monline

"APKinspector is a powerful GUI tool for analysts to analyze the Android applications. The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. The primary focus of this project is to provide a visualization layer that’s typically missing in existing Android reverse engineering tools, as well as to create a unified platform that combines several existing Android reverse engineering tools into a single unified view and context. For example this would include taking the control flow graph output from Androguard and unifying it with the code output from apktool, or dex2jar."

There's a 9 min video demonstrating the featureset of APKInspector.

"Parts of the Android API are protected with permissions. In order to access protected API calls, developers must request the appropriate permissions in their applications' manifests. If a developer asks for more permissions than an application needs, then the application is overprivileged. Preventing overprivilege is important. Extra permissions may (1) unnecessarily deter users from installing applications, (2) unnecessarily accustom users to accepting lots of permissions, and (3) needlessly increase the potential damage of application vulnerabilities. Stowaway -a static analysis tool- detects overprivilege in compiled Android applications. Stowaway determines the set of API calls that an application uses and then maps those API calls to permissions. Automated testing tools were used on the Android API to build the permission map."

The tool itself seems to be not yet publicly available, but the website lets you upload an APK for analysis and review the results.

"Androguard is mainly a tool written in python to play with:

• Dex (Dalvik virtual machine) (.dex), and ODex (disassemble, decompilation)
• APK (Android application) (.apk)
• Android's binary xml (.xml)

Androguard is available for Linux/OSX/Windows (python powered)."

"There is no longer a traditional CD-sized image, DVD or alternate image, but rather a single 800MB Ubuntu image that can be used from USB or DVD. Users who previously installed using LVM or full-disk encryption via the alternate CD will find that these installation targets are supported by the consolidated image in 12.10."

Well, that's almost true. Apart from the small difference that the new universal desktop image is only 790 MB. I don't really see any reason why the image could not fit on a 700 MB CD anymore. For those lousy 90 MB we've to use a DVD now. Did you already burn it? Is it not ridiculous how little of the 4.7 GB the image uses? Is it not a huge waste of space and resources? Ahhh.

I recently wrote about how to deodex an odex file. Part of the instructions were a series of commands to unpack (decode+disassemble) an APK into some sort of a "source package". I've attached a short shell script (for linux/unix systems) that will use apktool, aapt and baksmali to extract and disassemble the contents of all APKs in the current working directory. It can be useful eg. to disassemble all system apps copied over to your PC from the /system/app directory on your phone. And having the sources you can start looking around and track down bugs, etc. Of course you could just download the original (Java) sources from android.googlesource.com, but that would take quite a long time and several gigabytes on your drive.

Paid apps in Google Play are now encrypted with a device-specific key before they are delivered and stored on the device. This article discusses Android app encryption details, a new feature introduced in Jelly Bean (Android 4.1). The article shows how this encryption works and how you can encrypt and install apps "manually".

In the latest version (v1.4.0) of baksmali the process has been greatly simplified:

"smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The syntax is loosely based on Jasmin's/dedexer's syntax, and supports the full functionality of the dex format (annotations, debug info, line info, etc.)"

Let me warn you in advance: this is not going to be easy. If you're afraid you might brick your phone/tablet, don't even start. That said, it's really not too hard either. You just have to be the tinkering type and it doesn't hurt if you already know your way around flashing a custom recovery ROM, using ADB, etc.

Save the following JavaScript as a bookmark (ie. bookmarklet):

To use it, load the website of your choice, then start typing the name of the bookmarklet in the address bar and click it once the full name appears (via autocomplete).