core.analysis.static_analysis
If root runs that command inside the virtualenv then it works, but root only happened to be in the virtualenv as part of the installation process, which is now over. When root does a control-d to exit that virtualenv, the whole shell is killed off including the parent. That's also astonishing. So something apparently did an exec to avoid forking. Whatever the proper way to exit that environment is, it should be documented.
So I first figured the virtualenv command needs to run every time. But that errors. After doing source venv/bin/activate as a user, it worked. So the activate script should be repeated in the "Analyze an APK file" steps. So this is how the instructions should say to run the tool:
Note that some APK files cause that to barf up this:
Traceback (most recent call last):
File "/usr/local/src/exodus-standalone/exodus_analyze.py", line 56, in <module>
analysis = AnalysisHelper(apk_file)
File "/usr/local/src/exodus-standalone/venv/lib/python3.5/site-packages/exodus_core/analysis/static_analysis.py", line 96, in __init__
self.load_apk()
File "/usr/local/src/exodus-standalone/venv/lib/python3.5/site-packages/exodus_core/analysis/static_analysis.py", line 130, in load_apk
self.apk = APK(self.apk_path)
File "/usr/local/src/exodus-standalone/venv/lib/python3.5/site-packages/androguard/core/bytecodes/apk.py", line 117, in __init__
self.zip = zipfile.ZipFile(io.BytesIO(self.__raw), mode="r")
File "/usr/lib/python3.5/zipfile.py", line 1026, in __init__
self._RealGetContents()
File "/usr/lib/python3.5/zipfile.py", line 1094, in _RealGetContents
raise BadZipFile("File is not a zip file")
zipfile.BadZipFile: File is not a zip file
But that's related to the APK.. some APKs work.
Anyway, I think I'm sorted now. But the instructions need to guide people away from the above pitfalls. It would also be good to state whether the activate or exodus_analyze.py scripts need the Internet, so users can firejail and or torsocks it. A firejail profile would also perhaps be useful.
The text was updated successfully, but these errors were encountered:
Hi and thanks for your issue.
I just tried to follow the steps described in the README on a new machine and everything worked as expected. I ran every command as a user (except for the dexdump installation), as required.
What I think we could do:
precise that pip install will download the requirements
precise that you need to install virtualenv if you want to use it
It's unclear from the installation instructions which commands need to run as root and which run as a user. There also seems to be an underlying assumption that users are familiar with python usage. My guesswork made for a rough experience but it worked out in the end. Here's a walk-through:
Looking ahead, a package is needed (
dexdump
). So that should be installed first because if that fails there's no point in doing the manual steps.It's clear that I must choose a location and it's likely that root should run this since I'm doing a systemwide install. So root does
cd /usr/local/src/
, followed by:As a user:
Then as root:
Oops, missed a package. That should be added to the first step.
This next step is labeled "Install dependencies":
I don't think I've used
pip
before, but I wish I had realized that it would download stuff from the WAN, so that I would have known to prefixtorsocks
. The instructions should really say "download and install dependencies", to prompt Tor users to make arrangements. I was expecting thegit clone
to have done the downloading.. I wasn't careful enough to notice how little came from the clone and to then realize thatpip
would download stuff. Others will likely get stung by that too.So now that installation is complete, as a user I run:
If root runs that command inside the virtualenv then it works, but root only happened to be in the virtualenv as part of the installation process, which is now over. When root does a control-d to exit that virtualenv, the whole shell is killed off including the parent. That's also astonishing. So something apparently did an
exec
to avoid forking. Whatever the proper way to exit that environment is, it should be documented.So I first figured the virtualenv command needs to run every time. But that errors. After doing
source venv/bin/activate
as a user, it worked. So theactivate
script should be repeated in the "Analyze an APK file" steps. So this is how the instructions should say to run the tool:Note that some APK files cause that to barf up this:
But that's related to the APK.. some APKs work.
Anyway, I think I'm sorted now. But the instructions need to guide people away from the above pitfalls. It would also be good to state whether the
activate
orexodus_analyze.py
scripts need the Internet, so users can firejail and or torsocks it. A firejail profile would also perhaps be useful.The text was updated successfully, but these errors were encountered: