AndroL4b – A Virtual Machine For Assessing Android Applications, Reverse Engineering and Malware Analysis

AndroL4b - A Virtual Machine For Assessing Android Applications, Reverse Engineering and Malware Analysis

AndroL4b is an android security virtual machine based on Ubuntu-mate includes the collection of latest framework, tutorials and labs from different security geeks and researchers for reverse engineering and malware analysis.

Tools:

  • Radare2: Unix-like reverse engineering framework and commandline tools
  • Frida: Inject JavaScript to explore native apps on Windows, macOS, Linux, iOS, Android, and QNX.
  • ByteCodeViewer Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)
  • Mobile Security Framework (MobSF) (Android/iOS) Automated Pentesting Framework (Just Static Analysis in this VM)
  • Drozer Security Assessment Framework for Android Applications
  • APKtool Reverse Engineering Android Apks
  • AndroidStudio IDE For Android Application Development
  • BurpSuite Assessing Application Security
  • Wireshark Network Protocol Analyzer
  • MARA Mobile Application Reverse engineering and Analysis Framework
  • FindBugs-IDEA Static byte code analysis to look for bugs in Java code
  • AndroBugs Framework Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications
  • Qark Tool to look for several security related Android application vulnerabilities

    Labs:

    • Damn Insecure and vulnerable App for Android(DIVA) Vulnerable Android Application
    • InsecureBankv2 Vulnerable Android Application
    • Android Security Sandbox An app showcase of some techniques to improve Android app security
    • GoatDroid A fully functional and self-contained training environment for educating developers and testers on Android security
    • Sieve: A Password Manager App, showcasing some common Android vulnerabilities.

      AndroL4b Screenshot 1

      AndroL4b Screenshot 2

      AndroL4b Screenshot 3

      AndroL4b Screenshot 4

      AndroL4b Screenshot 5

      Download Androl4b Part 1

      Download Androl4b Part 2

      Download Androl4b Part 1

      Download Androl4b Part 2

      You might also like:
      • WordBrutePress – A Multithreaded WordPress Bruteforcing Tool
      • USBTracker – Tool To Track USB Devices Events and Artifacts In a Windows OS
      • 0d1n – Tool For Bruteforcing Web Applications
      • Security Onion – Linux Distro for Intrusion Detection, Network Security Monitoring, and Log Management
      • Beginner’s Guide To The Deep Web and The Dark Web
      • RouterCheck – Tool For Protecting Your Router (Android App)
      • zANTI – Android App For Hackers
      • How To Change (spoof) MAC Address on Android (3 Methods)


      Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

      MARA – A Mobile Application Reverse Engineering and Analysis Framework

      MARA - A Mobile Application Reverse Engineering and Analysis Framework

      MARA is a mobile application reverse engineering and analysis framework. It is a collection of commonly used mobile application reverse engineering and analysis tools integrated together to assist in testing mobile applications against the OWASP mobile security threats. Its primary objective is to make this task easier and friendlier to mobile application developers and security professionals.

      Features:

      • APK Reverse Engineering
        • Disassembling Dalvik bytecode to smali bytecode via baksmali and apktool.
        • Disassembling Dalvik bytecode to java bytecode via enjarify.
        • Decompiling APK to Java source code via jadx.
      • APK Analysis
        • Parsing smali files for analysis via smalisca.
        • Dump apk assets,libraries and resources.
        • Extracting certificate data via openssl.
        • Extract strings and app permissions via aapt.
        • Identify methods and classes via ClassyShark.
        • Scan for apk vulnerabilities via androbugs.
        • Analyze apk for potential malicious behaviour via androwarn.
        • Identify compilers, packers and obfuscators via APKiD.
        • Extract execution paths, IP addresses, URL, URI, emails via regex.

      • APK Manifest Analysis
        • Extract Intents.
        • Extract exported activities.
        • Extract receivers.
        • Extract exported receivers.
        • Extract Services.
        • Extract exported services.
        • Check if apk is debuggable.
        • Check if apk allows backups.
        • Check if apk allows sending of secret codes.
        • Check if apk can receive binary SMS.

      Installing MARA on Linux/Nethunter

      MARA ships with a script that assists in downloading and installing the dependencies for each of the tools and components it ships with. Simply run the setup.sh script with sudo privileges and it will install them. If you are using a Mac, simply run the setup_mac.sh script instead.

      Watch the MARA install guide video:

      In order to make updating MARA easier, it now ships with an update script that once executed, will pull the most recent version from github and replace the files the ones stored locally. The script will not interfere with the data folder where the analysis files reside. Simply execute ./update.sh and you are good to go. The update script will also run the new setup file that’s been downloaded to ensure that the dependencies for the new tools are met.

      After meeting all the requirements. If you run ./mara.sh –help you should see the MARA help menu as shown below.

      All the analysis data and file conversions are stored in the data folder i.e. /MARA_Framework/data/file_name. All the tools included in the Framework can be used standalone, they are all available in the tools folder i.e. /MARA_Framework/tools.

      MARA facilitates the deobfuscation of APK files via apk-deguard.com. You can deobfuscate APKs of any file size without limitations. However, the larger the APK the longer the deobfuscation duration.
      MARA ships with a stand alone deobfuscation script that could come in handy for analyzing individual APK files. Simply run ./deobfusctor.sh and point it the APK you would like to deobfuscate. This feature requires an active internet connection.

      MARA ships with a SSL scanner script that makes use of pyssltest and testssl. The domain SSL scanning component requires an active internet connection. The standalone SSL scanner can be run using the command ./ssl_scanner.sh and follow the instructions displayed.

      The findings from the scan are dumped in the domain scans folder i.e. /MARA_Framework/data/domain_scans/. Please note that pyssltest scanner is intended to be used for scanning domains with SSL enabled. Do not scan IP addresses.

      While analyzing APK files, MARA provides the option of scanning domains found in the apk using the above mentioned tools. This scan runs in the background and can be skipped. In the event the scan is performed, the user is required to tail the two log files i.e pyssltest.log and testssl.log in /MARA_Framework/data/apk_name/analysis/static/ssl_scan/log/.

      • Smali control flow graphs:

      MARA is capable of generating control flow graphs from smali code. This is achieved by utilizing Smali-CFGs. The graph generation is optional and can be time consuming depending on the size of the android app being analyzed. The graphs are stored in two folders i.e. apktool_cfg and baksmali_cfg respectively in the location /MARA_Framework/data/file_name/smali/

      The graph generation runs in the background and you can check its completion by tailing the log files apktool_cfg.log and baksmali_cfg.log in the location mentioned above.

      • Progress monitoring:
        • The analysis data dumped by MARA will be located at data/app_name folder.
        • Where applicable, each space character on the provided file is replaced with a respective underscore character.
        • You can monitor the APK deobfuscation process by tailing data/app_name/source/deobfuscated/deobf.log
        • You can monitor the smali CFG generation by tailing these two files i.e. data/app_name/smali/apktool_cfg.log and data/app_name/smali/baksmali_cfg.log
        • You can monitor the domain ssl scan by tailing these two log files data/app_name/analysis/dynamic/ssl_scan/logs/pyssltest.log and data/app_name/analysis/dynamic/ssl_scan/logs/testssl.log


      Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

      Bytecode Viewer – A Lightweight User Friendly Java Reverse Engineering Suite

      Bytecode Viewer - A Lightweight User Friendly Java Reverse Engineering Suite

      Bytecode Viewer is an advanced yet user friendly Java reverse engineering suite that is equpped with a Java Bytecode Viewer, GUI Java Decompiler, GUI Bytecode Editor, GUI Smali, GUI Baksmali, GUI APK Editor, GUI Dex Editor, GUI APK Decompiler, GUI DEX Decompiler, GUI Procyon Java Decompiler, GUI Krakatau, GUI CFR Java Decompiler, GUI FernFlower Java Decompiler, GUI DEX2Jar, GUI Jar2DEX, GUI Jar-Jar, Hex Viewer, Code Searcher, Debugger and more.

      Also, it is written completely in Java, and it’s open sourced.

      First, download the latest version of BVC (Bytecode Viewer).

      Then run the Bytecode-Viewer-2.9.x.jar.

      You may need to execute it via command line:

      java -jar Bytecode-Viewer-2.9.x.jar

      Remember to replace the X with the current minor version.

      Bytecode Viewer Screenshot

      How To Use Bytecode Viewer

      Run BVC, and then add a jar, class or APK file into the workspace.

      Then, select the file you’d like to view from the workspace.

      BCV will automatically start decompiling the class in the background. When it’s done it will show the Source code, Bytecode and Hexcode of the class file you chose (depending on the View panes you have selected). If you are trying to view a resource BCV will attempt to display it the best it can with code highlighting or by embedding the resources itself.

      Command Line Input:

      -help                               Displays the help menu
      -list                               Displays the available decompilers
      -decompiler             Selects the decompiler, procyon by default
      -i                      Selects the input file (Jar, Class, APK, ZIP, 
                                          DEX all work automatically)
      -o                     Selects the output file (Java or Java-Bytecode)
      -t                Must either be the fully qualified classname 
                                          or "all" to decompile all as zip
      -nowait                             Doesn't wait for the user to read the CLI messages
      


      Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

      APKTool – A Tool for Reverse Engineering Android APK Files

      APKTool - A Tool for Reverse Engineering Android APK Files

      APKTool is a tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app easier because of project-like files structure and automation of some repetitive tasks like building apk, etc.

      Note: It is NOT intended for piracy and other non-legal uses. It could be used for localizing, adding some features or support for custom platforms and other GOOD purposes. Just try to be fair with authors of an app, that you use and probably like.

      Features

      • Disassembling resources to nearly original form (including resources.arsc, classes.dex, 9.png. and XMLs)
      • Rebuilding decoded resources back to binary APK/JAR
      • Organizing and handling APKs that depend on framework resources
      • Smali Debugging (Removed in 2.1.0 in favor of IdeaSmali)
      • Helping with repetitive tasks

      Requirements

      • Java 8 (JRE 1.8)
      • Basic knowledge of Android SDK, AAPT and smali

      How To Install APKTool

      • Windows:
        • Download Windows wrapper script (Right click, Save Link As apktool.bat).
        • Download apktool.
        • Rename downloaded jar to apktool.jar.
        • Move both files (apktool.jar & apktool.bat) to your Windows directory (Usually C://Windows).
        • If you do not have access to C://Windows, you may place the two files anywhere then add that directory to your Environment Variables System PATH variable.
        • Try running apktool via command prompt.
      • Linux:
        • Download Linux wrapper script (Right click, Save Link As apktool).
        • Download apktool.
        • Rename downloaded jar to apktool.jar.
        • Move both files (apktool.jar & apktool) to /usr/local/bin (root needed).
        • Make sure both files are executable (chmod +x).
        • Try running apktool via cli.
      • Mac OS X:
        • Download Mac wrapper script (Right click, Save Link As apktool).
        • Download apktool.
        • Rename downloaded jar to apktool.jar.
        • Move both files (apktool.jar & apktool) to /usr/local/bin (root needed).
        • Make sure both files are executable (chmod +x).
        • Try running apktool via cli.

      Note: Wrapper scripts are not needed, but helpful so you don’t have to type java -jar apktool.jar over and over.

      How to Build APKTool from Source

      APKTool is a collection of 1 project, containing sub-projects and a few dependencies.

      • brut.apktool.lib – (Main, all the Library code)
      • brut.apktool.cli – The cli interface of the program
      • brut.j.dir – Utility project
      • brut.j.util – Utility project
      • brut.j.common – Utility project

      Requirements:

      • JDK8 (Oracle or OpenJDK)
      • git

      Build Steps:

      • First clone the repository.
        • git clone git://github.com/iBotPeaches/Apktool.git
        • cd Apktool
        • For steps 3-5 use ./gradlew for unix based systems or gradlew.bat for windows.
        • [./gradlew][gradlew.bat] build shadowJar – Builds Apktool, including final binary.
        • Optional (You may build a Proguard jar) [./gradlew][gradlew.bat] build shadowJar proguard

      After build completes you should have a jar file at:
      ./brut.apktool/apktool-cli/build/libs/apktool-xxxxx.jar

      Windows Requirements

      Windows has some limitations regarding max filepath. At one location in APKTool, there is a 218 character directory path which means due to the limitation of max 255 characters on Windows we need to enforce some requirements.

      This leaves 37 characters total to clone the project on Windows. For example, we can clone this project to the location.

      This is 31 characters, which allows APKTool to be cloned properly. Cloning the project into a directory longer than 37 characters will not work.

      You might also like:

      • Bluto – DNS Recon, Brute Forcer, DNS Zone Transfer, DNS Wild Card Checks, DNS Wild Card Brute Forcer, Email Enumeration, Staff Enumeration, and Compromised Account Checking
      • ARDT – Akamai Reflective DDoS Tool
      • Sonar.js – A Framework for Identifying and Launching Exploits Against Internal Network Hosts
      • CredCrack – A Fast and Stealthy Credential Harvester
      • SPF – SpeedPhishing Framework
      • King Phisher – Phishing Campaign Toolkit
      • D-Link Password Decryptor – Tool for Recovering Passwords from D-Link Modems/Routers
      • Kadimus – Local File Inclusion (LFI) Scan & Exploit Tool
      • SNMPBrute – Fast SNMP Brute Force, Enumeration, CISCO Config Downloader and Password Cracking Script
      • Egresser – Client/Server Scripts Designed To Test Outbound Firewall Rules
      • OnionShare – Tool For Sharing Files Securely and Anonymously (Windows, Linux, Mac OS X)
      • Pyrasite – Tools for Injecting Code Into a Running Python Process
      • Dumb0 – Simple Script To Harvest Usernames From Popular Forums and CMS
      • iGoat – A Deliberately Insecure iOS Application


      Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.