Android Sandbox(沙箱)开源工具介绍
2013-09-11 16:12
375 查看
原文:/article/2253081.html
ndroid sandbox 通过利用开源工具动态分析、静态分析android的相关应用,发现应用的具体行为,从而进行判断android应用的危险程度,本文重点介绍几款常用工具。
1、droidbox是基于TaintDroid系统构建的Sandbox,通过hook系统api对apk程序进行监控,随着android SDK的不断更新,其也要随之适配。
droidbox:http://code.google.com/p/droidbox/
taintbox:http://appanalysis.org/
DroidBox is developed to offer dynamic analysis of Androidapplications. The following information is shown in the results,generated when analysis is ended:
Hashes for the analyzed package
Incoming/outgoing network data
File read and write operations
Started services and loaded classes through DexClassLoader
Information leaks via the network, file and SMS
Circumvented permissions
Cryptography operations performed using Android API
Listing broadcast receivers
Sent SMS and phone calls
2、Apimonitor
Apimonitor:http://code.google.com/p/droidbox/wiki/APIMonitor
Android is upgrading in a fast speed. To avoid endless porting ofDroidBox, we changed the way to do dynamic analysis. Instead of hooking systems, we interpose APIs in APK files and insert monitoring
code. Byrunning the repackaged APK, we can get API call logs and understand APK's behavior.
3、AndroGuard
通过分析主要应用于android应用的静态分析
AndroGuard:http://code.google.com/p/androguard/
Description
Androguard is mainly a tool written in python to play with :
* Dex (Dalvik virtual machine) (.dex), and ODex (disassemble, decompilation),
* APK (Android application) (.apk),
* Android's binary xml (.xml).
Androguard is available for Linux/OSX/Windows (python powered).
If you have decided to make a donation for the Androguard project in order to help the developers, click the donate button below for Paypal:
Features
Androguard has the following features :
* Map and manipulate DEX/ODEX/APK format into full Python objects,
* Diassemble/Decompilation/Modification of DEX/ODEX/APK format,
* Access to the static analysis of the code (basic blocks, instructions, permissions (with database from http://www.android-permissions.org/) ...) and create your own static analysis tool,
* Analysis a bunch of android apps,
* Diffing of android applications,
* Measure the efficiency of obfuscators (proguard, ...),
* Determine if your application has been pirated (plagiarism/similarities/rip-off indicator),
* Check if an android application is present in a database (malwares, goodwares ?),
* Open source database of android malware (this opensource database is done on my free time, of course my free time is limited, so if you want to help, you are welcome !),
* Detection of ad/open source librairies (WIP),
* Risk indicator of malicious application,
* Reverse engineering of applications (goodwares, malwares),
* Transform Android's binary xml (like AndroidManifest.xml) into classic xml,
* Visualize your application with gephi (gexf format), or with cytoscape (xgmml format), or PNG/DOT output,
* Integration with external decompilers (JAD+dex2jar/DED/...)
4、其它
http://source.android.com/tech/index.html
The Dalvik Virtual Machine is the heart of Android. It's a fast, just-in-timecompiled, optimized bytecode virtual machine. Android applications arecompiled to Dalvik bytecode and run on the Dalvik VM. This section includesdetailed information such as the Dalvik
bytecode format specification,design information on the VM itself, and so on.
ndroid sandbox 通过利用开源工具动态分析、静态分析android的相关应用,发现应用的具体行为,从而进行判断android应用的危险程度,本文重点介绍几款常用工具。
1、droidbox是基于TaintDroid系统构建的Sandbox,通过hook系统api对apk程序进行监控,随着android SDK的不断更新,其也要随之适配。
droidbox:http://code.google.com/p/droidbox/
taintbox:http://appanalysis.org/
DroidBox is developed to offer dynamic analysis of Androidapplications. The following information is shown in the results,generated when analysis is ended:
Hashes for the analyzed package
Incoming/outgoing network data
File read and write operations
Started services and loaded classes through DexClassLoader
Information leaks via the network, file and SMS
Circumvented permissions
Cryptography operations performed using Android API
Listing broadcast receivers
Sent SMS and phone calls
2、Apimonitor
Apimonitor:http://code.google.com/p/droidbox/wiki/APIMonitor
Android is upgrading in a fast speed. To avoid endless porting ofDroidBox, we changed the way to do dynamic analysis. Instead of hooking systems, we interpose APIs in APK files and insert monitoring
code. Byrunning the repackaged APK, we can get API call logs and understand APK's behavior.
3、AndroGuard
通过分析主要应用于android应用的静态分析
AndroGuard:http://code.google.com/p/androguard/
Description
Androguard is mainly a tool written in python to play with :
* Dex (Dalvik virtual machine) (.dex), and ODex (disassemble, decompilation),
* APK (Android application) (.apk),
* Android's binary xml (.xml).
Androguard is available for Linux/OSX/Windows (python powered).
If you have decided to make a donation for the Androguard project in order to help the developers, click the donate button below for Paypal:
Features
Androguard has the following features :
* Map and manipulate DEX/ODEX/APK format into full Python objects,
* Diassemble/Decompilation/Modification of DEX/ODEX/APK format,
* Access to the static analysis of the code (basic blocks, instructions, permissions (with database from http://www.android-permissions.org/) ...) and create your own static analysis tool,
* Analysis a bunch of android apps,
* Diffing of android applications,
* Measure the efficiency of obfuscators (proguard, ...),
* Determine if your application has been pirated (plagiarism/similarities/rip-off indicator),
* Check if an android application is present in a database (malwares, goodwares ?),
* Open source database of android malware (this opensource database is done on my free time, of course my free time is limited, so if you want to help, you are welcome !),
* Detection of ad/open source librairies (WIP),
* Risk indicator of malicious application,
* Reverse engineering of applications (goodwares, malwares),
* Transform Android's binary xml (like AndroidManifest.xml) into classic xml,
* Visualize your application with gephi (gexf format), or with cytoscape (xgmml format), or PNG/DOT output,
* Integration with external decompilers (JAD+dex2jar/DED/...)
4、其它
http://source.android.com/tech/index.html
The Dalvik Virtual Machine is the heart of Android. It's a fast, just-in-timecompiled, optimized bytecode virtual machine. Android applications arecompiled to Dalvik bytecode and run on the Dalvik VM. This section includesdetailed information such as the Dalvik
bytecode format specification,design information on the VM itself, and so on.
相关文章推荐
- Android Sandbox(沙箱)开源工具介绍
- Android Sandbox(沙箱)开源工具介绍
- Android Sandbox 开源工具介绍
- 主要介绍和Android开发工具和测试工具相关的开源项目
- Android系统性能优化工具介绍
- Android开源项目第二篇——工具库篇
- Android开源项目第二篇——工具库篇
- 优秀的开源工具介绍及备忘
- facebook的Android调试工具Stetho介绍
- 开源性能测试工具 - Apache ab 介绍
- android 性能测试工具Emmagee介绍
- 如何对日志文件进行二分查找?开源文件二分查找工具『timecat』介绍
- 【腾讯开源】Android性能测试工具APT使用指南
- 5 个 iOS 和 Android 最佳的开源自动化工具
- Android开源工具项目集合转自http://blog.csdn.net/qq_16131393/article/details/51465538
- 介绍一个android开源文件选择对话框:android-file-dialog
- Android开源项目第四篇——开发及测试工具篇
- Android开源工具库
- android轻量级开源缓存框架——ASimpleCache(ACache)源码分析(封装好了一个工具类供大家使用)
- Android系统性能调优工具介绍