For the past one year, Android based developments and applications have flooded international markets. Every other application is available on many third-party sites. How do we infer if we are using a legitimate, uninfected copy of the application ?
ADHRIT is an open source tool that can do this task. Basically a malware analysis tool, but can equally be used for CTFs and for APK modifications.
How does it work ?
ADHRIT is largely automated to carry out many of the manual tasks that are, otherwise, time consuming. For instance, to acquire the source code of an apk, one has to extract the classes.dex and then use dex2jar to get the corresponding archive and then use any of the Java decompilers to get the source code in Java. This whole process, which takes around a minute or two, is done in less than 5 seconds by the tool !
The tool provides multiple argument filters for flexibility and the user can choose exactly how much and what he wants. The effort is to make the tool as compact as possible by isolating the individual tools from the Android SDK. This also relieves the user from the burden of installing and configuring the Android SDK.
ADHRIT can :
* Extract the APK contents into a directory
* Dump certificate details
* Extract source code in Smali
* Extract source code in Java
* Parse binary Manifest XML into readable XML
* Searches for native libraries
* Analyzes permissions used by the application
* Checks for malware footprints in the VIrusTotal database
The Flow :
What all can I do ?
* Build custom/patched APKs if necessary in CTFs. Java source and the AndroidManifest.xml is extracted by the tool.
* Build APK mods using the smali code extracted using APK Tool.
* Analyse source code.
* Check if the malware is listed on VirusTotal.
* Get images from the apk.
Can I reuse this code ?
Cent percent yes ! You can use any part of this code and even few of the slightly modified tools ( which are again, open source tools built by wonderful developers. ) in your projects under open source license constraints.
Where To Find ?
The project is still under progress and will implement static and dynamic analysis techniques also. Follow
ADHRIT project on GitHub for continual updates. Stay tuned !
Have a good day ! :)
For the past one year, Android based developments and applications have flooded international markets. Every other application is available on many third-party sites. How do we infer if we are using a legitimate, uninfected copy of the application ?
ADHRIT is an open source tool that can do this task. Basically a malware analysis tool, but can equally be used for CTFs and for APK modifications.
How does it work ?
ADHRIT is largely automated to carry out many of the manual tasks that are, otherwise, time consuming. For instance, to acquire the source code of an apk, one has to extract the classes.dex and then use dex2jar to get the corresponding archive and then use any of the Java decompilers to get the source code in Java. This whole process, which takes around a minute or two, is done in less than 5 seconds by the tool !
The tool provides multiple argument filters for flexibility and the user can choose exactly how much and what he wants. The effort is to make the tool as compact as possible by isolating the individual tools from the Android SDK. This also relieves the user from the burden of installing and configuring the Android SDK.
ADHRIT can :
* Extract the APK contents into a directory
* Dump certificate details
* Extract source code in Smali
* Extract source code in Java
* Parse binary Manifest XML into readable XML
* Searches for native libraries
* Analyzes permissions used by the application
* Checks for malware footprints in the VIrusTotal database
The Flow :
What all can I do ?
* Build custom/patched APKs if necessary in CTFs. Java source and the AndroidManifest.xml is extracted by the tool.
* Build APK mods using the smali code extracted using APK Tool.
* Analyse source code.
* Check if the malware is listed on VirusTotal.
* Get images from the apk.
Can I reuse this code ?
Cent percent yes ! You can use any part of this code and even few of the slightly modified tools ( which are again, open source tools built by wonderful developers. ) in your projects under open source license constraints.
Where To Find ?
The project is still under progress and will implement static and dynamic analysis techniques also. Follow
ADHRIT project on GitHub for continual updates. Stay tuned !
Have a good day ! :)
0 comments:
Post a Comment