Friday, December 30, 2016

ANDROID PT / Analysis with Androguard


- Androguard is an open source framework for iPython designed to analyze and perform reverse engineering with Android applications.

- Some of Androguard's functionalities include automated and scripting analysis of dex, odex, apk and xml binaries files, disassemble, decompiler, malware dissection, ...

- It can be found here:

- Once downloaded, let's unzip the file:

- The tool androlyze is part of the Androguard platform and allows static analysis of .apk applications:

- Let's take the application box.apk as example. The whole path:

- Getting permissions of the application:

- Detailing the permissions, for example .INTERNET is considered "dangerous" because allows full access to the network, for instance creating sockets:

- Identifying the activities of the application:

- Services:

- Broadcast receivers:

- Signature in hexadecimal:

- The package name:

- Determining whether the application is valid or not:

- Files:

- Now, let's retrieve classes and methods from the application:

 - Writing a small script for getting the classes:

- Same thing for the methods:

- The options and the scope of Androguard is immense. So far just a small approach to all the possibilities of this very handy framework for Android analysis.