AdSense

Friday, December 30, 2016

ANDROID PT / Analysis with Androguard


ANALYSIS WITH ANDROGUARD

- Androguard is an open source framework for iPython designed to analyze and perform reverse engineering with Android applications.

- Some of Androguard's functionalities include automated and scripting analysis of dex, odex, apk and xml binaries files, disassemble, decompiler, malware dissection, ...

- It can be found here:

https://github.com/androguard/androguard





- Once downloaded, let's unzip the file:




- The tool androlyze is part of the Androguard platform and allows static analysis of .apk applications:

https://androlyze.readthedocs.io/en/latest/




- Let's take the application box.apk as example. The whole path:




- Getting permissions of the application:




- Detailing the permissions, for example .INTERNET is considered "dangerous" because allows full access to the network, for instance creating sockets:




- Identifying the activities of the application:




- Services:




- Broadcast receivers:




- Signature in hexadecimal:




- The package name:






- Determining whether the application is valid or not:




- Files:






- Now, let's retrieve classes and methods from the application:






 - Writing a small script for getting the classes:






- Same thing for the methods:






- The options and the scope of Androguard is immense. So far just a small approach to all the possibilities of this very handy framework for Android analysis.