1
00:00:01,130 --> 00:00:07,160
Let's see another interesting tool that is Guarch and what extend for quick and broad review kit, and

2
00:00:07,160 --> 00:00:12,470
this is actually a command line tool that performs static analyses of Android applications by actually

3
00:00:12,710 --> 00:00:19,610
compiling the epic file, using a lot of tools and then analyzing the source code for specific patterns

4
00:00:19,610 --> 00:00:21,280
and specific vulnerabilities.

5
00:00:21,290 --> 00:00:27,170
And Guarch was actually created by the security team on LinkedIn, and it can be actually downloaded

6
00:00:27,170 --> 00:00:31,100
from their GitHub repository, their apps that I'm showing on screen.

7
00:00:31,520 --> 00:00:33,880
OK, now let's launch Guarch.

8
00:00:34,430 --> 00:00:42,120
Actually, I am sharing screenshots with you because work takes some time to scan a big file into decompiled.

9
00:00:42,170 --> 00:00:43,340
OK, don't worry.

10
00:00:43,340 --> 00:00:47,140
If you tried this in your machine, you will see some steps to use it.

11
00:00:47,330 --> 00:00:51,760
You can launch it in interactive mode using the command that I am showing here.

12
00:00:52,100 --> 00:00:56,420
Then you will ask if you want to download the Android SDK select.

13
00:00:56,420 --> 00:00:57,820
Yes, for this example.

14
00:00:58,160 --> 00:01:01,310
And then the tool is downloading it and installing the SDK.

15
00:01:01,760 --> 00:01:06,750
Once it is done it the if you want to examine a file or a source file.

16
00:01:07,070 --> 00:01:12,400
And in this case I selected an epic file and then provided the path to that file.

17
00:01:12,560 --> 00:01:16,600
And that's basically the same file that we use in the earlier example.

18
00:01:17,030 --> 00:01:23,450
There you see that it actually starts on back in the file and it asks you if you want to inspect the

19
00:01:23,450 --> 00:01:24,110
manifest.

20
00:01:24,470 --> 00:01:24,920
Select.

21
00:01:24,950 --> 00:01:25,280
Yes.

22
00:01:25,530 --> 00:01:28,370
And here you can see the actual Android manifest.

23
00:01:28,430 --> 00:01:35,220
Now one of them, it's to further the complete file and ask you if you want to begin to perform static.

24
00:01:35,220 --> 00:01:36,100
Good analysis.

25
00:01:36,500 --> 00:01:37,940
So let's actually do that.

26
00:01:38,180 --> 00:01:44,270
Then you will see that Google performs a series of code analysis checks like looking for insecure functions,

27
00:01:44,270 --> 00:01:49,570
access control checks, hardcoded APIs, crypto issues and many more.

28
00:01:49,850 --> 00:01:55,610
So once it's done, it actually export the findings to a report and even ask you if you want to build

29
00:01:55,610 --> 00:02:00,210
and explode a file with any potential vulnerabilities that actually may have found.

30
00:02:00,590 --> 00:02:01,960
So let's actually do that.

31
00:02:02,420 --> 00:02:08,720
And once it's done with all this process, it also completes the report and tells you where stores that

32
00:02:08,720 --> 00:02:09,120
report.

33
00:02:09,590 --> 00:02:11,690
So let's open that report in a Web browser.

34
00:02:11,690 --> 00:02:14,300
And it looks the same as here in our screenshot.

35
00:02:14,330 --> 00:02:20,150
And there you can see that actually you found two potential vulnerabilities in the file that I inspected.

36
00:02:20,660 --> 00:02:22,580
And it also provided some warnings.

37
00:02:22,760 --> 00:02:24,890
Some of them are information alert.

38
00:02:24,890 --> 00:02:30,410
And you also see debug messages that can potentially help you troubleshoot or further examine other

39
00:02:30,410 --> 00:02:31,640
errors in the application.

40
00:02:31,760 --> 00:02:34,990
OK, so now you will also see the manifest.

41
00:02:35,000 --> 00:02:37,460
Let's look at the pending inside section.

42
00:02:37,460 --> 00:02:41,750
There you can see that actually found two potential vulnerabilities in Boudjellal files.

43
00:02:42,320 --> 00:02:46,100
In this case, we found two potential vulnerabilities in those files.

44
00:02:46,100 --> 00:02:51,910
And you can see this is actually a pretty powerful tool to perform in-depth Android application analyses.

45
00:02:52,160 --> 00:02:56,960
Now let's go over another useful resource that was actually created by The Honeynet Project.

46
00:02:57,590 --> 00:03:02,420
And basically they created a pretty handy virtual machine for reverse engineering called Herry.

47
00:03:02,600 --> 00:03:04,660
Or you can call it e r e.

48
00:03:04,730 --> 00:03:05,140
Okay.

49
00:03:05,480 --> 00:03:07,310
And it comes with many tools.

50
00:03:07,310 --> 00:03:15,200
That includes an Brugada Android SDK, the API inspector, the API tool that we actually mentioned before

51
00:03:15,470 --> 00:03:17,870
then, the extruder that we mentioned before.

52
00:03:17,960 --> 00:03:20,270
Next is droid box and many more.