Adhrit: Android APK Reversing and Analysis Toolkit
For the past one year, Android-based developments and applications have
flooded international markets. Every other application is available on a lot of
third-party sites. How do we infer if we are using a legitimate, uninfected copy
of the application.
ADHRIT is an open source tool that can do this task. Basically a malware
analysis tool, but can equally be used for CTFs and for APK modifications.
How does it work?
ADHRIT is largely automated to carry out many of the manual tasks that are,
otherwise, time-consuming. For instance, to acquire the source code of an
apk, one has to extract the classes.dex and then use dex2jar to get the
corresponding archive and then use any of the Java decompilers to get the
source code in Java. This whole process, which takes around a minute or two,
is done in less than 5 seconds by the tool!
The tool provides multiple argument filters for flexibility and the user can
choose exactly how much and what he wants. The effort is to make the tool as
compact as possible by isolating the individual tools from the Android SDK.
This also relieves the user from the burden of installing and configuring the
ADHRIT can :
* Extract the APK contents into a directory
* Dump certificate details
* Extract source code in Smali
* Extract source code in Java
* Parse binary Manifest XML into readable XML
* Searches for native libraries
* Analyzes permissions used by the application
* Checks for malware footprints in the VirusTotal database
What all can I do?
* Build custom/patched APKs if necessary in CTFs. Java source and the
AndroidManifest.xml is extracted by the tool.
* Build APK mods using the smali code extracted using APK Tool.
* Analyse source code.
* Check if the malware is listed on VirusTotal.
* Get images from the apk.
Can I reuse this code?
Cent percent yes! You can use any part of this code and even few of the
slightly modified tools a which are again, open source tools built by wonderful
developers. a in your projects under open source license constraints.
Where To Find?
The project is still in progress and will implement static and dynamic analysis
techniques also. Follow ADHRIT project on GitHub for continual upates. Stay