Reverse Engineering and Auditing¶
Reverse Engineer¶
It can decode resources to nearly original form and rebuild them after making some modifications. It also makes working with an app easier because of the project like file structure and automation of some repetitive tasks like building apk, etc.
Decompiling Apk¶
Tools:¶
Static Code Analysis¶
The analysis or inspecting source code of an android app to check suspicious behavior known as Static Code Analysis. In other words, Static Code Analysis is the process of examining application code on hard drive without running programming.
Dynamic Code Analysis¶
Dynamic Code Analysis approach exact opposite from SCA in this type of analysis reviewing all vulnerability while application is running.
This can be perform by many different methods I'm using there by TCPdump and Wireshark.
DCA by TCPdump following steps:
- Download the tcpdump from: https://www.androidtcpdump.com/android-tcpdump/downloads
- Send the binary file of tcpdump to the device
- Before executive tcpdump give it rwx permission by chmod 777 tcpdump
- Now executive tcpdump by ./tcpdump -v -s 0 -w {file}.pcap
- Once process have done stop capturing packet and open it with Wireshark
DCA by DroidBox: DroidBox is an automated tool for Dynamic Code Analysis by default it come in Android Tamor but if you integrate with your current linux system so can downloadable from https://github.com/pjlantz/droidbox. Droid
-
Download necessary files and uncompress it anywhere
-
Setup a new AVD targeting Android 4.1.2 and choose Nexus 4 as device as well as ARM as CPU type by running: android
-
Start the emulator with the new AVD:
-
When emulator has booted up, start analyzing samples (please use the absolute path to the apk)