Best Tools for static mobile malware analysis
Day by day the number of smartphone users is increasing shortly, along behind smartphone usage mobile malware attacks are as well as growing. Malware is malicious software used to disrupt, assemble information, or reach entrance to a computer system or mobile device. Malware developers create use of thirdparty application to inject malicious content into smartphone and compromise phone security. Malware detectors are the primary tools to accomplishment against these malwares. The attainment of malware detectors are based as regards techniques it uses. this article focues upon the tools that we can use even if doing static malware analysis.
Santoku is dedicated to mobile forensics, analysis, and security, and packaged in an handy, Open Source platform. Santoku have everithing in to gone it comes out cold analysing Mobile Malware Analysis.It contains:
Mobile device emulators
Utilities to simulate network services for full of beans analysis
Decompilation and disassembly tools
Access to malware databases
The Mobile-Sandbox provides static and lively malware analysis collective following than robot learning techniques for Android applications
smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The syntax is loosely based upon Jasmin's/dedexer's syntax, and supports the full functionality of the dex format (annotations, debug info, pedigree info, etc.)
Androguard is mainly a tool written in python to perform as soon as :
Dex/Odex (Dalvik virtual machine) (.dex) (disassemble, decompilation),
APK (Android application) (.apk),
Android's binary xml (.xml),
Android Resources (.arsc).
apkinspector
The direct of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to make a obtain of deep rapidity into the malicious apps:
- CFG
- Call Graph
- Static Instrumentation
- Permission Analysis
- Dalvik codes
- Smali codes
- Java codes
- APK Information
The IDA Disassembler and Debugger is an interactive, programmable, extendible, multi-processor disassembler hosted upon Windows, Linux, or Mac OS X. IDA has become the de-facto okay for the analysis of hostile code, vulnerability research and COTS validation.
dex2jar contains following compment
dex2jar contains following compment
- dex-reader is expected to access the Dalvik Executable (.dex/.odex) format. It has a spacious weight API same as soon as ASM. An example here
- dex-translator is intended to obtain the convert job. It reads the dex auspices to dex-ir format, after some optimize, convert to ASM format.
- dex-ir used by dex-translator, is meant to represent the dex inform
- dex-tools tools to produce a upshot as soon as .class files. here are examples:
- Modify a apk
- DeObfuscate a jar
- d2j-smalidisassemble dex to smali files and build up dex from smali files. vary implementation to smali/baksmali, linked syntax, but we withhold control away in type desc "Lcom/dex2jar\t\u1234;"
- dex-writer write dex thesame quirk as dex-reader.
JD-GUI is a standalone graphical abet that displays Java source codes of .class files. You can browse the reconstructed source code later the JD-GUI for instant entry to methods and fields.
No comments:
Post a Comment