Tuesday, January 4, 2011

Androguard used for reverse engineering

Hi !

I have released a new version of androguard (Alpha 1) because I have patched lots of code, about dex file support, and analysis of class and dex files.

In the wiki, you have a description of the installation and examples about how to embed androguard in your own project, or how to use it like a disassembler of dex/class files.

For example, the display of methods have been updated to show links of differents instructions :
pouik@camelot:~/androguard$ ./androlyze.py -i examples/android/Test/bin/classes.dex -m a -p
ENCODED_METHOD method_idx_diff=12 access_flags=17 code_off=0x2d0 (Lorg/t0t0/android/a;,()I,a)
[...]
o o 39 0x90 if-lez v0 +4 [ 94 98 ]
> | 40 0x94 iput v1, v5 field@2{['Lorg/t0t0/android/a;', 'I', 'b']}
> 41 0x98 iget v0, v5 field@1{['Lorg/t0t0/android/a;', 'I', 'a']}
o o 42 0x9c packed-switch v0 +1c [ a2 b2 ]
> | > 43 0xa2 iput v4, v5 field@2{['Lorg/t0t0/android/a;', 'I', 'b']}
| | 44 0xa6 iget v0, v5 field@1{['Lorg/t0t0/android/a;', 'I', 'a']}
| o o o o | 45 0xaa packed-switch v0 +1b [ b0 bc c4 c8 ]
| > | | | | > 46 0xb0 return v1
> | | | | | 47 0xb2 iget v0, v5 field@1{['Lorg/t0t0/android/a;', 'I', 'a']}
| | | | | 48 0xb6 iput v0, v5 field@2{['Lorg/t0t0/android/a;', 'I', 'b']}
| | | o | 49 0xba goto +-c [ a2 ]
> | | | 50 0xbc iget v0, v5 field@1{['Lorg/t0t0/android/a;', 'I', 'a']}
| | | 51 0xc0 iput v0, v5 field@2{['Lorg/t0t0/android/a;', 'I', 'b']}
> | | 52 0xc4 iput v4, v5 field@2{['Lorg/t0t0/android/a;', 'I', 'b']}
> | 53 0xc8 const/16 v0 #+50
| 54 0xcc iput v0, v5 field@2{['Lorg/t0t0/android/a;', 'I', 'b']}
o 55 0xd0 goto +-10 [ b0 ]
56 0xd2 nop
57 0xd4 212 PACKED_SWITCH(ident=256, size=1, first_key=0) [(11,)]
58 0xe0 224 PACKED_SWITCH(ident=256, size=3, first_key=1) [(9,), (13,), (15,)]


The analysis module gives access to basic blocks, or tainted variables, it's not yet stable, but you can test it.

For this month, I would publish a usefull tool for IDA, and I will have the first results about classification and watermark of android applications. The roadmap is very busy, but interesting ;)

Happy new year 2011 !

No comments:

Post a Comment