• Description
• Features
• Documentation
• Screenshots
• Release
• Papers
• Sponsors
• Contributors
• Contacts
• Donate

Description

Androguard (Android Guard) is mainly a tool written in python to play with :

• Dex (Dalvik virtual machine) (.dex),
• APK (Android application) (.apk),
• Android's binary xml (.xml).

Androguard is available for Linux/MacOSX/Windows (python powered).

To install androguard, please follow this link.

You can play directly with Androguard by using ARE Virtual Machine :

• You can update the repository in tools/androguard with : hg pull && hg update to have the latest version in the VM

Features

Androguard has the following features :

• Map and manipulate (read/write) DEX/CLASS/APK/JAR files into full Python objects,
• Access to the static analysis of your code (basic blocks, instructions, permissions (with database from http://www.android-permissions.org/) ...) and create your own static analysis tool,
• Check if an android application is present in a database (malwares, goodwares ?),
• Open source database of android malware (this opensource database is done on my free time, of course my free time is limited, so if you want to help, you are welcome !),
• Diffing of android applications,
• Measure the efficiency of obfuscators (proguard, ...),
• Determine if your application has been pirated (plagiarism/rip-off indicator),
• Detection of ad/open source librairies (WIP),
• Risk indicator of malicious application,
• Reverse engineering of applications (goodwares, malwares),
• Transform Android's binary xml (like AndroidManifest.xml) into classic xml,
• Visualize your application with gephi (gexf format), or with cytoscape (xgmml format), or PNG/DOT output,
• Patch JVM classes, add native library dependencies,
• Dump the jvm process to find classes into memory,
• Native support of DEX code in a c++ library,
• ....

Documentation

Please, follow the reverse engineering tutorial.Moreover, the roadmap and features are now available.

So, you can analyze, display, modify and save your apps easily and statically by creating your own software (by using the API), or by using the tool (androlyze) in command line. This tool is useful when you would like to do reverse engineering on a specific application (e.g : malware).

The second part of the tool is to do new tools to get differences between two android/java applications, or to find similarities in different applications (e.g : to check if a part or entire application has been stolen).

And for now, you can check if an android application is present in a database (like a malware).

This tool has been designed for Android apps, but if you have read this section, you have seen that we support JVM format, so you can used this tool with classical Java apps.

Screenshots

More screenshots ?.

Release

Release Schedule:

• Version 1.2/3 (pending)
• Version 1.1
• Version 1.0 of Phrack

Win32 binaries

• Androsim 1.2

Get the latest development source code: hg clone https://androguard.googlecode.com/hg/ androguard

Papers

• Phrack 68 - ID
• Blackhat Abu Dhabi 2011 : slides

New features ? go to the issues

Training ? Are you interesting by a training about reverse engineering on android apps ? contact us !

Sponsors

Selected in the first round of the Magnificen7 project !

Powered by:

Who's using Androguard ? (Do you use Androguard ? Contact us to have a link !)

• Virustotal http://www.virustotal.com/
• APKInspector http://code.google.com/p/apkinspector/
• Marvinsafe http://www.marvinsafe.com/
• AxmlParserPY https://github.com/antitree/AxmlParserPY

Contributors

Contributors:

• Craig Smith <agent (dot) craig (at) gmail.com> : 64 bits patch + magic tricks

Contacts

If you are interesting to be a developer and to work on this new project (check the roadmap), you can contact me at:

contact: androguard (at) t0t0.fr

irc: irc.freenode.net #androguard

Donate

If you have decided to make a donation for the androguard project, click the donate button below for Paypal:

• Antiy Labs