0/60

Threat

com.github.livingwithhippos.unchained

Unchained

Analyzed on 2022-06-03T06:57:06.573209

5

permissions

2

activities

2

services

0

receivers

15

domains

File sums

MD5 1264e6a4550f18c98e5bb6e0cc851d91
SHA1 4a66e32b45c54668690305945f889bafb7bd6876
SHA256 f520338470d94f02e259a2fa689e99fb864e37cd360ddb8f06bbe003fd640bb8
Size 3.66MB

APKiD

Information computed with APKiD.

/tmp/tmpndbn0n5p!classes.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MANUFACTURER check
compiler
  • r8 without marker (suspicious)

SSdeep

Information computed with ssdeep.

APK file 98304:zA+IYB9BpgQ8pyuIJnl7cIaH8VyguF012ZrvZQ:s+TB7pglEuIJNLOcygYbQ
Manifest 192:KDaRe5eUQtzntyFhYjdsGza4FAF0E/0FFSRFje3HF6IB4:cce5eUQtzntyFhYjdXz…
classes.dex 49152:Zm75MjFiG24U1EpVhTFeJ9zBC1e3qwI2CB1YkI6UK2tZhbreUG9Y/jimNIzg8pe…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 6144:OpPyDUJU33JD++jiFz881VpnRy6v4Rvnn52PwbYYYbEsKkDb1n/:OpPyDtd++YX3…
classes.dex 6144:OpPyDUJU33JD++jiFz881VpnRy6v4Rvnn52PwbYYYbEsKkDb1n/:OpPyDtd++YX3…

APK details

Information computed with AndroGuard and Pithus.

Package com.github.livingwithhippos.unchained
App name Unchained
Version name 4.33.12-beta
Version code 30
SDK 22 - 32
UAID fb3aeab4c3f43eb2611a84b6a52d8b91a4f64086
Signature Not signed
Frosting Not frosted

Certificate details

Information computed with AndroGuard.

Manifest analysis

Information computed with MobSF.

Low App has a Network Security Configuration[android:networkSecurityConfig=@xml/network_security_config]
The Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app.
Medium Application Data can be Backed up[android:allowBackup=true]
This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.

Browsable activities

Information computed with MobSF.

com.github.livingwithhippos.unchained.base.MainActivity

Hosts: *

Schemes: file:// content:// http:// https:// magnet://

Mime types: */* text/plain application/x-bittorrent

Main Activity

Information computed with AndroGuard.

com.github.livingwithhippos.unchained.base.MainActivity

Activities

Information computed with AndroGuard.

com.github.livingwithhippos.unchained.settings.view.SettingsActivity
com.github.livingwithhippos.unchained.base.MainActivity

Services

Information computed with AndroGuard.

com.github.livingwithhippos.unchained.data.service.ForegroundTorrentService
androidx.room.MultiInstanceInvalidationService

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application use no DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_HTTPS_EXT.1.2 The application implement HTTPS using TLS.
HTTPS Protocol
FCS_HTTPS_EXT.1.3 The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid.
HTTPS Protocol
FIA_X509_EXT.2.1 The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS.
X.509 Certificate Authentication

Code analysis

Information computed with MobSF.

Medium
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files:
 n6/b.java
o6/a.java
n6/a.java
Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 k1/w.java
a0/g.java
n0/b.java
k0/l0.java
j1/t.java
g1/a0.java
e0/a.java
o0/j.java
j1/o.java
c4/g.java
q/b.java
k0/l.java
z0/a.java
a0/r.java
j1/i.java
y/a.java
j1/y.java
w/a.java
e/u.java
c0/g.java
d0/j.java
j1/b.java
q9/h.java
w/b.java
j/f.java
o0/c.java
j9/c.java
k1/y.java
k1/v.java
u1/c.java
d0/i.java
k1/p.java
k0/b0.java
p0/b.java
a0/s.java
e0/e.java
a0/j.java
r/d.java
k0/z.java
e/k.java
o1/b.java
c5/i.java
r0/d.java
v/d.java
r9/d.java
d0/f.java
o0/h.java
m1/b.java
w4/a.java
k0/b.java
e/x.java
d0/g.java
n1/d.java
z4/d.java
q2/m.java
w1/b.java
d0/h.java
d0/n.java
f/a.java
j1/d.java
u4/e.java
a0/t.java
c5/h.java
e/l.java
k0/a.java
a5/b.java
g0/d.java
b1/c.java
h1/d.java
a0/f.java
s1/a.java
u1/g.java
c0/l.java
Info
CVSS:0
This App uses SSL certificate pinning to detect or prevent MITM attacks in secure communication channel.
MASVS: MSTG-NETWORK-4
Files:
 q9/h.java
q9/c.java
q9/d.java
q9/g.java
Medium
CVSS:4.3
IP Address disclosure
MASVS: MSTG-CODE-2
CWE-200 Information Exposure
Files:
 q2/j.java
Low
CVSS:0
This App copies data to clipboard. Sensitive data should not be copied to clipboard as other applications can access it.
MASVS: MSTG-STORAGE-10
Files:
 z3/a.java
Medium
CVSS:5.5
App creates temp file. Sensitive information should never be written into a temp file.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 k1/y.java
Medium
CVSS:5.9
App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
M7: Client Code Quality
Files:
 o1/a.java
Pygal Spain: 100 France: 200 United States: 1000

Map computed by Pithus.

Network analysis

Information computed with MobSF.

High Base config is insecurely configured to permit clear text traffic to all domains.
Scope: ['*']

Domains analysis

Information computed with MobSF.

FR real-debrid.com 94.140.4.10
FR api.real-debrid.com 94.140.4.10
US issuetracker.google.com 142.250.186.110
ES oauth.net 188.114.97.3
US github.com 140.82.121.4
US www.github.com 140.82.121.4
US app-privacy-policy-generator.firebaseapp.com 199.36.158.100
US dns.google 8.8.4.4
schemas.android.com
US raw.githubusercontent.com 185.199.111.133
US www.gnu.org 209.51.188.116
ns.adobe.com
US www.rawpixel.com 172.67.72.18
US kodi.wiki 172.67.64.129
US privacypolicytemplate.net 104.21.73.82

URL analysis

Information computed with MobSF.

http://real-debrid.com/?id=78841
https://real-debrid.com/account
Defined in p3/m.java
http://real-debrid.com/?id=78841
https://real-debrid.com/account
Defined in p3/m.java
https://github.com/LivingWithHippos/unchained-android/tree/master/extra_assets/plugins
https://github.com/LivingWithHippos/unchained-android
https://www.gnu.org/licenses/gpl-3.0.en.html
Defined in p3/r.java
https://github.com/LivingWithHippos/unchained-android/tree/master/extra_assets/plugins
https://github.com/LivingWithHippos/unchained-android
https://www.gnu.org/licenses/gpl-3.0.en.html
Defined in p3/r.java
https://github.com/LivingWithHippos/unchained-android/tree/master/extra_assets/plugins
https://github.com/LivingWithHippos/unchained-android
https://www.gnu.org/licenses/gpl-3.0.en.html
Defined in p3/r.java
http://schemas.android.com/apk/res/android
Defined in c0/l.java
https://real-debrid.com/streaming-
Defined in com/github/livingwithhippos/unchained/downloaddetails/view/DownloadDetailsFragment.java
https://raw.githubusercontent.com
https://www.github.com
https://github.com
www.)?github.com/(
https://raw.githubusercontent.com/
Defined in com/github/livingwithhippos/unchained/start/viewmodel/MainActivityViewModel.java
https://raw.githubusercontent.com
https://www.github.com
https://github.com
www.)?github.com/(
https://raw.githubusercontent.com/
Defined in com/github/livingwithhippos/unchained/start/viewmodel/MainActivityViewModel.java
https://raw.githubusercontent.com
https://www.github.com
https://github.com
www.)?github.com/(
https://raw.githubusercontent.com/
Defined in com/github/livingwithhippos/unchained/start/viewmodel/MainActivityViewModel.java
https://raw.githubusercontent.com
https://www.github.com
https://github.com
www.)?github.com/(
https://raw.githubusercontent.com/
Defined in com/github/livingwithhippos/unchained/start/viewmodel/MainActivityViewModel.java
https://github.com/LivingWithHippos/unchained-android/tree/master/extra_assets/plugins
Defined in com/github/livingwithhippos/unchained/search/view/SearchFragment.java
https://kodi.wiki/view/Settings/Services/Control
Defined in k1/u.java
https://issuetracker.google.com/issues/new?component=413106
Defined in g1/p1.java
https://issuetracker.google.com/issues/new?component=413106
Defined in g1/a0.java
https://real-debrid.com/account
Defined in m3/d.java
https://issuetracker.google.com/issues/new?component=907884&template=1466542
Defined in u0/q.java
http://oauth.net/grant_type/device/1.0
Defined in t2/b.java
http://ns.adobe.com/xap/1.0/
Defined in z0/a.java
https://api.real-debrid.com/oauth/v2/
https://api.real-debrid.com/rest/1.0/
https://dns.google/dns-query
Defined in q2/j.java
https://api.real-debrid.com/oauth/v2/
https://api.real-debrid.com/rest/1.0/
https://dns.google/dns-query
Defined in q2/j.java
https://api.real-debrid.com/oauth/v2/
https://api.real-debrid.com/rest/1.0/
https://dns.google/dns-query
Defined in q2/j.java
http://real-debrid.com/?id=78841
Defined in q2/m.java
https://real-debrid.com/apitoken,
https://www.rawpixel.com/image/843352/minimal-logo-designs-set
https://privacypolicytemplate.net
https://app-privacy-policy-generator.firebaseapp.com/
https://real-debrid.com/apitoken
Defined in Android String Resource
https://real-debrid.com/apitoken,
https://www.rawpixel.com/image/843352/minimal-logo-designs-set
https://privacypolicytemplate.net
https://app-privacy-policy-generator.firebaseapp.com/
https://real-debrid.com/apitoken
Defined in Android String Resource
https://real-debrid.com/apitoken,
https://www.rawpixel.com/image/843352/minimal-logo-designs-set
https://privacypolicytemplate.net
https://app-privacy-policy-generator.firebaseapp.com/
https://real-debrid.com/apitoken
Defined in Android String Resource
https://real-debrid.com/apitoken,
https://www.rawpixel.com/image/843352/minimal-logo-designs-set
https://privacypolicytemplate.net
https://app-privacy-policy-generator.firebaseapp.com/
https://real-debrid.com/apitoken
Defined in Android String Resource
https://real-debrid.com/apitoken,
https://www.rawpixel.com/image/843352/minimal-logo-designs-set
https://privacypolicytemplate.net
https://app-privacy-policy-generator.firebaseapp.com/
https://real-debrid.com/apitoken
Defined in Android String Resource

Permissions analysis

Information computed with MobSF.

High android.permission.WRITE_EXTERNAL_STORAGE read/modify/delete external storage contents
Allows an application to write to external storage.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.
Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
Low android.permission.FOREGROUND_SERVICE Allows a regular application to use Service.startForeground.
Low android.permission.VIBRATE control vibrator
Allows the application to control the vibrator.

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Load external class
Confidence:
100%
Implicit intent(view a web page, make a phone call, etc.)
Confidence:
100%
Find a method from given class name, usually for reflection
Confidence:
100%
Method reflection
Confidence:
100%
Read sensitive data(SMS, CALLLOG, etc)
Confidence:
100%
Open a file from given absolute path of the file
Confidence:
100%
Implicit intent(view a web page, make a phone call, etc.) via setData
Confidence:
100%
Monitor the broadcast action events (BOOT_COMPLETED)
Confidence:
100%
Get absolute path of the file and store in string
Confidence:
100%
Create a socket connection to the proxy address
Confidence:
100%
Get last known location of the device
Confidence:
100%
Get location of the device
Confidence:
100%
Create a secure socket connection to the proxy address
Confidence:
100%
Method reflection
Confidence:
100%
Get the time of current location
Confidence:
100%
Initialize class object dynamically
Confidence:
100%
Get specific method from other Dex files
Confidence:
80%
Create a socket connection to the given host address
Confidence:
80%
Create a secure socket connection to the given host address
Confidence:
80%
Read file and put it into a stream
Confidence:
80%
Get declared method from given method name
Confidence:
80%
Read file from assets directory
Confidence:
80%
Get resource file from res/raw directory

Behavior analysis

Information computed with MobSF.

Android notifications
       a0/r.java
Base64 decode
       c0/e.java
Base64 encode
       u2/f.java
h0/f.java
Certificate handling
       q9/h.java
m9/h.java
q9/d.java
h9/a.java
r9/l.java
h9/y.java
n9/h.java
Gps location
       e/x.java
e/l.java
Get installed applications
       o0/i.java
Get system service
       k0/z.java
i3/d.java
q2/j.java
u4/r.java
p0/c.java
e/l.java
com/github/livingwithhippos/unchained/folderlist/view/FolderListFragment.java
a0/r.java
com/github/livingwithhippos/unchained/lists/view/ListsTabFragment.java
dagger/hilt/android/internal/managers/ViewComponentManager$FragmentContextWrapper.java
a0/h.java
r0/a.java
com/github/livingwithhippos/unchained/base/UnchainedApplication.java
com/github/livingwithhippos/unchained/base/MainActivity.java
z3/a.java
g5/n.java
j/c.java
com/github/livingwithhippos/unchained/start/viewmodel/MainActivityViewModel.java
com/github/livingwithhippos/unchained/search/view/SearchFragment.java
c3/l.java
b0/a.java
Inter process communication
       a0/j.java
a0/g.java
q2/v.java
a0/p.java
k1/n.java
k/a.java
a0/r.java
c/b.java
k1/o.java
com/github/livingwithhippos/unchained/base/MainActivity.java
z3/a.java
a0/n.java
k/e.java
c/e.java
q2/m.java
b0/a.java
c/a.java
com/github/livingwithhippos/unchained/data/service/ForegroundTorrentService.java
o0/i.java
com/github/livingwithhippos/unchained/downloaddetails/view/DownloadDetailsFragment.java
a/a.java
a0/t.java
e/l.java
c/d.java
g0/a.java
com/github/livingwithhippos/unchained/folderlist/view/FolderListFragment.java
q2/b0.java
e/i.java
com/github/livingwithhippos/unchained/lists/view/ListsTabFragment.java
h1/d.java
a0/c.java
c/c.java
k/c.java
s5/a.java
c3/l.java
Java reflection
       k5/e.java
l5/b.java
k0/l0.java
q2/j.java
a0/a.java
e9/w.java
k0/f.java
e0/a.java
ca/z.java
ca/m.java
y7/h.java
w/a.java
t6/l.java
f7/s.java
r9/f.java
z7/d.java
q9/h.java
f7/f0.java
ca/x.java
o0/c.java
k5/d.java
u9/k.java
j5/f.java
g2/e.java
e6/b.java
h8/d.java
u6/g.java
d6/f.java
k0/z.java
e7/c.java
t6/o.java
ca/v.java
q9/g.java
t6/c.java
w/d.java
o0/h.java
m5/b.java
d6/a.java
y6/k.java
d0/k.java
d0/h.java
u6/b.java
g6/a.java
j5/a.java
k5/f.java
u6/h.java
k6/d.java
e/l.java
f7/a0.java
a9/b.java
f7/r.java
k5/c.java
j5/a0.java
a0/g.java
t6/h0.java
t6/v0.java
q9/d.java
v1/a.java
e7/f.java
q9/c.java
f7/b0.java
f7/c.java
e/u.java
ca/a0.java
v1/b.java
d0/j.java
e9/d.java
ca/u.java
q9/e.java
q9/b.java
o0/i.java
f6/a.java
j/f.java
f7/y.java
y0/b.java
f7/b.java
f7/e.java
e/s.java
d0/i.java
u6/a.java
f7/n.java
t6/t.java
k0/b0.java
e0/e.java
j5/k.java
j5/e.java
t6/t0.java
j5/q.java
c0/j.java
ca/k.java
f7/q.java
u6/f.java
k5/a0.java
t6/c0.java
j5/l.java
d0/g.java
r9/h.java
f7/a.java
e6/a.java
c5/h.java
ca/d0.java
z8/u0.java
d/d.java
h1/d.java
a0/f.java
t6/d.java
s1/a.java
k/c.java
Local file i/o operations
       d0/n.java
q2/v.java
q2/j.java
p3/m.java
q2/d0.java
b2/j.java
com/github/livingwithhippos/unchained/search/viewmodel/SearchViewModel.java
g3/j.java
k1/y.java
com/github/livingwithhippos/unchained/folderlist/viewmodel/FolderListViewModel.java
com/github/livingwithhippos/unchained/folderlist/view/FolderListFragment.java
g3/k.java
x1/d.java
m3/d.java
b2/c.java
com/github/livingwithhippos/unchained/search/view/SearchFragment.java
d/c.java
q2/m.java
Message digest
       u9/h.java
u9/f0.java
Query database of sms, contacts etc
       h0/e.java
Set or read clipboard data
       z3/a.java
b0/a.java
Starting activity
       a0/c.java
com/github/livingwithhippos/unchained/base/MainActivity.java
b0/a.java
Starting service
       a0/r.java
com/github/livingwithhippos/unchained/base/MainActivity.java
Tcp socket
       p9/q.java
q9/h.java
q9/b.java
m9/d.java
j9/c.java
n9/h.java
p9/f.java
m9/e.java
u9/h0.java
c7/z.java
m9/h.java
h9/a.java
o9/b.java
m9/i.java
h9/y.java
s9/a.java
Url connection to file/http/https/ftp/jar
       l8/d.java

Control flow graphs analysis

Information computed by Pithus.

The application probably dynamically loads code

The application probably gets the location based on GPS and/or Wi-Fi

The application probably gets the network connections information

The application probably plays sound

The application probably makes OS calls

The application probably starts another application

The application probably gets memory and CPU information