Skip to main content

androwarn-static code analyzer for malicious Android applications

Hello guy's in this article we are going to discuss about How to analyze for malicious android application with androwarn this is one of the best tool to detects malicious for android apps.


What is androwarn?

Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application.The detection is performed with the static analysis of the application's Dalvik bytecode, represented as Smali, with the androguard library.
This analysis leads to the generation of a report, according to a technical detail level chosen from the user.

Requirements:

  • python 2.7
  • Androgurd
  • Jinja2
  • Play_scraper
  • Argparse

Androwarn feature

Structural and data flow analysis of the bytecode targeting different malicious behaviours categories
  • Telephony identifiers exfiltration: IMEI, IMSI, MCC, MNC, LAC, CID, operator's name...
  • Device settings exfiltration: software version, usage statistics, system settings, logs...
  • Geolocation information leakage: GPS/WiFi geolocation...
  • Connection interfaces information exfiltration: WiFi credentials, Bluetooth MAC adress...
  • Telephony services abuse: premium SMS sending, phone call composition...
  • Audio/video flow interception: call recording, video capture...
  • Remote connection establishment: socket open call, Bluetooth pairing, APN settings edit...
  • PIM data leakage: contacts, calendar, SMS, mails, clipboard...
  • External memory operations: file access on SD card...
  • PIM data modification: add/delete contacts, calendar events...
  • Arbitrary code execution: native code using JNI, UNIX command, privilege escalation...
  • Denial of Service: event notification deactivation, file deletion, process killing, virtual keyboard disable, terminal shutdown/reboot...
Report generation according to several detail levels
  • Essential (-v 1) for newbies
  • Advanced (-v 2)
  • Expert (-v 3)
Report generation according to several formats
  • Plaintext txt
  • Formatted html from a Bootstrap template
  • JSON

How to install and use androwarn?

Step 1:

First you download the androwarn tool so type this below command
git clone https://github.com/maaaaz/androwarn.git

Step 2:

Once you download the androwarn tool type this below command this command will help you to open androwarn folder.
cd androwarn

Step 3:

Now type this below command this command will help you to install androwarn requirements.
pip install -r requirements.txt 

Step 4:

Once you install requirements now type this below command this command will help you to analyze for android application.
python androwarn.py -i my_application_to_be_analyzed.apk -r html -v 3
By default, the report is generated in the current folder.An HTML report is now contained in a standalone file, CSS/JS resources are inlined.

Easy way to install androwarn?

The easiest way to setup everything: pip install androwarn and then directly use $ androwarn
 
Labels:

Comments

Post a Comment