Android is a very lucrative and popular domain for malwares currently. We see a number of attacks and threats happening very frequently.
In order to analyze malwares for Android platform we need a controlled setup with a number of tools which have a specific purpose and role in the analysis. We mainly distinguish the analysis into two sections, the static analysis and dynamic analysis.
In this part I will be highlighting tools for static analysis.
Dex2Jar
We can use this on the classes.dex file. Classes.dex contains the application code compiled and converted into Dalvik Executable format. This tool converts classes.dex back into a jar file with regular Java classes inside, the jar file can then be decompiled using any good Java decompiler.
2. Go into the directory where dex2jar.bat is present
3. Dex2jar.bat **location where the classes.dex file is present**
JD GUI
We can use this to view the contents of the now converted .dex file. Contents are visible in a crisp GUI which is easy to understand.
Usage:
AXMLPrinter
This can be used to convert the AndroidManifest.xml file into a readable text file.
Usage:
- Download Here
- Java –jar AXMLPrinter.jar **location of AndroidManifest.xml**
Notable mentions (I will try to cover these soon)
APKInspector - http://www.honeynet.org/node/761
Understand Static Analysis Tool - http://www.scitools.com/download/index.php
Androguard - http://code.google.com/p/androguard/
Droidguard - http://code.google.com/p/droidguard/
