Static Analysis

From wiki.exploitpedia.org

Frameworks

APKInspector

APKinspector is a powerful GUI tool for analysts to analyze the Android applications.

APKTool

Tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications.

Mobile Security Framework - MobSF

Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis.

root #cd Mobile-Security-Framework-MobSF
root #pip install -r requirements.txt
root #python manage.py runserver


or using Docker:

$docker pull opensecurity/mobile-security-framework-mobsf
$docker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest


Mobile-Security-Framework.jpg

Reverse Engineering

.smali reverse engineering tools:

  • baksmali
  • smali

Steps:

1.Unzip

$unzip test.apk

2.Baksmali

$baksmali classes.dex -o smaliClasses

3.Smali

$smali smaliClasses -o classes.dex

4.Zip -r

$zip -r test.apk AndroidManifest.xml classes.dex res/ resources.arsc

5.Jarsign

$java -jar signapk.jar testkey.x509.pem testkey.pk8 test.apk test-patched.apk

6.Zipalign

$zipalign -v 4 test-patched.apk final-apk.apk


AndroidManifest.xml Analysis

You can always exclude a task from the Recents screen entirely by setting the <activity> attribute, android:excludeFromRecents to true.

Source: https://developer.android.com/guide/components/activities/recents