Disco Bob Posted January 12, 2019 Share Posted January 12, 2019 Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developed by an Android application. The detection is performed with the static analysis of the application’s Dalvik bytecode, represented as Smali, with the androguardlibrary. This analysis leads to the generation of a report, according to a technical detail level chosen from the user. Features Structural and data flow analysis of the bytecode targeting different malicious behaviours categories Telephony identifiers exfiltration: IMEI, IMSI, MCC, MNC, LAC, CID, operator’s name… Device settings exfiltration: software version, usage statistics, system settings, logs… Geolocation information leakage: GPS/WiFi geolocation… Connection interfaces information exfiltration: WiFi credentials, Bluetooth MAC adress… Telephony services abuse: premium SMS sending, phone call composition… Audio/video flow interception: call recording, video capture… Remote connection establishment: socket open call, Bluetooth pairing, APN settings edit… PIM data leakage: contacts, calendar, SMS, mails… External memory operations: file access on SD card… PIM data modification: add/delete contacts, calendar events… Arbitrary code execution: native code using JNI, UNIX command, privilege escalation… Denial of Service: event notification deactivation, file deletion, process killing, virtual keyboard disable, terminal shutdown/reboot… Report generation according to several detail levels Essential (-v 1) for newbies Advanced (-v 2) Expert (-v 3) Report generation according to several formats Plaintext txt Formatted html from a Bootstrap template Changelog v1.5 2019/01/05: few fixes Install pip install androwarn Usage https://www.prodefence.org/androwarn-v1-5-releases-static-code-analyzer-for-malicious-android-applications/ Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.