diff --git a/0_preamble/notations.typ b/0_preamble/notations.typ index c51cfb9..cbd2990 100644 --- a/0_preamble/notations.typ +++ b/0_preamble/notations.typ @@ -1,13 +1,7 @@ -#let ADB = link()[ADB] #let APK = link()[APK] -#let ART = link()[ART] -#let AXML = link()[AXML] #let DEX = link()[DEX] #let OAT = link()[OAT] #let JAR = link()[JAR] -#let IDE = link()[IDE] -#let SDK = link()[SDK] -#let XML = link()[XML] #let notation_table = align(center, table( columns: 2, @@ -15,14 +9,8 @@ table.header( [Acronyms], [Meanings], ), - ADB, [Android Debug Bridge, a tool to connect to an Android emulator of smartphone to run commands, start applications, send events and perform other operations for testing and debuging purpose ], APK, [Android Package, the file format used to install application on Android. The APK format is an extention of the #JAR format ], - ART, [Android RunTime, the runtime environement that execute an Android application. The ART is the successor of the older Dalvik Virtual Machine ], - AXML, [Android #XML. The specific flavor of #XML used by Android. The main specificity of AXML is that it can be compile in a binary version inside an APK ], DEX, [Dalvik Executable, the file format for the bytecode used for applicatiobs by Android ], - IDE, [Integrated Development Environment, a software providing tools for software development ], JAR, [Java ARchive file, the file format used to store several java class files. Sometimes used by Android to store #DEX files instead of java classes ], - OAT, [Of Ahead Time, an ahead of time compiled format for #DEX files ], - SDK, [Software Development Kit, a set of tools for developing software targeting a specific platform. In the context of Android, the version of the SDK can be associated to a version of Android, and application compatibility is defined in term of compatible SDK version ], - XML, [eXtensible Markup Language, a language to store data ], + OAT, [Of Ahead Time, an ahead of time compiled format for #DEX files ] )) diff --git a/2_background/X_android.typ b/2_background/X_android.typ deleted file mode 100644 index 9c7f6b0..0000000 --- a/2_background/X_android.typ +++ /dev/null @@ -1,5 +0,0 @@ -#import "../lib.typ": todo - -== Android - -#todo[Present the android environnement] diff --git a/2_background/X_tools.typ b/2_background/X_tools.typ deleted file mode 100644 index 22334c9..0000000 --- a/2_background/X_tools.typ +++ /dev/null @@ -1,51 +0,0 @@ -#import "../lib.typ": todo, APK, IDE, SDK, DEX, ADB, ART, eg, XML, AXML - -== Android Reverse Engineering Tools - -Due to the specificities of Android, the usual tools for reverse engineering are not enough. -#todo[blabla intro in @sec:bg-tools] - -#todo[References in @sec:bg-tools] - -=== Android Studio - -The whole Android developement ecosystem is packaged by Google in the #IDE Android Studio. -In practice, Android Studio is a source-code editor that wrap arround the different tools of the android #SDK. -The #SDK tools and packages can be installed manually with the `sdkmanager` tool. -Among the notable tools in the #SDK, they are: - -- `emulator`: an Android emulator. - This tools allow to run an emulated Android phone on a computer. - Although very usefull, Android emulator has several limitation. - For once, it cannot emulate another achitecture. - An x86_64 computer cannot emulate an ARM smartphone. - This can be an issue because a majority of smartphone run on ARM processor. - Also, for certain version of Android, the proprietary GooglePlay libraries are not available on rooted emulators. - Lastly, emulators are not designed to be stealthy and can easily be detected by an application. - Malware will avoid detection by not running their payload on emulators. -- #ADB: a tool to send commands to Android smartphone or emulator. - It can be used to install applications, send instructions, events, and generally perform debuging operations. -- Platform Packages: Those packages contains data associated to a version of android needed to compile an application. - Especially, they contains the so call `android.jar` files. -- `d8`: The main use of `d8` is to convert java bytecode files (`.class`) to Android #DEX format. - It can also be used to perform different level of optimization of the bytecode generated. -- `aapt`/`aapt2` (Android Asset Packaging Tool): This tools is used to build the #APK file. - Behind the scene, it we convert #XML to binary #AXML and ensure the right files have the right compression and alignment. (#eg some ressource files are mapped in memory by the #ART, and thus need to be aligned and not compressed). -- `apksigner`: the tool used to sign an #APK file. - -=== Apktool - -Apktool is a *reengineering tool* for Android #APK files. -It can be used to disassemble an application: it will extract the files from the #APK file, convert the binary #AXML to text #XML, and use smali/backsmali to convert the #DEX files to smali, an assembler-like langage that match the Dalvik bytecode instructions. -The main strenght of Apktool is that after having disassemble an application, the content of the application can be edited and reassemble into a new #APK. - -=== Androguard - -Androguard is a python library for parsing and analysing #APK files. - -=== Jadx - -=== Soot - -=== Frida - diff --git a/2_background/main.typ b/2_background/main.typ index 49fecc7..1442111 100644 --- a/2_background/main.typ +++ b/2_background/main.typ @@ -4,8 +4,6 @@ #todo[Present field background and related work] -#include("X_android.typ") -#include("X_tools.typ") #text(fill: luma(75%), lorem(200)) /* diff --git a/5_theseus/3_results.typ b/5_theseus/3_results.typ index d312335..c43b6fe 100644 --- a/5_theseus/3_results.typ +++ b/5_theseus/3_results.typ @@ -1,7 +1,6 @@ #import "../lib.typ": todo -== Result -#todo[better section name for @sec:th-res] +== Results #todo[better section name] === Bytecode Loaded by Application diff --git a/5_theseus/main.typ b/5_theseus/main.typ index 8125c9d..c2d7bea 100644 --- a/5_theseus/main.typ +++ b/5_theseus/main.typ @@ -1,8 +1,6 @@ #import "../lib.typ": todo -= Theseus - -#todo[theseus chapter title for @sec:th] += #todo[theseus chapter title] #include("1_static_transformation.typ") #include("3_results.typ")