{"id":4231,"date":"2016-11-19T13:39:54","date_gmt":"2016-11-19T05:39:54","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=4231"},"modified":"2016-11-19T13:40:05","modified_gmt":"2016-11-19T05:40:05","slug":"androguard-reverse-engineering-malware-analysis-for-android","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2016\/11\/androguard-reverse-engineering-malware-analysis-for-android\/","title":{"rendered":"Androguard &#8211; Reverse Engineering &#038; Malware Analysis For Android"},"content":{"rendered":"<p>Androguard is a toolkit built in Python which provides reverse engineering and malware analysis for Android.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2016\/08\/Androguard-Reverse-Engineering-Malware-Analysis-For-Android-640x249.png\" alt=\"Androguard - Reverse Engineering &amp; Malware Analysis For Android\" width=\"640\" height=\"249\" class=\"aligncenter size-medium wp-image-4343\" \/><\/p>\n<p>It&#8217;s buyilt to examine * Dex\/Odex (Dalvik virtual machine) (.dex) (disassemble, decompilation), * APK (Android application) (.apk), * Android&#8217;s binary xml (.xml) and * Android Resources (.arsc).<\/p>\n<p>Androguard is available for Linux\/OSX\/Windows (Python powered).<\/p>\n<h3>Features<\/h3>\n<ul>\n<li>Map and manipulate DEX\/ODEX\/APK\/AXML\/ARSC format into full Python objects<\/li>\n<li>Diassemble\/Decompilation\/Modification of DEX\/ODEX\/APK format<\/li>\n<li>Decompilation with the first native (directly from dalvik bytecodes to java source codes) dalvik decompiler (DAD)<\/li>\n<li>Access to the static analysis of the code (basic blocks, instructions, permissions)<\/li>\n<li>Analysis a bunch of android apps<\/li>\n<li>Analysis with ipython\/Sublime Text Editor<\/li>\n<li>Diffing of android applications<\/li>\n<li>Measure the efficiency of obfuscators (proguard, &#8230;)<\/li>\n<li>Determine if your application has been pirated (plagiarism\/similarities\/rip-off indicator)<\/li>\n<li>Check if an android application is present in a database (malwares, goodwares ?)<\/li>\n<li>Open source database of android malware<\/li>\n<li>Detection of ad\/open source librairies (WIP)<\/li>\n<li>Risk indicator of malicious application<\/li>\n<li>Reverse engineering of applications (goodwares, malwares)<\/li>\n<li>Transform Android&#8217;s binary xml (like AndroidManifest.xml) into classic xml<\/li>\n<li>Visualize your application with gephi (gexf format), or with cytoscape (xgmml format), or PNG\/DOT output<\/li>\n<li>Integration with external decompilers (JAD+dex2jar\/DED\/fernflower\/jd-gui&#8230;)<\/li>\n<\/ul>\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3033787195489589\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- Darknet Responsive Post Ad Links [previously link ad unit] -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3033787195489589\"\r\n     data-ad-slot=\"5456620019\"\r\n     data-ad-format=\"auto\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script>\n<h3>Usage<\/h3>\n<p>Androguard has many different components, but the most commonly used one would be Androlyze:<\/p>\n<pre>Usage: androlyze.py [options]\r\n\r\nOptions:\r\n  -h, --help            show this help message and exit\r\n  -i INPUT, --input=INPUT\r\n                        file : use this filename\r\n  -d, --display         display the file in human readable format\r\n  -m METHOD, --method=METHOD\r\n                        display method(s) respect with a regexp\r\n  -f FIELD, --field=FIELD\r\n                        display field(s) respect with a regexp\r\n  -s, --shell           open a shell to interact more easily with objects\r\n  -v, --version         version of the API\r\n  -p, --pretty          pretty print !\r\n  -t TYPE_PRETTY, --type_pretty=TYPE_PRETTY\r\n                        set the type of pretty print (0, 1) !\r\n  -x, --xpermissions    show paths of permissions<\/pre>\n<p>You can download Androguard here:<\/p>\n<p><a href=\"https:\/\/github.com\/androguard\/androguard\/archive\/v2.0.zip\">androguard-v2.0.zip<\/a><\/p>\n<p>Or read more <a href=\"https:\/\/github.com\/androguard\/androguard\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Androguard is a toolkit built in Python which provides reverse engineering and malware analysis for Android. It&#8217;s buyilt to examine * Dex\/Odex (Dalvik virtual machine) (.dex) (disassemble, decompilation), * APK (Android application) (.apk), * Android&#8217;s binary xml (.xml) and * Android Resources (.arsc). Androguard is available for Linux\/OSX\/Windows (Python powered). Features Map and manipulate DEX\/ODEX\/APK\/AXML\/ARSC [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"Androguard is a toolkit built in Python which provides reverse engineering and malware analysis for Android. It supports Dex\/Odex, APK, Binary XML etc.","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[28,7],"tags":[5986,8565,6070,8566],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/4231"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=4231"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/4231\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=4231"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=4231"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=4231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}