As the deadline of GSOC has passed, I would like to announce the APKinspector Beta1.0. APKinspector is a tool to help Android application analysts and reverse engineers to analyze the compiled Android packages and their corresponding codes. You can review the Alpha version report and the page of this project to know more about it.
Click the picture below to watch a full demonstration video of APKInspector:
Chinese viewers may view the demo at: http://v.
The GUI tool for static analysis of Android malware is ready for an alpha release. For more details regarding this project, check here.
In the alpha release, the following features have been finished.
(1) Show the CFG (control flow graph) for a given method
(2) Show the smali codes for a given method.
(3) Show the Java codes for a given java file.
(4) Show the betecodes for a given method.
The Android application sandbox is now ready for an alpha release. Details on how to get DroidBox running are available at the project webpage.
At the moment, the following actions are logged during runtime:
File read and write operations Cryptography API activity Opened network connections Outgoing network traffic Information leaks through the following sinks: network, file, sms Attempts to send SMS Phone calls that have been made An analysis output looks like the following sample report:
One of the very first Android malwares, Geinimi has been analyzed in the application sandbox DroidBox that is currently being developed. The project is part of GSoC 2011 in collaboration with Honeynet and as a master thesis. The Geinimi application uses DES encryption, and it’s possible to uncrypt statically the content, see picture below.
But it’s very easy to do that because the key is not well hidden, so an approach by using dynamic analysis will be more interesting with complex samples.