Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecated DexFile APIs #5

Closed
ShadyZekry opened this issue Dec 1, 2021 · 10 comments
Closed

Deprecated DexFile APIs #5

ShadyZekry opened this issue Dec 1, 2021 · 10 comments

Comments

@ShadyZekry
Copy link

I have walked through the guide for adding the package to my project, and I doesn't seem to be working in my project.

I've been missing with the expected values to test if any callback would be invoked, but nothing gets invoked. Instead, I am getting these warnings over and over every 10 seconds

I/System  (24218): Opening DexFile: /data/app/com.test.project.dev-LGO3HZxe32u2d8rLunK-_A==/base.apk
W/est.project.de(24218): Opening an oat file without a class loader. Are you using the deprecated DexFile APIs?
W/System  (24218): A resource failed to call close.

I hope it would help.
@realTristan
Copy link

this is happening to me too, did you find a solution?

@ShadyZekry
Copy link
Author

Not yet, @realTristan .
I wanted to deploy my application fast, so I skipped the RASP part from my app.

@talsec-app
Copy link
Member

Thanks for your submission. We are inspecting this issue internally. We will get back to you with a resolution.

@talsec-app
Copy link
Member

This issue was caused by a deprecated API in one of hook detection checks. It shouldn't impact your app run whatsoever. But it is a bug, and we will provide a patch in the upcoming release.

@ShadyZekry
Copy link
Author

Thanks for paying attention, @talsec-app.

My main concern is that the callbacks is not being invoked, so I guessed that these warnings had something to do with that.
If you need any specific information about the my app to continue your debugging, I'll be happy to help.

@talsec-app
Copy link
Member

This seems to be a separate issue. How do you test your callbacks? You can find tips in this issue: #3

@yakim333
Copy link

Hi @ShadyZekry

My main concern is that the callbacks is not being invoked, so I guessed that these warnings had something to do with that. > If you need any specific information about the my app to continue your debugging, I'll be happy to help.

Just would like to check if issue: #3 suggestions helped you to verify the problem. Please let me know if you can proceed with freeRASP or any other issue is blocking you.

Regards,
Sergiy Yakymchuk
Talsec co-founder

@ShadyZekry
Copy link
Author

Sorry I was busy in the last 3 days, @yakim333 @talsec-app

So, I was not following this issue to test the package to be honest. What I have tried to do is trying different changes to the app to test these lines of code which i found on the README:

    // Talsec config
    TalsecConfig config = TalsecConfig(
      androidConfig: AndroidConfig(
        expectedPackageName: dotenv.env["EXPECTED_PACKAGE_NAME"]!,
        expectedSigningCertificateHash: dotenv.env["EXPECTED_SIGNING_HASH"]!,
      ),

      watcherMail: 'my.email@gmail.com',
    );

    // Callback setup
    TalsecCallback callback = TalsecCallback(
      onDebuggerDetected: () => print("Debugger detected"),

      // For Android
      androidCallback: AndroidCallback(
        onRootDetected: () => print('Root detected'),
        onEmulatorDetected: () => print('Emulator detected'),
        onHookDetected: () => print('Hook detected'),
        onTamperDetected: () => print('Tamper detected'),
        onDeviceBindingDetected: () => print('Device binding detected'),
        onUntrustedInstallationDetected: () => print('Untrusted installation detected'),
      ),
  }

These lines were added to initstate at the start of my app, after adding all the android configurations mentioned in the README ofcourse.


I did try these to test the app over multiple devices:

  • Run the app on debugger.
  • Run on a rooted device.
  • Run on Emulator.
  • Change my EXPECTED_PACKAGE_NAME in my .env file.
  • Change my EXPECTED_SIGNING_HASH in my .env file.
  • Install the app .apk as an untrused installation.

And sadly not a single callback is called, and I keep getting these lines in the logs as I mentioned before.

I/System  (24218): Opening DexFile: /data/app/com.test.project.dev-LGO3HZxe32u2d8rLunK-_A==/base.apk
W/est.project.de(24218): Opening an oat file without a class loader. Are you using the deprecated DexFile APIs?
W/System  (24218): A resource failed to call close.

@talsec-app
Copy link
Member

Hi @ShadyZekry , the issue will be solved in the upcoming freeRASP release. Thanks for giving your time to help our cause.

@talsec-app
Copy link
Member

Hello.
We have just released new version of freeRASP 2.0.0. This version fixes this issue. We recommend you to update to this new version.
Talsec Team

@suleymancalikprb suleymancalikprb mentioned this issue Feb 22, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ShadyZekry @yakim333 @realTristan @talsec-app