Wednesday, March 7, 2012

Androguard + Gephi (part 2)


it's not very easy to use the export of gexf file in androguard.
After the export of the gexf file :

desnos@t0t0:~/androguard$ ./ -i apks/malwares/BaseBridge/com.keji.sendere.apk -o sendere.gexf

Most of the times you will have something like that :
which is not very usable. You must apply a layout in gephi to have something better :

and you will have a classical (but huge) graph :

You must activate :

  1. the node labels
  2. color node associated with the object
  3. the size of the label
as in this picture :

After that you must search color node in the graph in order to find interestings methods as :

And you can create filter to isolate all particular class name :

and you will find more quickly where are the interesting things (related to the permissions) :

Moreover, in the data laboratory you can search and select particular nodes in the overview :

This feature will not replace a classical analyze with or smali/baksmali. It's just one tool :) but we are trying to search better tools to visualize an android application (and you can help).

Moreover, with gephi, you can apply classical community algorithm (Statistics/Modularity) :

All nodes will have a color which corresponds to the community :

In fact, each community can be a specific library (as the previous picture), or simply high depencies between methods :

Cya !

No comments:

Post a Comment