Phase to recommend
Frida environment installation
Xposed framework installation, use and plug-in development
HOOK startActivity
HOOK Framework – Dynamic proxy
Need relevant information friends, can [add here can be packaged to get]
A good Android reverse engineering tool can get twice the result with half the effort in reverse cracking engineering.
1. SMALI/BAKSMALI
SMALI/BAKSMALI is a powerful apK file editing tool that can be used in the Dalvik virtual machine (Google’s own virtual machine designed for Android) to decomcompile and backcompile classes.dex. The syntax is a loose Jasmin/ Dedexer syntax, and it implements all the functions of the. Dex format (annotations, debugging information, line information, etc.).
2. ANDBUG
Andbug is a debugging tool for Dalvik VIRTUAL machine on the Android platform. The tool is based on JDWP protocol and encapsulated in Python. Its flexibility and customizability is a magic tool for Android security for reverse engineers and developers. It uses the same interface as Eclipse plug-in debugging for Android, and its Java Debug Line protocol (JDWP) and Dalvik Debug Monitor (DDM) allow users to monitor the Dalvik VIRTUAL machine and check the process status.
Unlike Google’s own Android software development kit debugging tool, AndBug does not require source code. However, it needs to be wrapped in Python because for most important tasks, it needs to use a scripted breakpoints concept called “hooks.”
3. ANDROGUARD
Androguard (also known as Android Guard) is a reverse engineering of Android applications, providing features such as malware analysis. Its characteristics are as follows:
Use DAD as a decompiler;
Can analyze malware;
Written primarily in Python;
Support visualization;
Androguard support:
DEX, ODEX;
APK.
Binary XML for Android;
Android resource files;
Decomposed DEX/ODEX bytes;
DEX/ODEX file decompiler;
4. APKTOOL
APKTool is an APK compilation tool provided by GOOGLE. It can decompile and decompile APK, install the Framework -RES framework required by the APK decompile system, and clean up the last decompile folder. It can unpack APK completely. After unpacking APK, you can see declaration files, layout files, image resource files, smali files unpacked from dex, language files, etc. If you want to Chinese, modify the interface, modify the code, ApkTool can help you one-stop completion.
Features:
Decompiler resource files to native formats (resources. Arsc, classes.dex, 9.png, XML, etc.);
Rebuild decoding resources back to binary APK/JAR;
Organize and process apKS that depend on framework resources;
Smali debugging (removed in 2.1.0, replaced by IdeaSmali);
Assist with repetitive tasks;
5. AFE
AFE (Android Frameworkfor Exploitation) is an open source project that runs on unix-based operating systems and can be used to demonstrate security vulnerabilities in the Android operating system. It also shows that Android botnets can exist. Leaking Content Providers, Insecure FileStorage, Directory Traversal, etc. And executing arbitrary commands on infected devices.
AFE consists of two parts, PC (hereinafter referred to as AFE) and mobile (hereinafter referred to as AFEServer). AFE is mostly written entirely in Python. AFE is extensible, with the freedom to add additional modules or migrate existing tools to the AFE framework. AFEServer is an Android application running on a mobile phone. It is used to connect to the Python interface of AFE and execute commands sent by AFE to the mobile phone.
Function:
Complete command line interface;
Find application vulnerabilities;
Automatic creation of malicious applications;
6. BYPASS SIGNATURE AND PERMISSION CHECKS FORIPCS
The tool provides bypassing signature and permission checking services for IPCs by using Cydia Substrate.
About Cydia Substrate
Cydia Substrate is a code modification platform. It can modify any main process code, whether written in Java or C/C++ (native code).
7. ANDROID OPENDEBUG
The tool uses Cydia Substrate to run all applications on the device; Once any application is installed there is a Debugger connected to them.
Note: This tool can only be used on test equipment!
8. DARE
Dare is an APK reverse engineering tool released by the University of Pennsylvania Computer Science Department. It decompiles APK files used in Android systems into JavaClass files. These Class files can then be processed by existing Java tools, including decompilation. Currently supported on Linux and Mac OS X.
9. DEX2JAR
Dex2jar is a set of tools that can operate both the Android Dalvik (.dex) file format and the Java (.class) file format. Contains the following functions
Dex-reader /writer: used to read and write the DalvikExecutable (. Dex) file format. Contains a simple API(similar to ASM);
D2j-dex2jar: converts files from dex to class.
Smali/Baksmali: same functionality as smali tools, but more Friendly to Chinese;
Other tools: string decryption
10. ENJARIFY
Enjarify is a Dex2jar-like decompression tool developed by Google and based on Python3. It can convert Dalvik bytecode into Java bytecode with better compatibility, accuracy and efficiency than Dex2jar.
11. DEDEXER
Dedexer is an open source tool for decompiling DEX files. Features include:
You don’t need to run it in an Android emulator;
Dex files can be built according to the directory structure of Java source code Package directory, each class file corresponds to a DDX file;
Can be used as a decompiler engine like JASmin;
12. FINO
An Android dynamic analysis tool.
13. INDROID
The purpose of the project was to demonstrate that a simple debugging function on the NIx system’s A.k.aptrace function could be abused by malware to inject malicious code into remote processes. Indroid provides remote thread creation (CreateRemoteThread) for ARM-based NIX devices.
CreateRemoteThread creates a thread that runs in the address space of another process (also known as creating a remote thread).
14. INTENT SNIFFER
The Intent Sniffer tool works on any device running Google’s Android operating system. Intents are one of the most common ways for applications to communicate with each other on the Android platform. The Intent Sniffer tool implements broadcast intents that monitor runtime routing. It does not monitor intents that explicitly broadcast, but default to (in most cases) no-priority broadcasts.
The tool can also dynamically upgrade scanned actions and categories for intents based on application reflection and dynamic review installers.
15. INTROSPY
Introspy is a black-box testing tool that helps us understand the behavior of Android applications at runtime and helps us identify potential security issues.
16. JAD
JAD is a Java decompile tool that decompiles Java class files into source code using the command line.
17. JD-GUI
Jd-gui is a standalone graphical user interface tool that displays Java source code for “. Class “files. Jd-gui allows users to browse and recreate source code’s instant access methods and fields to display decompiled code in code-height fashion.
18. CFR
CFR(Class File Reader), Java decomcompilers, Java 8 lamda expressions, Java 7 string conversion, etc., developer for LeeBenfield.
19. KRAKATAU
Krakatau, developed by Storyyeller, currently consists of three main tools — Java class files decomcompile and disassemble tools, and class files to create assembly tools.
20. PROCYON
Java decomcompilers and metaprogramming frameworks, Procyon, have an obvious advantage in having a foothold in decompiler tools. It does control flow analysis and type inference, and also supports java8 features, developed by Mike Strobel.
21. FERNFLOWER
Fernflower is a great tool for decomcompiling and analyzing Java programs. It is currently under development. If you have bug reports and suggestions for improvement, please email to [email protected]
22. REDEXER
Redexer is a Dalvik bytecode (for Android APP) analysis framework. It is a set of ocAML-based utilities to help programmers parse and operate Dalvik VIRTUAL machines. Redexer was developed by the PLUM Group at the University of Maryland, College Park. Lead authors are Jinseong Jeon, Kristopher Micinski, and Jeff Foster.
On OCaml
OCaml is the main implementation of the Caml programming language, founded in 1996 by XavierLeroy, Jerme Vouillon, Damien Doligez, Didier Remy and others.
Download address: Portal
- SIMPLIFY Android anti-obfuscation tool
Simplify Android’s anti-obfuscate tool actually interprets its behavior by implementing an APP, and then tries to optimize the code to achieve consistent behavior but easier to understand. Each type of optimization is very simple and generic, so it doesn’t matter what particular type of obfuscation technique you use. It is mainly composed of three parts: Smalivm, Simplify and Demo app.
24. BYTECODE VIEWER
Bytecode Viewer is an advanced lightweight Java Bytecode Viewer, GUI CFR Java decompensator GUI FernFlower Java decompensator GUI Jar-jar Hex decompensator
The open source tool is developed entirely in the Java programming language. The tool was designed and developed by Konloch, who are currently maintaining the open source project.
There is also a plugin system designed to allow you to interact with loaded class files. For example, you could write an anti-obfuscate tool for strings, a malicious code finder, or anything else you can think of.
Not only can you use a pre-written plug-in by someone else, but you can also use your own plug-in. Not only that, it also supports using Groovy scripts, Python scripts, and Ruby scripts. When the plug-in state is activated, it loads each individual class file into BCV so that users can use ASM to control the loaded class files.
25. RADARE2
Radare2 is an open source reverse engineering platform that disassembles, debuts, analyzes, and manipulates binaries.
Main features:
Multi-platform and multi-architecture;
High scripting;
Hexadecimal editor;
IO package;
File system support;
Debugger support, etc.
26. JEB FOR ANDROID
JEB is a powerful decompiler for Android applications designed for security professionals. Used for reverse engineering or auditing APK files, it can increase efficiency and reduce analysis time for many engineers.
The characteristics are as follows:
Full Dalvik decompiler;
Interactive;
APK file content can be fully tested;
Multi-platform (support Windows, Linux, Mac and other operating systems)
If you’re also interested in Android reverse. You can join the group below to discuss the problem together, or scan the qr code below to follow the public account, follow the reply “Android reverse” to get a free tutorial
Android reverse AC learning Q group: 876526335 Vx: yijin_LX
