crypto

Droidefense: Advance Android Malware Analysis

Droidefense: Advance Android Malware Analysis

Droidefense (originally named atom: analysis through observation machine)* is the codename for android cryptoapps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has anti-analysis routines, Droidefense attemps to bypass them in order to get to the code and ‘bad boy’ routine. Sometimes those techniques can be virtual machine detection, emulator detection, self certificate checking, pipes detection. tracer pid check, and so on.

Droidefense uses an innovative idea in where the code is not decompiled rather than viewed. This allow us to get the global view of the execution workflow of the code with a 100% accuracy on gathered information. With this situation, Droidefense generates a fancy html report with the results for an easy understanding.
Usage

TL;DR

java -jar droidefense-cli-1.0-SNAPSHOT.jar -i /path/to/your/sample.apk

Detailed usage

java -jar droidefense-cli-1.0-SNAPSHOT.jar
 
 ________               .__    .___      _____                            
 \______ \_______  ____ |__| __| _/_____/ ____\____   ____   ______ ____  
  |    |  \_  __ \/  _ \|  |/ __ |/ __ \   __\/ __ \ /    \ /  ___// __ \ 
  |    `   \  | \(  <_> )  / /_/ \  ___/|  | \  ___/|   |  \\___ \\  ___/ 
 /_______  /__|   \____/|__\____ |\___  >__|  \___  >___|  /____  >\___  >
         \/                     \/    \/          \/     \/     \/     \/ 
 
 
  * Current build:    2017_12_05__12_07_01
  * Check out on Github:    https://github.com/droidefense/
  * Report your issue:    https://github.com/droidefense/engine/issues
  * Lead developer:    @zerjioang
 
 usage: droidefense
  -d,--debug                 print debugging information
  -h,--help                  print this message
  -i,--input <apk>           input .apk to be analyzed
  -o,--output <format>       select prefered output:
                             json
                             json.min
                             html
  -p,--profile               Wait for JVM profiler
  -s,--show                  show generated report after scan
  -u,--unpacker <unpacker>   select prefered unpacker:
                             zip
                             memapktool
  -v,--verbose               be verbose
  -V,--version               show current version information

Useful info:

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.