Androguard – Reverse Engineering & Malware Analysis For Android


Androguard is a toolkit built in Python which provides reverse engineering and malware analysis for Android.

Androguard - Reverse Engineering & Malware Analysis For Android

It’s buyilt to examine * Dex/Odex (Dalvik virtual machine) (.dex) (disassemble, decompilation), * APK (Android application) (.apk), * Android’s binary xml (.xml) and * Android Resources (.arsc).

Androguard is available for Linux/OSX/Windows (Python powered).

Features

  • Map and manipulate DEX/ODEX/APK/AXML/ARSC format into full Python objects
  • Diassemble/Decompilation/Modification of DEX/ODEX/APK format
  • Decompilation with the first native (directly from dalvik bytecodes to java source codes) dalvik decompiler (DAD)
  • Access to the static analysis of the code (basic blocks, instructions, permissions)
  • Analysis a bunch of android apps
  • Analysis with ipython/Sublime Text Editor
  • Diffing of android applications
  • Measure the efficiency of obfuscators (proguard, …)
  • Determine if your application has been pirated (plagiarism/similarities/rip-off indicator)
  • Check if an android application is present in a database (malwares, goodwares ?)
  • Open source database of android malware
  • Detection of ad/open source librairies (WIP)
  • Risk indicator of malicious application
  • Reverse engineering of applications (goodwares, malwares)
  • Transform Android’s binary xml (like AndroidManifest.xml) into classic xml
  • Visualize your application with gephi (gexf format), or with cytoscape (xgmml format), or PNG/DOT output
  • Integration with external decompilers (JAD+dex2jar/DED/fernflower/jd-gui…)

Usage

Androguard has many different components, but the most commonly used one would be Androlyze:

You can download Androguard here:

androguard-v2.0.zip

Or read more here.

Posted in: Forensics, Malware

, , ,


Latest Posts:


HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.
Stardox - Github Stargazers Information Gathering Tool Stardox – Github Stargazers Information Gathering Tool
Stardox is a Python-based GitHub stargazers information gathering tool, it scrapes Github for information and displays them in a list tree view.
ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.
RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.


Comments are closed.