Android reverse engineering tools: not the usual suspects

Virus Bulletin :: Android reverse engineering tools: not the usual suspects

Slide: Android Reverse Engineering tools Not the Usual Suspects

  1. Docker for RE
  2. JEB2 Script
  3. Debugging
  4. MITM
  5. Radare2

Docker for RE

Github: androidre

$ docker pull cryptax/android-re
$ docker run -d --name androidre -p 5022:22 -p 5900:5900 cryptax/android-re
$ vncviewer 127.0.0.1::5900 // with password: rootpass // NIN: 似乎不行, 要用RealVNC Viewer
$ ssh -X -p 5022 root@127.0.0.1 // with password:rootpass 

In the docker container, run: emulator & wait and ensure the Android emulator opens up correctly

Install vncviewer

JEB2 script

Github: Script

Debugging

MITM

  • mitmproxy

Radare2

R2 for Dalvik

  • Launch: r2 classes.dex
  • Searching: iz˜mystring, ic˜mystring, afl˜mystring
  • Cross references to: axt name, from: axf name
  • Comment: CC mycomment

Script

import r2pipe
r2p = r2pipe.open()
r2p.cmd('s 0xdeadbeef') # launch a R2 command

Launching the script:

#!pipe python file.py args

Ref

Show Comments