Droidefense: 高级的Android恶意软件分析框架

Droidefense: 高级的Android恶意软件分析框架

Droidefense Engine

Advance Android Malware Analysis Framework

Latest release

Download

What Droidefense is

Droidefense (originally named atom: analysis through observation machine)* is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has anti-analysis routines, Droidefense attemps to bypass them in order to get to the code and 'bad boy' routine. Sometimes those techniques can be virtual machine detection, emulator detection, self certificate checking, pipes detection. tracer pid check, and so on.

Droidefense uses an innovative idea in where the code is not decompiled rather than viewed. This allow us to get the global view of the execution workflow of the code with a 100% accuracy on gathered information. With this situation, Droidefense generates a fancy html report with the results for an easy understanding.

Droidefense Features

.apk unpacker.apk resource decoder.apk file enumeration.apk file classification and identificationbinary xml decoderin-memory processing using a virtual filesystemresource fuzzing and hashingentropy calculatornative code dumpcertificate analysisdebug certificate detectionopcode analysisunused opcode detectionandroidManifest.xml analysisinternal structure analysisdalvik bytecode flow analysismultipath analysis implementation (not tested)CFG generationsimple reflection resolverString classificationsimulated workflow generationdynamic rules engine

Droidefense modules

PSCout data moduleFull Android manifest parser, based on official SDK documentation v23.PluginsMachine Learning (Weka based) module

Droidefense plugins

Hidden ELF file detector pluginHidden APK file detector pluginApplication UID detector pluginPrivacy plugin

Usage

TL;DR

java -jar droidefense-cli-1.0-SNAPSHOT.jar -i /path/to/your/sample.apk

Detailed usage

java -jar droidefense-cli-1.0-SNAPSHOT.jar________ .__ .___ _____ \______ \_______ ____ |__| __| _/_____/ ____\____ ____ ______ ____ | | \_ __ \/ _ \| |/ __ |/ __ \ __\/ __ \ / \ / ___// __ \ | ` \ | \( <_> ) / /_/ \ ___/| | \ ___/| | \\___ \\ ___/ /_______ /__| \____/|__\____ |\___ >__| \___ >___| /____ >\___ > \/ \/ \/ \/ \/ \/ \/ * Current build: 2018_03_09__09_17_34* Check out on Github: https://github.com/droidefense/* Report your issue: https://github.com/droidefense/engine/issues* Lead developer: @zerjioangusage: droidefense -d,--debug print debugging information -h,--help print this message -i,--input input .apk to be analyzed -o,--output select prefered output: json json.min html -p,--profile Wait for JVM profiler -s,--show show generated report after scan -u,--unpacker select prefered unpacker: zip memapktool -v,--verbose be verbose -V,--version show current version information

Useful info

Checkout how to compile new version at: https://github.com/droidefense/engine/wiki/Compilation Checkout report example at: https://github.com/droidefense/engine/wiki/Pornoplayer-report Checkout execution logs at: https://github.com/droidefense/engine/wiki/Execution-logs

Contributing

Everybody is welcome to contribute to DROIDEFENSE. Please check out the DROIDEFENSE Contribution Steps for instructions about how to proceed.

And any other comments will be very appreciate.

Citing

Feel free to cite droidefense on your works. We added next boilerplate for your references:

@Manual{, title = {Droidefense: Advance Android Malware Analysis Framework}, author = {{zerjioang}}, organization = {opensource}, address = {Bilbao, Spain}, year = 2017, url = {https://droidefense.wordpress.com/}}

License

All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.Uses GPL license described below

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。