This commit is contained in:
Jean-Marie Mineau
parent
7f61637b64
commit
e9bc1572e9
GPG key ID:
B66AEEDA9B645AD2
4 changed files with 3080 additions and 16 deletions
|
|
@ -110,11 +110,11 @@ We spawned multiple emulators, installed Frida on it, took a snapshot of the emu
|
|||
Then we run the application for a five minutes with GroddRunner, and at the end of the analysis, we reload the snapshot in case the application modified the system in some unforseen way.
|
||||
If at some point the emulator start responding for too long, we terminate it and restart it.
|
||||
|
||||
#todo[Droid donjon, dire qu'on est au niveau -1 de l'anti-evation]
|
||||
As we will see in @sec:th-res #todo[donner la bonne subsection], our experimental setup is quite naive and still requiee improvement. #todo(strike(stroke: green)[Comment on dit proprement que c'est tout pété?])
|
||||
As we will see in @sec:th-dyn-failure, our experimental setup is quite naive and still requires improvement. #todo(strike(stroke: green)[Comment on dit proprement que c'est tout pété?])
|
||||
For example, it does not implement any anti-evasion techniques, which can be a significant issue when analysing malware.
|
||||
Nonetheless, the benefit of our implementation is that it only requires a #ADB connection to a phone with a rooted Android system to work.
|
||||
Of course, to analyse a specific application, a reverse engineer could use an actual smartphone and explore the application manually.
|
||||
It wiykd be a lot more stable than our automated batch analysis setup.
|
||||
It would be a lot more stable than our automated batch analysis setup.
|
||||
|
||||
#todo[Futur work: Droiddonjon like, GroddDroid improved exploration, potentiellement faire de l'execution forcé avec frida]
|
||||
#todo[Futur work: Droiddonjon like, GroddDroid (or other) improved exploration, potentiellement faire de l'execution forcé avec frida]
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue