Androguard – Reverse Engineering & Malware Analysis For Android

The New Acunetix V12 Engine


Androguard is a toolkit built in Python which provides reverse engineering and malware analysis for Android.

Androguard - Reverse Engineering & Malware Analysis For Android

It’s buyilt to examine * Dex/Odex (Dalvik virtual machine) (.dex) (disassemble, decompilation), * APK (Android application) (.apk), * Android’s binary xml (.xml) and * Android Resources (.arsc).

Androguard is available for Linux/OSX/Windows (Python powered).

Features

  • Map and manipulate DEX/ODEX/APK/AXML/ARSC format into full Python objects
  • Diassemble/Decompilation/Modification of DEX/ODEX/APK format
  • Decompilation with the first native (directly from dalvik bytecodes to java source codes) dalvik decompiler (DAD)
  • Access to the static analysis of the code (basic blocks, instructions, permissions)
  • Analysis a bunch of android apps
  • Analysis with ipython/Sublime Text Editor
  • Diffing of android applications
  • Measure the efficiency of obfuscators (proguard, …)
  • Determine if your application has been pirated (plagiarism/similarities/rip-off indicator)
  • Check if an android application is present in a database (malwares, goodwares ?)
  • Open source database of android malware
  • Detection of ad/open source librairies (WIP)
  • Risk indicator of malicious application
  • Reverse engineering of applications (goodwares, malwares)
  • Transform Android’s binary xml (like AndroidManifest.xml) into classic xml
  • Visualize your application with gephi (gexf format), or with cytoscape (xgmml format), or PNG/DOT output
  • Integration with external decompilers (JAD+dex2jar/DED/fernflower/jd-gui…)

Usage

Androguard has many different components, but the most commonly used one would be Androlyze:

You can download Androguard here:

androguard-v2.0.zip

Or read more here.

Posted in: Forensics, Malware

, , ,


Latest Posts:


Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.


Comments are closed.