i ANDROID MALWARE ANALYSIS TOOL – REVERSE ENGINEERING – All things in moderation

ANDROID MALWARE ANALYSIS TOOL – REVERSE ENGINEERING

Dex2jar
dex2jar is a tool to work with files .dex of android and file .jar of java. We can use dex2jar converter file .dex to file .jar.
– DEX-reader: read the file API DEX (Dalvik Executable) and Odex, which is the format of Android.
– DEX translator, perform the conversion. It converts files into formats DEX to DEX-IR. After optimization, the format switches to ASM.
– DEX-IR: it serves compilation DEX and used by reading the above components.
– DEX-Tools: this library will work with the .class file to modify duty APK file or JAR
You can view detail in here.

Smali/Baksmali

smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android’s Java VM implementation. The syntax is loosely based on Jasmin’s/dedexer’s syntax, and supports the full functionality of the dex format (annotations, debug info, line info, etc.)

Enjarify
Enjarify is a tool for translating Dalvik bytecode to equivalent Java bytecode. This allows Java analysis tools to analyze Android applications.

Frida

Frida is basically Greasemonkey for native apps, or, put in more technical terms, it’s a dynamic code instrumentation toolkit. It lets you inject snippets of JavaScript into native apps on Windows, Mac, Linux, iOS and Android. Frida also provides you with some simple tools built on top of the Frida API. These can be used as-is, tweaked to your needs, or serve as examples of how to use the API.

Radare2

Radare2 (also known as r2) is a complete framework for reverse-engineering and analyzing binaries; composed of a set of small utilities that can be used together or independently from the command line. Built around a disassembler for computer software which generates assembly language source code from machine-executable code, it supports a variety of executable formats for different processors and operating systems.(Wikipedia)

Redexer

Redexer is a reengineering tool that manipulates Android app binaries. This tool is able to parse a DEX file into an in-memory data structure; to infer with which parameters the app uses certain permissions (we name this feature RefineDroid); to modify and unparse that data structure to produce an output DEX file (we name these features Dr. Android, which stands for Dalvik Rewriting for Android).

Krakatau
Krakatau currently contains three tools – a decompiler and disassembler for Java classfiles and an assembler to create classfiles.

Introspy Android

Introspy-Android comprises two separate components: a GUI interface to configure hooks, filters and options and a Cydia Substrate extension containing the core of the tool functionalities, including hooks and analysis of potential issues.

Introspy-Android can be installed on a rooted device and dynamically configured to hook security-sensitive Android APIs at run-time. The tool records all the relevant API calls made by an application, including function calls, arguments and return values. It then perform tests for security issues in real time and persists the results in a database and in the Android logging system.

The Introspy-Analyzer can then be used to analyse a database generated by the tracer, and generate HTML reports containing the list of logged function calls as well as a list of potential vulnerabilities affecting the application.

Leave a Reply