Android Static Analysis - Part 1

We shall start with the tools first. 

Gather all the necessary item so it will be less painful to wait.
Probably will add image for guidance from time to time.

 

What Do You Need?

  • A Computer with Windows OS or GNU/Linux (I prefer Kali Linux and/or Ubuntu)
    • I don't use mac, so I don't have any idea at all
  • Android SDK installer
  • Genymotion Community Edition (Shit Expensive yo!)
    • Make sure you download it with the virtualbox installer, just in case
    • Not necessarily used for static analysis, but good to have, will explain later.
  • Java 7 or Java 8 (OpenJDK also fine)
  • Dex2Jar
  • APKTool 
  • JD-GUI 
  • To be updated later

My Setup 

Previously, I have a laptop with Kali Linux installed, where all those tools are downloaded and installed in it. Easy!

Then, everything changed when the fire nation attacked. Well, the laptop dead from overheating. So now I only have a work laptop, running Windows OS in it. So,
  • I install VMware Workstation (VMware Player also ok) on Windows. 
  • Then install Kali Linux in it.
  • Smali and APKTool are already pre-installed in it.
  • I download JD-GUI and Dex2Jar, and configure the path in Kali Linux.
  • Download JDK7 and JRE 7 (Can use version 8, much patched, very secure, wow)
  • I configure Android SDK on Windows (Plus Android Studio)
  • Then install 7zip.
  • To be updated later.

My Way of Doing Things (Based on My Setup)

To analysis a .apk file, one must have the .apk file.
By the power of googling, one can find many ways to find it. Another way is if you have an Android emulator with installed Google Play, just sign in and install the application.

Then, using the magic of ADB, use this command:
adb pull /data/app/<packageName>/someAPKname.apk
You should also be able to get the .apk file to do static analysis. This may not working in actual phone unless rooted.

Then, I shall open the .apk file using 7zip.
Right click > goto 7zip > Open Archive
 Now you can see the content of the .apk file. Basically, .apk file is a compressed file containing several file (file-ception):
  • AndroidManifest.xml
  • META-INF
    • cert.rsa
    • cert.sf 
    • manifest.mf
  • classes.dex
  • res
    • drawable
      • *bunch of images used by the application
    • layout 
      • main.xml
      • some other stuff
  • resources.arsc
*This basic .apk file structure may be different from what you will find, mainly because different developer have different approach.

My weirdest finding is a .apk file within .apk file and the file size is so freaking big.

To be continued in Part 2





Comments

Popular posts from this blog

This is how I understand Data Encapsulation

VMware Workstation 14 Bridge Mode not Connected to Internet

Fixing Installation Problem in Kali Linux 2018.2 for VirtualBox and VMware Workstation. (gcc 7.3.0)