A number of tools can be helpful in reverse engineering and analyzing mobile malware, including:¹

  •  Adhrit: Android APK reversing and analysis suite (https://github.com/abhi-r3v0/Adhrit)

  •  Dexter: Web service for uploading Android applications that are then statically analyzed. Dexter provides a quick overview of the metadata within the application and the included packages.

  •  Androwarn: “Yet another static code analyzer for malicious Android applications” (https://github.com/maaaaz/androwarn)

  •  APK Analyzer: View the absolute and relative size of files that compromise the APK and perform comparisons, view DEX, Android resource, and AndroidManifest.xml

  •  APK Inspector: Collection of many tools within one user interface. APK Inspector comes with Jad, a Java decompiler.

  •  Bytecode Viewer: a lightweight user-friendly Java Bytecode Viewer

  •  Androsim: Compares two Android .apk files (diff)

  •  JADX: More robust tool similar to jd-gui. Handles obfuscated code and handles the decompiling for you.

  •  Mobile Security Framework (MobSF): Automated pen testing, malware analysis, and security assessment framework (for Android/iOS/Windows) for static and dynamic analysis. (https://github.com/MobSF/Mobile-Security-Framework-MobSF)

  •  FREE bootable Linux environments: mobile device forensics and analysis tool. The virtual machine includes emulators that allow you to simulate network traffic and allow the examiner to perform both static and dynamic application analysis

EXAMPLES:

  •  Santoku Linux: https://santoku-linux.com/

  •  Mobexler: https://mobexler.com/

  •  Tsurugi Linux: https://tsurugi-linux.org/

The software we provide for use in this course can be found at the following links:

Android Developer Toolkit: SDK Tools: https://developer.android.com/studio#download

Java Development Kit: https://www.oracle.com/java/technologies/javase-downloads.html

Reference:
[1] https://for585.com/wr-c6 (Uceka blog entry on Android malware analysis).