Code
androguard
Project is now on GitHub
The following documentation is deprecated
Description
Androguard is mainly a tool written in python to play with : * Dex/Odex (Dalvik virtual machine) (.dex) (disassemble, decompilation), * APK (Android application) (.apk), * Android's binary xml (.xml), * Android Resources (.arsc).
Androguard is available for Linux/OSX/Windows (python powered).
If you have decided to make a donation for the Androguard project in order to help the developers, click the donate button below for Paypal:
Features
Androguard has the following features :
* Map and manipulate DEX/ODEX/APK/AXML/ARSC format into full Python objects,
* Diassemble/Decompilation/Modification of DEX/ODEX/APK format,
* Decompilation with the first native (directly from dalvik bytecodes to java source codes) dalvik decompiler (DAD),
* Access to the static analysis of the code (basic blocks, instructions, permissions (with database from http://www.android-permissions.org/) ...) and create your own static analysis tool,
* Analysis a bunch of android apps,
* Analysis with ipython/Sublime Text Editor,
* Diffing of android applications,
* Measure the efficiency of obfuscators (proguard, ...),
* Determine if your application has been pirated (plagiarism/similarities/rip-off indicator),
* Check if an android application is present in a database (malwares, goodwares ?),
* Open source database of android malware (this opensource database is done on my free time, of course my free time is limited, so if you want to help, you are welcome !),
* Detection of ad/open source librairies (WIP),
* Risk indicator of malicious application,
* Reverse engineering of applications (goodwares, malwares),
* Transform Android's binary xml (like AndroidManifest.xml) into classic xml,
* Visualize your application with gephi (gexf format), or with cytoscape (xgmml format), or PNG/DOT output,
* Integration with external decompilers (JAD+dex2jar/DED/fernflower/jd-gui...)
* ....
Downloads
Our new repository is hosted on github
Sublime Text 2 Plugin
Please read the documentation.
http://www.youtube.com/watch?feature=player_embedded&v=q4D9-1XJpsk' target='_blank'>http://img.youtube.com/vi/q4D9-1XJpsk/0.jpg' width='425' height=344 />
Documentation
To install androguard, please follow this link in order to respect the requirements.
You can play directly with Androguard by using Santoku Distribution
Please, follow the reverse engineering tutorial. Moreover, the roadmap and features are now available.
So, you can analyze, display, modify and save your apps easily and statically by creating your own software (by using the API), or by using the tool (androlyze) in command line. This tool is useful when you would like to do reverse engineering on a specific application (e.g : malware).
The second part of the tool is to do new tools to get differences between two android/java applications, or to find similarities in different applications (e.g : to check if a part or entire application has been stolen).
And for now, you can check if an android application is present in a database (like a malware).
Check online documentation of the API : http://doc.androguard.re/
Screenshots
](http://androguard.googlecode.com/files/func1.png)
](http://androguard.googlecode.com/files/func2.png)
More screenshots ?.
Release
Release Schedule: * Version 1.9 * Version 1.6 * Version 1.5.1 * Version 1.5 * Version 1.1 * Version 1.0 of Phrack
Win32 binaries * Androsim 1.2
Get the latest development source code: https://github.com/androguard/androguard/
Sponsors
Selected in the first round of the Magnificent 7 project !
Powered by:
Who's using Androguard ? (Do you use Androguard ? Contact us to have a link !)
- Virustotal http://www.virustotal.com/
- APKInspector http://code.google.com/p/apkinspector/
- Marvinsafe http://www.marvinsafe.com/
- Anubis (Andrubis) http://blog.iseclab.org/2012/06/04/andrubis-a-tool-for-analyzing-unknown-android-applications-2/ http://anubis.iseclab.org/
- Androwarn https://github.com/maaaaz/androwarn
- googleplay-api http://www.segmentationfault.fr/publications/reversing-google-play-and-micro-protobuf-applications/
- MalloDroid http://www2.dcsec.uni-hannover.de/files/android/p50-fahl.pdf
Authors
The original authors (created on our free time) are: * Anthony Desnos @adesnos : main author + hunter of evil angry birds * Zost: DAD is A Decompiler !
Contributors
- Axelle Apvrille @cryptax
- Yanick Fratantonio http://www.cs.ucsb.edu/~yanick/
- Craig Smith : 64 bits patch + magic tricks
- Users who reported issues (@timstrazz, @thuxnder, ...) !
Papers
- Pacsec Conference 2012: New "open source" step in Android Application Analysis
- Phrack 68 : Similarities for Fun & Profit
- Blackhat Abu Dhabi 2011 : Android: from reversing to decompilation
Contacts
New features ? go to the issues
Training ? Are you interesting by a training about reverse engineering on android apps ? contact us !
If you are interesting to be a developer and to work on this new project (check the roadmap), you can contact me at:
contact: dev (at) androguard.re
irc: irc.freenode.net #androguard
google_groups: http://groups.google.com/group/androguard
Donation
Friends tools
- smali/baksmali: awesome !
- dex2jar: if you wish the java bytecodes !
- sublimetext: awesome editor !
Project Information
- License: Apache License 2.0
- 499 stars
- hg-based source control
Labels:
Android
Security
Python
Java
Dalvik
Forensics
Visualization
Diffing
Similarity
Detection
Malwares
Kolmogorov
Disassembler
Decompiler