Droidefense : Advance Android Malware Analysis Framework

Droidefense is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work.

For those situations on where the malware has anti-analysis routines, Droidefense attemps to bypass them in order to get to the code and ‘bad boy’ routine.

Sometimes those techniques can be virtual machine detection, emulator detection, self certificate checking, pipes detection. tracer pid check, and so on.

Droidefense uses an innovative idea in where the code is not decompiled rather than viewed.

This allow us to get the global view of the execution workflow of the code with a 100% accuracy on gathered information. With this situation, Droidefensegenerates a fancy html report with the results for an easy understanding.

Also Read – H2T : HTTP Hardening Tool Scans Website & Suggests Security Headers to Apply

Droidefense Features

  • .apk unpacker
  • .apk resource decoder
  • .apk file enumeration
  • .apk file classification and identification
  • binary xml decoder
  • in-memory processing using a virtual filesystem
  • resource fuzzing and hashing
  • entropy calculator
  • native code dump
  • certificate analysis
  • debug certificate detection
  • opcode analysis
  • unused opcode detection
  • androidManifest.xml analysis
  • internal structure analysis
  • dalvik bytecode flow analysis
  • multipath analysis implementation (not tested)
  • CFG generation
  • simple reflection resolver
  • String classification
  • simulated workflow generation
  • dynamic rules engine

Droidefense modules

  • PSCout data module
  • Full Android manifest parser, based on official SDK documentation v23.
  • Plugins
  • Machine Learning (Weka based) module

Droidefense plugins

  • Hidden ELF file detector plugin
  • Hidden APK file detector plugin
  • Application UID detector plugin
  • Privacy plugin

Usage

TL;DR

java -jar droidefense-cli-1.0-SNAPSHOT.jar -i /path/to/your/sample.apk

Detailed usage

java -jar droidefense-cli-1.0-SNAPSHOT.jar
Current build: 2018_03_09__09_17_34
Check out on Github: https://github.com/droidefense/
Report your issue: https://github.com/droidefense/engine/issues
Lead developer: @zerjioang
usage: droidefense
-d,–debug print debugging information
-h,–help print this message
-i,–input input .apk to be analyzed
-o,–output select prefered output:
json
json.min
html
-p,–profile Wait for JVM profiler
-s,–show show generated report after scan
-u,–unpacker select prefered unpacker:
zip
memapktool
-v,–verbose be verbose
-V,–version show current version information

Download
R K

Share
Published by
R K
Tags: androidAndroid MalwareDroidefense
6 years ago

Recent Posts

Bomber : Navigating Security Vulnerabilities In SBOMs

bomber is an application that scans SBOMs for security vulnerabilities. So you've asked a vendor…

18 hours ago

EmbedPayloadInPng : A Guide To Embedding And Extracting Encrypted Payloads In PNG Files

Embed a payload within a PNG file by splitting the payload across multiple IDAT sections.…

18 hours ago

Exploit Street – Navigating The New Terrain Of Windows LPEs

Exploit-Street, where we dive into the ever-evolving world of cybersecurity with a focus on Local…

3 days ago

ShadowDumper – Advanced Techniques For LSASS Memory Extraction

Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service)…

4 days ago

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

2 weeks ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

3 weeks ago