This commit is contained in:
Jean-Marie Mineau
parent
072c4f48c4
commit
346151125e
GPG key ID:
B66AEEDA9B645AD2
6 changed files with 21 additions and 16 deletions
|
|
@ -9,7 +9,7 @@ Usually, the first step while analysing an application is to look at its content
|
|||
Apktool and Jadx are common tools used to convert the content of an application into a readable format.
|
||||
Analysing an application this way, without running it, is called static analysis.
|
||||
For more advanced forms of static analysis, Androguard and Soot can be used as libraries to automate analyses.
|
||||
When static analysis became too complicated (#eg if the application uses obfuscation techniques), a reverse engineer might switch to dynamic analysis.
|
||||
When static analysis becomes too complicated (#eg if the application uses obfuscation techniques), a reverse engineer might switch to dynamic analysis.
|
||||
This time, the application is executed, and the analyst will scrutinise the behaviour of the application.
|
||||
Frida is a good option to help with this dynamic analysis.
|
||||
It is a toolkit that can be used to intercept method calls and execute custom scripts while an application is running.
|
||||
|
|
@ -20,8 +20,7 @@ In practice, Android Studio is a source-code editor that wraps around the differ
|
|||
The #SDK tools and packages can be installed manually with the `sdkmanager` tool.
|
||||
Among the notable tools in the #SDK are:
|
||||
|
||||
- `emulator`: an Android emulator.
|
||||
This tool allows running an emulated Android phone on a computer.
|
||||
- `emulator`: this tool allows running an emulated Android phone on a computer.
|
||||
Although very useful, Android emulator has several limitations.
|
||||
For once, it cannot emulate another architecture.
|
||||
An x86_64 computer cannot emulate an ARM smartphone.
|
||||
|
|
@ -45,17 +44,15 @@ Among the notable tools in the #SDK are:
|
|||
#paragraph[*Apktool*][
|
||||
Apktool#footnote[https://apktool.org/] is a _reengineering tool_ for Android #APK files.
|
||||
It can be used to disassemble an application: it will extract the files from the #APK file, convert the binary #AXML to text #XML, and use smali/backsmali#footnote[https://github.com/JesusFreke/smali] to convert the #DEX files to smali, an assembler-like language that matches the Dalvik bytecode instructions.
|
||||
The main strength of Apktool is that after disassembling an application, its content can be edited and reassembled into a new #APK. #jfl-note[limites? ca marche toujours?]
|
||||
The main strength of Apktool is that after disassembling an application, its content can be edited and reassembled into a new #APK.
|
||||
]
|
||||
|
||||
#paragraph[*Androguard*][
|
||||
Androguard#footnote[https://github.com/androguard/androguard]~@desnos:adnroguard:2011 is a Python library for parsing and disassembling #APK files.
|
||||
It can be used to automatically read Android manifests, resources, and bytecode.
|
||||
Contrary to Apktool, which generates text files, it can be used as a library to programmatically analyse the application.
|
||||
It can also perform additional analysis, like computing a call graph or control flow graph of the application (we will explain what those graphs are later in @sec:bg-static).
|
||||
However, contrary to Apktool, it cannot repackage a modified application.
|
||||
|
||||
It can also perform additional analysis, like computing a call graph or control flow graph of the application.
|
||||
We will explain what those graphs are later in @sec:bg-static.
|
||||
]
|
||||
|
||||
#paragraph[*Jadx*][
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue