This commit is contained in:
parent
d369cfb187
commit
65baae4d0d
4 changed files with 71 additions and 1 deletions
|
@ -1,7 +1,13 @@
|
||||||
|
#let ADB = link(<acr-adb>)[ADB]
|
||||||
#let APK = link(<acr-apk>)[APK]
|
#let APK = link(<acr-apk>)[APK]
|
||||||
|
#let ART = link(<acr-art>)[ART]
|
||||||
|
#let AXML = link(<acr-axml>)[AXML]
|
||||||
#let DEX = link(<acr-dex>)[DEX]
|
#let DEX = link(<acr-dex>)[DEX]
|
||||||
#let OAT = link(<acr-oat>)[OAT]
|
#let OAT = link(<acr-oat>)[OAT]
|
||||||
#let JAR = link(<acr-jar>)[JAR]
|
#let JAR = link(<acr-jar>)[JAR]
|
||||||
|
#let IDE = link(<acr-ide>)[IDE]
|
||||||
|
#let SDK = link(<acr-sdk>)[SDK]
|
||||||
|
#let XML = link(<acr-xml>)[XML]
|
||||||
|
|
||||||
#let notation_table = align(center, table(
|
#let notation_table = align(center, table(
|
||||||
columns: 2,
|
columns: 2,
|
||||||
|
@ -9,8 +15,14 @@
|
||||||
table.header(
|
table.header(
|
||||||
[Acronyms], [Meanings],
|
[Acronyms], [Meanings],
|
||||||
),
|
),
|
||||||
|
ADB, [Android Debug Bridge, a tool to connect to an Android emulator of smartphone to run commands, start applications, send events and perform other operations for testing and debuging purpose <acr-adb>],
|
||||||
APK, [Android Package, the file format used to install application on Android. The APK format is an extention of the #JAR format <acr-apk>],
|
APK, [Android Package, the file format used to install application on Android. The APK format is an extention of the #JAR format <acr-apk>],
|
||||||
|
ART, [Android RunTime, the runtime environement that execute an Android application. The ART is the successor of the older Dalvik Virtual Machine <acr-art>],
|
||||||
|
AXML, [Android #XML. The specific flavor of #XML used by Android. The main specificity of AXML is that it can be compile in a binary version inside an APK <acr-axml>],
|
||||||
DEX, [Dalvik Executable, the file format for the bytecode used for applicatiobs by Android <acr-dex>],
|
DEX, [Dalvik Executable, the file format for the bytecode used for applicatiobs by Android <acr-dex>],
|
||||||
|
IDE, [Integrated Development Environment, a software providing tools for software development <acr-ide>],
|
||||||
JAR, [Java ARchive file, the file format used to store several java class files. Sometimes used by Android to store #DEX files instead of java classes <acr-jar>],
|
JAR, [Java ARchive file, the file format used to store several java class files. Sometimes used by Android to store #DEX files instead of java classes <acr-jar>],
|
||||||
OAT, [Of Ahead Time, an ahead of time compiled format for #DEX files <acr-oat>]
|
OAT, [Of Ahead Time, an ahead of time compiled format for #DEX files <acr-oat>],
|
||||||
|
SDK, [Software Development Kit, a set of tools for developing software targeting a specific platform. In the context of Android, the version of the SDK can be associated to a version of Android, and application compatibility is defined in term of compatible SDK version <acr-sdk>],
|
||||||
|
XML, [eXtensible Markup Language, a language to store data <acr-xml>],
|
||||||
))
|
))
|
||||||
|
|
5
2_background/X_android.typ
Normal file
5
2_background/X_android.typ
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
#import "../lib.typ": todo
|
||||||
|
|
||||||
|
== Android <sec:bg-android>
|
||||||
|
|
||||||
|
#todo[Present the android environnement]
|
51
2_background/X_tools.typ
Normal file
51
2_background/X_tools.typ
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
#import "../lib.typ": todo, APK, IDE, SDK, DEX, ADB, ART, eg, XML, AXML
|
||||||
|
|
||||||
|
== Android Reverse Engineering Tools <sec:bg-tools>
|
||||||
|
|
||||||
|
Due to the specificities of Android, the usual tools for reverse engineering are not enough.
|
||||||
|
#todo[blabla intro in @sec:bg-tools]
|
||||||
|
|
||||||
|
#todo[References in @sec:bg-tools]
|
||||||
|
|
||||||
|
=== Android Studio <sec:bg-android-studio>
|
||||||
|
|
||||||
|
The whole Android developement ecosystem is packaged by Google in the #IDE Android Studio.
|
||||||
|
In practice, Android Studio is a source-code editor that wrap arround the different tools of the android #SDK.
|
||||||
|
The #SDK tools and packages can be installed manually with the `sdkmanager` tool.
|
||||||
|
Among the notable tools in the #SDK, they are:
|
||||||
|
|
||||||
|
- `emulator`: an Android emulator.
|
||||||
|
This tools allow to run an emulated Android phone on a computer.
|
||||||
|
Although very usefull, Android emulator has several limitation.
|
||||||
|
For once, it cannot emulate another achitecture.
|
||||||
|
An x86_64 computer cannot emulate an ARM smartphone.
|
||||||
|
This can be an issue because a majority of smartphone run on ARM processor.
|
||||||
|
Also, for certain version of Android, the proprietary GooglePlay libraries are not available on rooted emulators.
|
||||||
|
Lastly, emulators are not designed to be stealthy and can easily be detected by an application.
|
||||||
|
Malware will avoid detection by not running their payload on emulators.
|
||||||
|
- #ADB: a tool to send commands to Android smartphone or emulator.
|
||||||
|
It can be used to install applications, send instructions, events, and generally perform debuging operations.
|
||||||
|
- Platform Packages: Those packages contains data associated to a version of android needed to compile an application.
|
||||||
|
Especially, they contains the so call `android.jar` files.
|
||||||
|
- `d8`: The main use of `d8` is to convert java bytecode files (`.class`) to Android #DEX format.
|
||||||
|
It can also be used to perform different level of optimization of the bytecode generated.
|
||||||
|
- `aapt`/`aapt2` (Android Asset Packaging Tool): This tools is used to build the #APK file.
|
||||||
|
Behind the scene, it we convert #XML to binary #AXML and ensure the right files have the right compression and alignment. (#eg some ressource files are mapped in memory by the #ART, and thus need to be aligned and not compressed).
|
||||||
|
- `apksigner`: the tool used to sign an #APK file.
|
||||||
|
|
||||||
|
=== Apktool <sec:bg-apktool>
|
||||||
|
|
||||||
|
Apktool is a *reengineering tool* for Android #APK files.
|
||||||
|
It can be used to disassemble an application: it will extract the files from the #APK file, convert the binary #AXML to text #XML, and use smali/backsmali to convert the #DEX files to smali, an assembler-like langage that match the Dalvik bytecode instructions.
|
||||||
|
The main strenght of Apktool is that after having disassemble an application, the content of the application can be edited and reassemble into a new #APK.
|
||||||
|
|
||||||
|
=== Androguard <sec:bg-androguard>
|
||||||
|
|
||||||
|
Androguard is a python library for parsing and analysing #APK files.
|
||||||
|
|
||||||
|
=== Jadx <sec:bg-jadx>
|
||||||
|
|
||||||
|
=== Soot <sec:bg-soot>
|
||||||
|
|
||||||
|
=== Frida <sec:bg-frida>
|
||||||
|
|
|
@ -4,6 +4,8 @@
|
||||||
|
|
||||||
#todo[Present field background and related work]
|
#todo[Present field background and related work]
|
||||||
|
|
||||||
|
#include("X_android.typ")
|
||||||
|
#include("X_tools.typ")
|
||||||
#text(fill: luma(75%), lorem(200))
|
#text(fill: luma(75%), lorem(200))
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue