Friday, May 25, 2012

not dead

Hi !

Lot of new things during the last months ... Androguard got selected by Rapid7 to be sponsored as part of the Magnificent7 program. It is really a good news and the project will be seriously improved (and if you are interesting to participate, you're welcome !).

Next, we published a paper in Phrack about software similarities/diffing. We have a different approaches compared to classical tools (patchdiff, bindiff(?)) and it is mainly due because we don't compare graph (CFG) to find similarities but we use only information inside each node (and we need to improve the algorithm by adding a context). 

By the way, we published a tool for windows (and of course for linux/macosx) if you wish to know if your Android application has been rip-off by someone else:

I saw slides from SIGINT about Android Security ("Dynamic Malware Analysis on Android Phones" and "Android Analysis Framework"). Interesting stuffs expect that one more time it is not open source software but they talked about open source softwares (smali, dexdump ...) :) About Androguard, I can read "watermarking", but it was just an idea at the beginning of the project without source code ... And I can read too:  "still many bugs", great ! please report them, it is open source software guys ! This is one of the major drawbacks in computer security when you are doing open source security software and a single sentence is appropriate: 
"Talk is cheap. Show me the code" Linus Torvalds

Otherwise, next month, I will be at RSSIL, SSTIC and HIP.

Happy Hacking !

Cya !

No comments:

Post a Comment