Wednesday, March 7, 2012

Androguard + Gephi (part 2)

Hi,

it's not very easy to use the export of gexf file in androguard.
After the export of the gexf file :

desnos@t0t0:~/androguard$ ./androgexf.py -i apks/malwares/BaseBridge/com.keji.sendere.apk -o sendere.gexf
desnos@t0t0:~/androguard$ 


Most of the times you will have something like that :
which is not very usable. You must apply a layout in gephi to have something better :


and you will have a classical (but huge) graph :

You must activate :

  1. the node labels
  2. color node associated with the object
  3. the size of the label
as in this picture :


After that you must search color node in the graph in order to find interestings methods as :


And you can create filter to isolate all particular class name :


and you will find more quickly where are the interesting things (related to the permissions) :



Moreover, in the data laboratory you can search and select particular nodes in the overview :


This feature will not replace a classical analyze with androlyze.py or smali/baksmali. It's just one tool :) but we are trying to search better tools to visualize an android application (and you can help).

Moreover, with gephi, you can apply classical community algorithm (Statistics/Modularity) :



All nodes will have a color which corresponds to the community :



In fact, each community can be a specific library (as the previous picture), or simply high depencies between methods :



Cya !

No comments:

Post a Comment