Android (Investigative) Tools

Table of Contents

1 Android SDK

  1. http://developer.android.com/tools/help/emulator.html
  2. http://developer.android.com/tools/help/adb.html

We will always use the latest versions. Our write-ups may not always be appropriately updated. Be prepared to deal with a latest tool complaining about deprecations.

2 Reverse Engineering, Android Specific

  1. http://ibotpeaches.github.io/Apktool/ It can decode resources to nearly original form and rebuild them after making some modifications. Install in Linux/ MacOS/ Windows.
  2. https://github.com/JesusFreke/smali is an assembler/disassembler for the dex format used by Dalvik. Supports annotations, debug info, line info, etc.
  3. https://code.google.com/p/dex2jar/ is a tool for converting .dex format to .class format. Just one binary format to another binary format. Does not generate Java source. FOSS.
  4. SQLite Viewer. http://www.sqliteviewer.com/ Free version available.
  5. https://calebfenton.github.io/2016/04/23/tetcon-2016-android-deobfuscation/ A conference on Android Deobfuscation: Tools and Techniques. Videos, src code bundles, papers are downloadable.

2.1 Reversing Android Specific #2

  1. http://jd.benow.ca/ Java Decompiler (JD). Includes JD-GUI, JD-Eclipse, JD-IntelliJ. Can show equivalent Java source of a given .class file. Not FOSS, but "may be freely used for personal needs in commercial or non-commercial environments."
  2. https://santoku-linux.com/ A Linux PC distribution targeted at Android users/developers. Mobile Forensics, Malware Analysis, and Security. Recommended Visit.
  3. Androguard FOSS https://github.com/androguard Reverse engineering, Malware and goodware analysis of Android applications. Python, Rust; 2016
  4. https://github.com/strazzere/android-lkms "reversing and debugging on controlled systems/emulators."

2.2 Reversing Android Specific #3

  1. Web search for URLs.
  2. AndBug: "A Scriptable Android Debugging" Library; inactive since 2011
  3. APK Studio (not Android Studio) : "is an IDE for decompiling/editing & then recompiling of Android application binaries." Now (2015) cross-platform.
  4. https://github.com/Konloch/bytecode-viewer Bytecode-Viewer: "A Java 8 Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)"
  5. https://codeinspect.sit.fraunhofer.de/ CodeInspect: "A Jimple-based Reverse-Engineering framework for Android and Java applications." "Debug,Understand,Controlapps without knowing the source code." Jimple is an intermediate representation of a Java program designed to be easier to optimize than Java bytecode. It is typed, has a concrete syntax and is based on three-address code.
  6. Fino: "An Android Dynamic Analysis Tool"

2.3 Reversing Android Specific #4

  1. dedex: "A command line tool for disassembling Android DEX files."
  2. dextra: A utility that can supplant AOSP's dexdump and dx –dump. Supports ART.
  3. dexdisassembler: A GTK tool for disassembling Android DEX files.
  4. Introspy-Android: Blackbox tool to help understand what an Android application is doing at runtime and assist in the identification of potential security issues. https://github.com/iSECPartners/Introspy-Android active 3 years ago. 2013.
  5. JEB: The Interactive Android Decompiler. Not FOSS.

2.4 Reversing #5

  1. FernFlower: JVM Decompiler. On GitHub
  2. JD-Gui: Yet another fast JVM Decompiler. On GitHub
  3. Cerbero Malware and forensic analysis. Not FOSS. Can reverse.
  4. Codeinspect: "Debug,Understand,Control apps without knowing the source code."
  5. Many more exist.
  6. Kisskiss - Unpacker for various Android packers/protectors, https://github.com/strazzere/android-unpacker/tree/master/native-unpacker, 2017
  7. dexdump Android SDK

3 Radare2


https://rada.re/r/ "Radare is a portable reversing framework that can Disassemble (and assemble for) many different architectures Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg) Run on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku Perform forensics on filesystems and data carving Be scripted in Python, Javascript, Go and more Support collaborative analysis using the embedded webserver Visualize data structures of several file types Patch programs to uncover new features or fix vulnerabilities Use powerful analysis capabilities to speed up reversing Aid in software exploitation"



http://lcamtuf.coredump.cx/afl/ "American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code."

https://github.com/shellphish/driller Driller: augmenting AFL with symbolic execution!

5 Wiki

  1. https://mobilesecuritywiki.com/
  2. https://github.com/ashishb/android-security-awesome A collection of android security related tools, articles, etc.
  3. Diff-Droid, Frida, www.frida.re "Your own scripts get injected into black box processes to execute custom debugging logic. Hook any function, spy on crypto APIs or trace private application code, no source code needed! Stealthy code tracing without relying on software or hardware breakpoints. Think DTrace in user-space, based on dynamic recompilation, like DynamoRIO and PIN." https://www.blackhat.com/docs/eu-16/materials/arsenal/eu-16-Joseph-Diff-Droid.pdf https://github.com/antojoseph/diff-gui

6 References

  1. https://bitbucket.org/secure-it-i/may2018/ Rekha: Evaluating Effectiveness of Free Android App Security Analysis Tools in Detecting Known Vulnerabilities Last updated 2019-01-27
  2. https://bitbucket.org/secure-it-i/android-app-vulnerability-benchmarks/src/RekhaEval-3/
  3. TraceDroid [Google Search] https://www.google.com/search?q=tracedroid
  4. https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-wong.pdf Tackling runtime-based obfuscation in Android with TIRO, Michelle Y. Wong and David Lie University of Toronto
  5. https://sable.github.io/soot/ A framework for analyzing and transforming Java and Android Applications https://en.wikipedia.org/wiki/Soot_(software); SOOT: A JAVA BYTECODE OPTIMIZATION FRAMEWORK by Raja Vallee-Rai ยด School of Computer Science McGill University, Montreal October 2000 sable-thesis.pdf
  6. https://docs.microsoft.com/en-us/appcenter/diagnostics/android-proguard Android ProGuard

7 End

Copyright © 2019 www.wright.edu/~pmateti • 2019-03-28