From 36d1a1fadb0cdebe61d04f10bfd39694295d1c0f Mon Sep 17 00:00:00 2001 From: Yury Zhauniarovich Date: Tue, 10 Feb 2015 16:49:37 +0100 Subject: [PATCH] Updated the link, added new links, corrected a typo 1. Updated link to the AndroGuard project 2. Added link to the StaDynA open-source tool 3. Added section APP REPACKAGING DETECTORS 4. Added link to the FSquaDRA tool 5. Added link to the samples provided by Drebin project 6. Added section BOOKS 7. Added link to the download page of the book Android Security (and Not) Internals 8. Added paired square bracket --- README.md | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 4023472..22679e0 100644 --- a/README.md +++ b/README.md @@ -59,7 +59,8 @@ A lot of work is happening in academia and industry on tools to perform dynamic 19. [Ijiami (Chinese)](http://safe.ijiami.cn/) - seems dead now 16. [Aurasium](http://www.aurasium.com/) – rewrites the android app to add security policy, seems dead now 17. [Android Linux Kernel modules](https://github.com/strazzere/android-lkms) -18. [Appie](http://manifestsecurity.com/appie/)- Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick or smartphone.This is a one stop answer for all the tools needed in Android Application Security Assessment and an awesome alternative to existing virtual machines. +18. [Appie](http://manifestsecurity.com/appie/) - Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick or smartphone.This is a one stop answer for all the tools needed in Android Application Security Assessment and an awesome alternative to existing virtual machines. +19. [StaDynA](https://github.com/zyrikby/StaDynA) - a system supporting security app analysis in the presence of dynamic code update features (dynamic class loading and reflection). This tool combines static and dynamic analysis of Android applications in order to reveal the hidden/updated behavior and extend static analysis results with this information. ## REVERSE ENGINEERING @@ -67,7 +68,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 3. [emacs syntax coloring for smali files](https://github.com/strazzere/Emacs-Smali) 4. [vim syntax coloring for smali files](http://codetastrophe.com/smali.vim) 5. [AndBug](https://github.com/swdunlop/AndBug) -6. [Androguard](http://code.google.com/p/androguard/) – powerful, integrates well with other tools +6. [Androguard](https://github.com/androguard/androguard) – powerful, integrates well with other tools 7. [Apktool](http://code.google.com/p/android-apktool/) – really useful for compilation/decompilation (uses smali) 8. [Android Framework for Exploitation](https://github.com/xysec/AFE) 9. [Bypass signature and permission checks for IPCs](https://github.com/iSECPartners/Android-KillPermAndSigChecks) @@ -91,17 +92,26 @@ A lot of work is happening in academia and industry on tools to perform dynamic 24. [Simplify Android deobfuscator](https://github.com/CalebFenton/simplify) 25. [Bytecode viewer](https://github.com/Konloch/bytecode-viewer) +##APP REPACKAGING DETECTORS + +1. [FSquaDRA](https://github.com/zyrikby/FSquaDRA) - a tool for detection of repackaged Android applications based on app resources hash comparison. + ## Exploitable Vulnerabilties 1. [Vulnerability Google doc](https://docs.google.com/spreadsheet/pub?key=0Am5hHW4ATym7dGhFU1A4X2lqbUJtRm1QSWNRc3E0UlE&single=true&gid=0&output=html) 2. [Root Exploits (from Drozer issue - #56)(https://github.com/mwrlabs/drozer/issues/56) + #56)](https://github.com/mwrlabs/drozer/issues/56) ## SAMPLE SOURCES 1. [contagio mini dump](http://contagiominidump.blogspot.com) 2. [Open Source database](http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares) +3. [Drebin](http://user.informatik.uni-goettingen.de/~darp/drebin/) + +## BOOKS + +1. [Android Security (and Not) Internals](http://www.zhauniarovich.com/pubs.html) ## MISC TOOLS/READINGS