Android Pentest Tools - DroidBox
Intro
DroidBox is developed to offer dynamic analysis of Android applications. The following information is described in the results, generated when analysis is complete:
º Hashes for the analyzed package
º Incoming/outgoing network data
º File read and write operations
º Started services and loaded classes through DexClassLoader
º Information leaks via the network, file and SMS
º Circumvented permissions
º Cryptographic operations performed using Android API
º Listing broadcast receivers
º Sent SMS and phone calls
Additionally, two graphs are generated visualizing the behavior of the package. One showing the temporal order of the operations and the other one being a treemap that can be used to check similarity between analyzed packages.
Setup
This is a guide to get DroidBox running. The release has only been tested on Linux and Mac OS. If you do not have the Android SDK, download it from http://developer.android.com/sdk/index.html. The following libraries are required: pylab and matplotlib to provide visualization of the analysis result.
º Export the path for the SDK tools
export PATH=$PATH:/path/to/android-sdk/tools/
export PATH=$PATH:/path/to/android-sdk/platform-tools/
º Download necessary files and uncompress it anywhere
wget https://github.com/pjlantz/droidbox/releases/download/v4.1.1/DroidBox411RC.tar.gz
º Setup a new AVD targeting Android 4.1.2 and choose Nexus 4 as device as well as ARM as CPU type by running:
Android
º Start the emulator with the new AVD:
./startemu.sh
º When emulator has booted up, start analyzing samples (please use the absolute path to the apk):
./droidbox.sh
