0Day to Buy
Anti-Spy
Exposed Leak
#Op
Cyber War
Home
Hacking Tools
Hacking Online Tools
Pr1v8
Google Hacking DB
All
Intro
DroidBox is developed to offer dynamic analysis of Android applications. The following information is described in the results, generated when analysis is complete:
º Hashes for the analyzed package
º Incoming/outgoing network data
º File read and write operations
º Started services and loaded classes through DexClassLoader
º Information leaks via the network, file and SMS
º Circumvented permissions
º Cryptographic operations performed using Android API
º Listing broadcast receivers
º Sent SMS and phone calls
Additionally, two graphs are generated visualizing the behavior of the package. One showing the temporal order of the operations and the other one being a treemap that can be used to check similarity between analyzed packages.
Setup
This is a guide to get DroidBox running. The release has only been tested on Linux and Mac OS. If you do not have the Android SDK, download it from http://developer.android.com/sdk/index.html. The following libraries are required: pylab and matplotlib to provide visualization of the analysis result.
º Export the path for the SDK tools
export PATH=$PATH:/path/to/android-sdk/tools/
export PATH=$PATH:/path/to/android-sdk/platform-tools/
º Download necessary files and uncompress it anywhere
wget https://github.com/pjlantz/droidbox/releases/download/v4.1.1/DroidBox411RC.tar.gz
º Setup a new AVD targeting Android 4.1.2 and choose Nexus 4 as device as well as ARM as CPU type by running:
Android
º Start the emulator with the new AVD:
./startemu.sh <AVD name>
º When emulator has booted up, start analyzing samples (please use the absolute path to the apk):
./droidbox.sh <file.apk> <duration in secs (optional)>
0 comentários:
Post a Comment
Note: Only a member of this blog may post a comment.