• Search by Module
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

Project: android_application_analyzer (GitHub Link)

• android_application_analyzer-master
  • GlobalVariables.py
  • requirement.txt
  • gui.py
  • LICENSE
  • Usage
  • logcat.py
  • main.py
  • README.md
  • banner.py
  • tools
    • fridascript
      • UniversalSSLUnpinning.js
    • sign.jar
    • dex2jar
      • d2j-dex-recompute-checksum.sh
      • NOTICE.txt
      • d2j-dex-weaver.sh
      • d2j-smali.sh
      • d2j-baksmali.bat
      • d2j-dex2jar.bat
      • d2j-class-version-switch.sh
      • d2j-jasmin2jar.bat
      • d2j-dex2jar.sh
      • d2j-dex-weaver.bat
      • d2j-jasmin2jar.sh
      • d2j-class-version-switch.bat
      • d2j-jar-access.sh
      • d2j-dex-recompute-checksum.bat
      • d2j_invoke.bat
      • d2j-asm-verify.bat
      • lib
        • org.abego.treelayout.core-1.0.1.jar
        • antlr-runtime-3.5.2.jar
        • dex-tools-2.1-SNAPSHOT.jar
        • d2j-jasmin-2.1-SNAPSHOT.jar
        • dex-reader-api-2.1-SNAPSHOT.jar
        • dex-translator-2.1-SNAPSHOT.jar
        • d2j-smali-2.1-SNAPSHOT.jar
        • dex-writer-2.1-SNAPSHOT.jar
        • d2j-base-cmd-2.1-SNAPSHOT.jar
        • dex-reader-2.1-SNAPSHOT.jar
        • open-source-license.txt
      • d2j-baksmali.sh
      • d2j-decrypt-string.sh
      • d2j-jar2dex.sh
      • d2j-jar2dex.bat
      • d2j-std-apk.sh
      • d2j-jar-weaver.bat
      • d2j-asm-verify.sh
      • d2j-jar-access.bat
      • d2j-decrypt-string.bat
      • d2j-dex2smali.sh
      • d2j-jar-weaver.sh
      • d2j-smali.bat
      • d2j-apk-sign.bat
      • d2j_invoke.sh
      • d2j-jar2jasmin.bat
      • d2j-apk-sign.sh
      • d2j-dex2smali.bat
      • d2j-jar2jasmin.sh
      • LICENSE.txt
      • d2j-std-apk.bat
    • burpcert.crt
  • .gitignore
  • setup.sh

Android Application Analyzer

The tool is used to analyze the content of the android application in local storage.

Install the dependency using following command

• chmod +x setup.sh
• ./setup.sh

Use the following command to run the tool

• python3 main.py

Note

In order to run "Fridump" and "Frida universal ssl unpinning" script, Frida client must be installed on base machine

It will list down all the devices connected to the device as shown in Figure:

It will start fetching logcat logs for the selected device as shown in Figure:

In order to analyze the application, select it from dropdown list as shown in Figure:

To analyze the file content of the application, Select the file as shown in Figure:

Analyze the sensitive information logcat logs as shown in Figure:

In order to view application source in JD-GUI, click on "jdgui" button as shown in Figure:

If the mobSF configured in the system and in order to open application with MobSF click on "mobSF" button as shown in Figure:

In order to decompile application using apktool, click on "apktool" button as shown in Figure:

In order to take application sandbox backup for future reference, click on "snapshot" button as shown in Figure:

Frida universal SSL unpinning and fridump support as shown in Figure:

Future Enhancement

• [x] Strings command on “so or library” file
• [x] Compatible with python3
• [ ] Deep search :- Find all the files of the application from the entire storage
• [x] Snapshot button :- Copy entire application directory for future reference
• [x] The dropdown list of the application instead of Text Box
• [x] Snapshot button :- Copy entire application directory for future reference
• [x] The dropdown list of the application instead of Text Box
• [x] One clikc application decompile using apktool
• [x] One click JD GUI application navigation
• [x] Universal Frida SSL Script to bypass ssl pinning
• [x] Run Fridump tool to check sensitive information in application memory
• [x] One click reinstall the APK using (uninstall app -> apktool rebuild app -> sign.jar (sign apk)-> install app)
• [x] One click mobSF analysis (prerequisite: mobSF installation required) Note: as of now update the mobSF endpoint in GlobalVariables.py and "mobSFURL" variable

References

• https://stackoverflow.com/questions/11524586/accessing-logcat-from-android-via-python
• https://payatu.com/wp-content/uploads/2016/01/diva-beta.tar.gz
• https://pythonspot.com/pyqt5/
• https://github.com/iBotPeaches/Apktool/releases
• https://github.com/java-decompiler/jd-gui/releases
• https://github.com/pxb1988/dex2jar/releases
• https://github.com/appium/sign/tree/master/dist
• https://github.com/frida/frida/releases/download/12.8.10/frida-server-12.8.10-android-x86.xz
• https://github.com/Nightbringer21/fridump
• https://codeshare.frida.re/@pcipolloni/universal-android-ssl-pinning-bypass-with-frida/