When Android started ruling the mobile markets with millions of applications and open source ROM projects, lot of security issues were tailing the world’s largest mobile market dominator.
The count of malwares detected has been continually improving on large malware databases. The need of this moment is an approach to tackle this situation which is possible with the aid of detailed analysis. Android applications on third-party sites could be infected with malicious code. Reversing the application and looking into its contents can be useful when it comes to analysis. Adhrit is one such tool developed for analysis of Android applications. The tool was written mainly for aiding malware analysis and for CTFs, where time is an important factor and automation comes in as a blessing.
Adhrit combines many open source tools to cut down the amount of time spent on the process of reversing apks, which is, time consuming when approached manually, and extracting information from it. For instance, to extract the source code of an apk file in smali, one has to use apktool and then when he needs the source code in Java, he would have to rely upon dex2jar and then use a Java decompiler to view the JAR. But the tool can do all this in less than a 20 seconds!
This tool holds flexibility as one of its priorities and lets the user decide what amount of information he would want from any given apk file. The effort is to make the tool as compact as possible by isolating the individual tools from the Android SDK. This also relieves the user from the burden of installing and configuring the Android SDK.
What Adhrit Can Do?
- Extract the APK contents into a directory
- Dump certificate details
- Extract source code in Smali
- Extract source code in Java
- Recompile smali back into APK
- Parse binary Manifest XML into readable XML
- Search for native libraries
- Analyze permissions used by the application
- Check for malware footprints in the VirusTotal database
How Is It Useful?
- Build custom/patched APKs if necessary in CTFs. Java source and the AndroidManifest.xml is extracted by the tool.
- Build APK mods using the smali code extracted using APK Tool. This is especially useful when you can inject the smali bytecode.
- Analyse source code.
- Check if a given apk is legitimate or a malicious copy of the given legitimate app. This is where the certificate plays the role. For example, suppose you have an apk file of WhatsApp gathered from a third-party site. If the apk has been tampered and recompiled, it can’t be signed with the same signature as Facebook.
- Check if the malware is listed on VirusTotal.
- Check if the apk has native libraries and if yes, then get the dump of the headers of the binary for analysis.
Can I Reuse Adhrit?
Cent percent yes! You can use any part of this code and even few of the slightly modified tools (which are again, open source tools built by wonderful developers.) in your projects with proper credits and under open source license constraints.
Where do I find?
The project is still under progress and will implement dynamic analysis techniques too.
Follow ADHRIT project on GitHub for continual updates.
Good day! 🙂
Leave a Reply