Thursday, February 24, 2011

Android apps Visualization !

Hi !!

In the latest commit of androguard, I added a new program to transform dex/class/jar/apk files into an xgmml file, to visualize the control flow graph, or functions call with cytoscape ( to handle large graph ). (All links to images are in an high definition).

So, the first step is to create the xgmml file with your application :
$ ./ -i toto.apk -o toto.xgmml
The option "-i" is for the input file (APK, JAR, DEX, CLASS), and the option "-o" for the output xgmml file. And the option "-f" will add automatically function calls into the graph.

If I try with the following example (source code here), I have the following xgmml. In cytoscape, I can import the xgmml file, and choose the hierachical layout or the spring layout. By default, the edge target arrow are not present, but you can add a shape into VizMapper (in cytoscape).

I tried to visualize the geinimi trojan, so you can find an export of an original application (xgmml, png) and an infected version (xgmml, png).

In cytoscape, you can for example compare two networks (Plugins -> Network Modifications -> Compare Two Networks). In this case we will see the injected function :

And of course you can zoom into a particular function with cytoscape :

Bye !

No comments:

Post a Comment