Friday, December 30, 2016
ANDROID PT / Analysis with Androguard
ANALYSIS WITH ANDROGUARD
- Androguard is an open source framework for iPython designed to analyze and perform reverse engineering with Android applications.
- Some of Androguard's functionalities include automated and scripting analysis of dex, odex, apk and xml binaries files, disassemble, decompiler, malware dissection, ...
- It can be found here:
- Once downloaded, let's unzip the file:
- The tool androlyze is part of the Androguard platform and allows static analysis of .apk applications:
- Let's take the application box.apk as example. The whole path:
- Getting permissions of the application:
- Detailing the permissions, for example .INTERNET is considered "dangerous" because allows full access to the network, for instance creating sockets:
- Identifying the activities of the application:
- Broadcast receivers:
- Signature in hexadecimal:
- The package name:
- Determining whether the application is valid or not:
- Now, let's retrieve classes and methods from the application:
- Writing a small script for getting the classes:
- Same thing for the methods:
- The options and the scope of Androguard is immense. So far just a small approach to all the possibilities of this very handy framework for Android analysis.