Install MobSF Framework on CentOS 7 (with Headless Dynamic Analysis)

install.sh

#!/bin/bash
# Maintainer: Harold Kim (root@stypr.com)

# Tested in CentOS 7.6.1810
# $ lsb_release -a
# LSB Version:    :core-4.1-amd64:core-4.1-noarch
# Distributor ID: CentOS
# Description:    CentOS Linux release 7.6.1810 (Core) 
# Release:        7.6.1810
# Codename:       Core
 
# Run this file as root
sudo bash

# Let's install files on /srv/
mkdir -p /srv/MobSF
cd /srv/MobSF

# Install dependencies
yum install libxslt libjpeg zlib libxml2-devel libffi-devel openssl-libs 

# Download latest sqlite and replace old ones with latest files
wget https://www.sqlite.org/snapshot/sqlite-snapshot-201908151435.tar.gz
tar xvfz sqlite-*
cd sqlite-*
./configure --prefix=/usr/local
make
make install
mv /usr/bin/sqlite3 /usr/bin/sqlite3_old
ln -s /usr/local/bin/sqlite3 /usr/bin/sqlite3
echo 'export LD_LIBRARY_PATH="/usr/local/lib"' > ~/.bashrc
export LD_LIBRARY_PATH="/usr/local/lib"
cd ..

# Install Python 3.6 from ius repo
yum install -y https://centos7.iuscommunity.org/ius-release.rpm
yum install -y python36 python36-devel python36-pip python36-setuptools python36-tools python36-libs python36-tkinter

# Install MobSF Framework
git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
cd Mobile-Security-Framework-MobSF
./setup.sh

# Install Dynamic analysis
# Installing VirtualBox 5.2, because 6.0 does not support x86 android devices
yum install -y kernel-devel kernel-headers gcc make perl
yum -y install wget
wget https://www.virtualbox.org/download/oracle_vbox.asc
rpm --import oracle_vbox.asc
wget http://download.virtualbox.org/virtualbox/rpm/el/virtualbox.repo -O /etc/yum.repos.d/virtualbox.repo
yum install -y VirtualBox-5.2

# Grab the id from the download page
# https://drive.google.com/uc?id=0B_Ci-1YbMqshY0xrYl9IWHVTVFU&export=download
GDRIVE_DOWNLOAD_ID="0B_Ci-1YbMqshY0xrYl9IWHVTVFU"

# Download ova file via gdrive
wget --load-cookies /tmp/cookies.txt \
"https://docs.google.com/uc?export=download&confirm=$(wget --quiet --save-cookies /tmp/cookies.txt --keep-session-cookies --no-check-certificate "https://docs.google.com/uc?export=download&id=${GDRIVE_DOWNLOAD_ID}" -O- | sed -rn 's/.*confirm=([0-9A-Za-z_]+).*/\1\n/p')&id=${GDRIVE_DOWNLOAD_ID}" \
-O MobSF_VM_0.3.ova && rm -rf /tmp/cookies.txt

# Import vm to virtualbox
vboxmanage import MobSF_VM_0.3.ova

# Check if it's imported proerly.
VBOX_NAME=`vboxmanage list vms | grep -i 'MobSF_[A-Za-z0-9]*_[0-9]*.[0-9]*' -oh`
echo "======== Check VM Name ==="
echo "Selected VM Name: " $VBOX_NAME
echo "=========================="

# According to MobSF wiki, it is recommended to create both HostOnly and NAT network
VBoxManage hostonlyif create
VBoxManage natnetwork add --netname natnet1 --network "192.168.15.0/24" --enable --dhcp on
VBoxManage natnetwork start --netname natnet1

# We assign created network on VM
VBoxManage modifyvm "$VBOX_NAME" --nic1 hostonly
VboxManage modifyvm "$VBOX_NAME" --nic2 nat

# Start VM on headless, otherwise it crashes.
VBoxManage startvm "$VBOX_NAME" --type=headless

# Now it should show us that the VM is running properly
echo "======== Running VM ==="
VBoxManage list runningvms
echo "======================="

# You can also check IPs and Proxy Connection Tests
VBoxManage guestproperty enumerate "$VBOX_NAME" | grep androvm_ip_management | grep 192.168 --color

# Check if the value is 192.16.56.101.
# If so, you shouldn't have much problem from here.
# You can test the connection proxy here
# $ nc -vlp 1337
# Ncat: Version 7.50 ( https://nmap.org/ncat )
# Ncat: Listening on 0.0.0.0:1337
# Ncat: Connection from 192.168.56.101.
# Ncat: Connection from 192.168.56.101:55394.
# GET http://172.217.31.142/generate_204 HTTP/1.1
# User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; Samsung Galaxy S4 - 4.4.2 - API 19 - 1080x1920 Build/KOT49H)
# Host: 172.217.31.142
# Connection: Keep-Alive
# Accept-Encoding: gzip

# Wait for the device to boot
echo "[*] Waiting 60 seconds to let the device boot"
sleep 60
# add snapshot, so that the machine does not get broken
VBoxManage snapshot $VBOX_NAME take SAVED_STATE

# Get VM_UUID and Snapshot_UUID
VM_UUID=`vboxmanage list runningvms | grep MobSF | grep -i '[A-Za-z0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*' -oh`
SNAPSHOT_UUID=`vboxmanage snapshot ${VM_UUID} list | grep SAVED_STATE | grep -i '[A-Za-z0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*' -oh`
echo "[*] Installation Complete. If you have setup correctly, VM_UUID and SNAPSHOT_UUID should show up properly"
echo "VM_UUID: " $VM_UUID
echo "SNAPSHOT_UUID: " $SNAPSHOT_UUID

# Get MobSF Configuration UUID and Snapshot_UUID
CURRENT_SETTING_UUID=`cat MobSF/settings.py | grep 'UUID =' | grep -v 'SUUID' | grep -i '[A-Za-z0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*' -oh`
CURRENT_SETTING_SNAPSHOT_UUID=`cat MobSF/settings.py | grep 'SUUID =' | grep -i '[A-Za-z0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*' -oh`

# Since we're on a headless mode, we also need to change headless config
HEADLESS_CHECK=`cat MobSF/settings.py | grep "HEADLESS" | xargs`

# Replace them
sed -i "s/${CURRENT_SETTING_UUID}/${VM_UUID}/g" MobSF/settings.py
sed -i "s/${CURRENT_SETTING_SNAPSHOT_UUID}/${SNAPSHOT_UUID}/g" MobSF/settings.py
sed -i "s/${HEADLESS_CHECK}/VBOX_HEADLESS = True/g" MobSF/settings.py

# We are ready to run. let's go!
./run.sh

Default Password for Dynamic Analysis: 1234

https://stackoverflow.com/questions/29072501/how-to-unlock-android-phone-through-adb

what kind of file was provided by this link? https://drive.google.com/uc?id=0B_Ci-1YbMqshY0xrYl9IWHVTVFU&export=download

@widnyana

please ask questions after reading the code. it downloads the mobsf ova file, which is required for the dynamic analysis. I assume this script may be invalid now as they removed the drive URL

@stypr, yeah that's what I do before asking you. thanks