Skip to main content

Android Static Analysis - Part 1

We shall start with the tools first. 

Gather all the necessary item so it will be less painful to wait.
Probably will add image for guidance from time to time.


What Do You Need?

  • A Computer with Windows OS or GNU/Linux (I prefer Kali Linux and/or Ubuntu)
    • I don't use mac, so I don't have any idea at all
  • Android SDK installer
  • Genymotion Community Edition (Shit Expensive yo!)
    • Make sure you download it with the virtualbox installer, just in case
    • Not necessarily used for static analysis, but good to have, will explain later.
  • Java 7 or Java 8 (OpenJDK also fine)
  • Dex2Jar
  • APKTool 
  • JD-GUI 
  • To be updated later

My Setup 

Previously, I have a laptop with Kali Linux installed, where all those tools are downloaded and installed in it. Easy!

Then, everything changed when the fire nation attacked. Well, the laptop dead from overheating. So now I only have a work laptop, running Windows OS in it. So,
  • I install VMware Workstation (VMware Player also ok) on Windows. 
  • Then install Kali Linux in it.
  • Smali and APKTool are already pre-installed in it.
  • I download JD-GUI and Dex2Jar, and configure the path in Kali Linux.
  • Download JDK7 and JRE 7 (Can use version 8, much patched, very secure, wow)
  • I configure Android SDK on Windows (Plus Android Studio)
  • Then install 7zip.
  • To be updated later.

My Way of Doing Things (Based on My Setup)

To analysis a .apk file, one must have the .apk file.
By the power of googling, one can find many ways to find it. Another way is if you have an Android emulator with installed Google Play, just sign in and install the application.

Then, using the magic of ADB, use this command:
adb pull /data/app/<packageName>/someAPKname.apk
You should also be able to get the .apk file to do static analysis. This may not working in actual phone unless rooted.

Then, I shall open the .apk file using 7zip.
Right click > goto 7zip > Open Archive
 Now you can see the content of the .apk file. Basically, .apk file is a compressed file containing several file (file-ception):
  • AndroidManifest.xml
    • cert.rsa
    • cert.sf 
  • classes.dex
  • res
    • drawable
      • *bunch of images used by the application
    • layout 
      • main.xml
      • some other stuff
  • resources.arsc
*This basic .apk file structure may be different from what you will find, mainly because different developer have different approach.

My weirdest finding is a .apk file within .apk file and the file size is so freaking big.

To be continued in Part 2


Popular posts from this blog

The 7 Deadly Diseases by Dr. William Edward Deming.

 Good advice to follow when it come to product development. I found this here: The diseases are: Lack of constancy of purpose : You must remain focused on doing the right things because they are the right things to do for your customer and to achieve quality. ITSM is not a fad it is a way of behaving. Emphasis on short-term profits : Cutting costs can bring short-term profits and are easy to achieve. But cutting costs can only go on for so long, before you have cut to the bone and have nothing left to cut. Evaluation by performance, merit rating, or annual review of performance : Management by objectives ends up focusing on the objectives and not on the management. It is about “hitting the numbers” and not improvement. Mobility of management : When management changes jobs constantly there is no continuity or constancy of purpose. Each time a new leader comes in, the efforts of quality

Memilih Kamera Pertama Anda. Bahagian 2 Tambahan - Kamera Point and Shoot

Edisi Khas untuk kamera Point and Shoot. Penulis merasakan kamera jenis ini tidak mendapat perhatian yang baik dengan ciri yang kompak, ringan dan mudah dibawa. Kebanyakan keluaran lewat 2015 mempunyai spesifikasi yang bagus, setara dengan DSLR dan Mirrorless. Contoh Kamera Point and Shoot keluaran Sony yang terkini bernama Sony ZV-1 Saiz Sensor - Kebanyakan kamera sebegini sensor sebesar 1 inci sehingga APS-C.  Megapixel - Normalnya bermula 12 MP sehingga 26 MP. Hasil gambar juga baik, cuma kekurangan fungsi Penstabil (Stabiliser) menyebabkan kualiti gambar adalah bergantung kepada tetapan (setting) yang betul serta tangan pengambil gambar yang teguh. Saiz Kamera - Kerana saiz yang kompak, ia senang dibawa kemana-mana sahaja, tanpa memakan ruang pada beg mahupun poket. Saiz kecil juga nampak natural, tidak seakan menceroboh momen dengan saiz yang besar, membuatkan orang berasa tidak senang duduk. Versatil - Mempunyai kebolehan merakam video, jadi

IP Fragmentation for Dummy like Me!

Recently I encounter this question, and for some reason I answer it wrong 😓  I answer "d", which if my boss saw me he would just slap me or something, hahahaha. So what is the right answer? Lets explore IP Fragmentation and seek the truth. In short. IP Fragmentation means in situation of where before transmission, when the IP packet is too large, larger than the Maximum Transmission Unit (MTU) of an interface, it shall be fragmented (split) or discarded, depends on situation. There are situation where fragmentation will occur. We will explore these 2 situation. 1 - Fragmentation at Router. During Packet transmission, PC will ask the router what is the MTU. It will later split the packet into several fragments. Those fragments will hold an identifier in the header. It will later reassembled by receiver into an original PDU (Protocol data unit, contains Packet Header and Packet Payload). This has disadvantage over the router where it will make router to work mo