1 00:00:01,130 --> 00:00:07,160 Let's see another interesting tool that is Guarch and what extend for quick and broad review kit, and 2 00:00:07,160 --> 00:00:12,470 this is actually a command line tool that performs static analyses of Android applications by actually 3 00:00:12,710 --> 00:00:19,610 compiling the epic file, using a lot of tools and then analyzing the source code for specific patterns 4 00:00:19,610 --> 00:00:21,280 and specific vulnerabilities. 5 00:00:21,290 --> 00:00:27,170 And Guarch was actually created by the security team on LinkedIn, and it can be actually downloaded 6 00:00:27,170 --> 00:00:31,100 from their GitHub repository, their apps that I'm showing on screen. 7 00:00:31,520 --> 00:00:33,880 OK, now let's launch Guarch. 8 00:00:34,430 --> 00:00:42,120 Actually, I am sharing screenshots with you because work takes some time to scan a big file into decompiled. 9 00:00:42,170 --> 00:00:43,340 OK, don't worry. 10 00:00:43,340 --> 00:00:47,140 If you tried this in your machine, you will see some steps to use it. 11 00:00:47,330 --> 00:00:51,760 You can launch it in interactive mode using the command that I am showing here. 12 00:00:52,100 --> 00:00:56,420 Then you will ask if you want to download the Android SDK select. 13 00:00:56,420 --> 00:00:57,820 Yes, for this example. 14 00:00:58,160 --> 00:01:01,310 And then the tool is downloading it and installing the SDK. 15 00:01:01,760 --> 00:01:06,750 Once it is done it the if you want to examine a file or a source file. 16 00:01:07,070 --> 00:01:12,400 And in this case I selected an epic file and then provided the path to that file. 17 00:01:12,560 --> 00:01:16,600 And that's basically the same file that we use in the earlier example. 18 00:01:17,030 --> 00:01:23,450 There you see that it actually starts on back in the file and it asks you if you want to inspect the 19 00:01:23,450 --> 00:01:24,110 manifest. 20 00:01:24,470 --> 00:01:24,920 Select. 21 00:01:24,950 --> 00:01:25,280 Yes. 22 00:01:25,530 --> 00:01:28,370 And here you can see the actual Android manifest. 23 00:01:28,430 --> 00:01:35,220 Now one of them, it's to further the complete file and ask you if you want to begin to perform static. 24 00:01:35,220 --> 00:01:36,100 Good analysis. 25 00:01:36,500 --> 00:01:37,940 So let's actually do that. 26 00:01:38,180 --> 00:01:44,270 Then you will see that Google performs a series of code analysis checks like looking for insecure functions, 27 00:01:44,270 --> 00:01:49,570 access control checks, hardcoded APIs, crypto issues and many more. 28 00:01:49,850 --> 00:01:55,610 So once it's done, it actually export the findings to a report and even ask you if you want to build 29 00:01:55,610 --> 00:02:00,210 and explode a file with any potential vulnerabilities that actually may have found. 30 00:02:00,590 --> 00:02:01,960 So let's actually do that. 31 00:02:02,420 --> 00:02:08,720 And once it's done with all this process, it also completes the report and tells you where stores that 32 00:02:08,720 --> 00:02:09,120 report. 33 00:02:09,590 --> 00:02:11,690 So let's open that report in a Web browser. 34 00:02:11,690 --> 00:02:14,300 And it looks the same as here in our screenshot. 35 00:02:14,330 --> 00:02:20,150 And there you can see that actually you found two potential vulnerabilities in the file that I inspected. 36 00:02:20,660 --> 00:02:22,580 And it also provided some warnings. 37 00:02:22,760 --> 00:02:24,890 Some of them are information alert. 38 00:02:24,890 --> 00:02:30,410 And you also see debug messages that can potentially help you troubleshoot or further examine other 39 00:02:30,410 --> 00:02:31,640 errors in the application. 40 00:02:31,760 --> 00:02:34,990 OK, so now you will also see the manifest. 41 00:02:35,000 --> 00:02:37,460 Let's look at the pending inside section. 42 00:02:37,460 --> 00:02:41,750 There you can see that actually found two potential vulnerabilities in Boudjellal files. 43 00:02:42,320 --> 00:02:46,100 In this case, we found two potential vulnerabilities in those files. 44 00:02:46,100 --> 00:02:51,910 And you can see this is actually a pretty powerful tool to perform in-depth Android application analyses. 45 00:02:52,160 --> 00:02:56,960 Now let's go over another useful resource that was actually created by The Honeynet Project. 46 00:02:57,590 --> 00:03:02,420 And basically they created a pretty handy virtual machine for reverse engineering called Herry. 47 00:03:02,600 --> 00:03:04,660 Or you can call it e r e. 48 00:03:04,730 --> 00:03:05,140 Okay. 49 00:03:05,480 --> 00:03:07,310 And it comes with many tools. 50 00:03:07,310 --> 00:03:15,200 That includes an Brugada Android SDK, the API inspector, the API tool that we actually mentioned before 51 00:03:15,470 --> 00:03:17,870 then, the extruder that we mentioned before. 52 00:03:17,960 --> 00:03:20,270 Next is droid box and many more.