Tools no image

Published on February 9th, 2012 | by MaxiSoler

0

Androguard (Android Guard) v1.0 RC 1

Androguard (Android Guard) is a tool written in python that focus on Reverse engineering, Malware and goodware analysis of Android applications, etc.

Androguard (Android Guard) is a tool written in python to play with :

  • .dex (Dalvik virtual machine)
  • APK (Android application)
  • Android’s binary xml
  • .class (Java virtual machine)
  • JAR (Java application)

Androguard has the following features:

  • Map and manipulate (read/write) DEX/CLASS/APK/JAR files into full Python objects,
  • Native support of DEX code in a c++ library,
  • Access to the static analysis of your code (basic blocks, instructions, permissions (with database from http://www.android-permissions.org/) …) and create your own static analysis tool,
  • Check if an android application is present in a database (malwares, goodwares ?),
  • Open source database of android malware (this opensource database is done on my free time, of course my free time is limited, so if you want to help, you are welcome !),
  • Diffing of android applications,
  • Measure the efficiency of obfuscators (proguard, …),
  • Determine if your application has been pirated (plagiarism/rip-off indicator),
  • Risk indicator of malicious application,
  • Reverse engineering of applications (goodwares, malwares),
  • Transform Android’s binary xml (like AndroidManifest.xml) into classic xml,
  • Visualize your application with gephi (gexf format), or with cytoscape (xgmml format), or PNG/DOT output,
  • Patch JVM classes, add native library dependencies,
  • Dump the jvm process to find classes into memory,
  • ….

 

Requirements 

  • >= python 2.6
  • networkx please install the mercurial version
  • ipython for androlyze
  • python-ptrace for androdump.py
  • pydot for androdd.py or method2 methods.
  • chilkat can be used to unzip APK application, otherwise the zip python module is used (module apk.py)
  • magic is used in method get_files_types in APK module to found files types (module apk.py)
  • pyfuzzy is used to calculate risk indicator (module risk.py)
  • psyco is used to accelerate androguard, but it’s not mandatory to install it.
  • pygments to have colors with decompilation
  • bzip2
  • zlib
  • xz
  • snappy
  • sparsehash
  • python-dev

More Information: here

Recommended Lecture:  Android: From Reversing to Decompilation (BlackHat Abu Dabhi 2011)

Download Androguard (Android Guard) v1.0 RC 1

Tags: , , ,


About the Author

ToolsWatcher. Collaborator of the Black Hat Arsenal Event.



Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Back to Top ↑