Android Reverse Engineering Toolset Debuts

Author: Dennis Fisher
minute read

The Android platform has become one of the go-to choices for developers and device manufacturers in the last year or so, and that popularity has of course attracted the attention of attackers who have been busily coding up as much malware as they can for the platform. They’ve been quite successful, with hits such as DroidDream and its sequels popping up in dozens of compromised apps in the Android Market this year. Now, defenders are getting some tools of their own to help address the problem, with the release of the Android Reverse Engineering suite.

Android toolsetThe Android platform has become one of the go-to choices for developers and device manufacturers in the last year or so, and that popularity has of course attracted the attention of attackers who have been busily coding up as much malware as they can for the platform. They’ve been quite successful, with hits such as DroidDream and its sequels popping up in dozens of compromised apps in the Android Market this year. Now, defenders are getting some tools of their own to help address the problem, with the release of the Android Reverse Engineering suite.

The ARE toolset is implemented as a virtual machine, and it gives users a slew of individual tools that they can use to analyze and take apart pieces of Android malware on a desktop PC in a safe environment. The system, which was developed by the French contingent of the Honeynet Project, comprises 10 separate tools, including Androguard and the Android SDK. The full list of tools includes:

  • Androguard
  • Android sdk/ndk
  • APKInspector
  • Apktool
  • Axmlprinter
  • Ded
  • Dex2jar
  • DroidBox
  • Jad
  • Smali/Baksmali

The Android platform has quickly emerged as the favorite mobile platform for malware writers in 2011. The various waves of DroidDream malware that have washed up in the Android Market are the most prominent example, but there have been a number of other, smaller attacks, as well. The Android Market is a much more open environment than the iTunes App Store and attackers have found it easy enough to get their wares into the market and onto Android devices that they haven’t really bothered much with the iPhone platform at this point.

Security researchers who have looked at the security features of Android and iOS have said that iOS is a more secure platform, and the iPhone operating system has included protections such as ASLR and DEP for some time now. The most recent Android iteration, known as Ice Cream Sandwich, now includes the ASLR memory protection, too. The openness of the Android platform has been cited as a contributing factor to the prevalence of malware for those devices, but it also can be said that openness enables the production of toolsets like ARE that give researchers and developers a good look at the way those pieces of malware work.

Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business

Topics

Show all

Authors

Threatpost

InfoSec Insider

Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Content

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.