Malware mobile analysis tools
In this series, we will using some tool in malware mobile analysic. Following are some common tools.
This tool is used to analyze Android application binaries. It has a capability of disassembling applications to practically original form and repackaging them after certain modification. It also is used to debug the smali code.
Dex2Jar tool was developed and used in order to convert .dex file (Dalvik Virtual machine format) to .class format. It helps to view the source code of an application as a Java code
The Android Software Development Kit (SDK) is a collection of development tools that are used to create applications. There are several components are included on the SDK such as debugger, an emulator, sample source code, libraries and etc…
This tool is a java decompile that allows a user to view Java Source Codes of .class files. It shows log files and enables user to browse the hierarchy of the class files.
DroidBox is a dynamic analysis tool of Android applications. It is capable to identify information leaks of content, SMS data IMEI, GPS coordinates, and installed application, phone number and operation file.
DroidBox consists of two parts, which can be referred to as the Host and Target. The Target part launched on the emulator is based on Android 4.1.2, with a set of patches, most of which were borrowed from TaintDroid without change. The patches add certain functions for monitoring data at a low level.
The Host part is a set of Python scripts that connects with the emulator and receives all possible information from the Target regarding the application being analyzed, and displays it in text or graphic format.
Mobile Security Framework (MobSF) is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also perform Web API Security testing with it’s API Fuzzer that can do Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session and API Rate Limiting.