0
1
00:00:08,550 --> 00:00:13,630
So far we've seen how you can use APK tool to obtain smali code.
1

2
00:00:13,650 --> 00:00:19,620
Also how to use a tool like byte code viewer or directly use a Java Decompiler to be able to obtain
2

3
00:00:19,620 --> 00:00:21,050
the almost Java code.
3

4
00:00:22,360 --> 00:00:28,420
The thing is that as an analyst at least initially you are usually looking for the same things like
4

5
00:00:28,450 --> 00:00:31,870
OK what permission does this application have.
5

6
00:00:31,870 --> 00:00:37,920
What are the services that are listed in the application to answer these questions.
6

7
00:00:37,920 --> 00:00:43,080
You could either do what we showed in the previous part or you could develop your own scripts on top
7

8
00:00:43,080 --> 00:00:50,490
of the outputs of tools like Apktool. Androguard is a popular example of a tool that uses scripts
8

9
00:00:50,520 --> 00:00:53,250
against these outputs to produce its results.
9

10
00:00:54,480 --> 00:01:03,810
So we showed how to install Androguard earlier. To use Androguard just type Androguard, see the
10

11
00:01:03,810 --> 00:01:04,770
options here.
11

12
00:01:05,790 --> 00:01:06,240
OK.
12

13
00:01:06,240 --> 00:01:14,500
So when you run Androguard analyze flipcortex.apk.
13

14
00:01:14,580 --> 00:01:21,480
We are now in a situation where Androguard was run against flipcortex.APK and we can run a bunch
14

15
00:01:21,480 --> 00:01:32,150
of commands on this APK. So to run commands on the APK you do a dot so say for example you want to
15

16
00:01:32,150 --> 00:01:34,400
get the requested permissions.
16

17
00:01:34,400 --> 00:01:38,460
This will show what permission this APK is using.
17

18
00:01:38,570 --> 00:01:42,940
There are other things that could be of interest.
18

19
00:01:42,980 --> 00:01:51,790
So for example you want to see what are the services of apk. a dot get underscore services.
19

20
00:01:52,000 --> 00:02:02,060
Same thing for receivers a dot get underscore receivers and so on more than the actual tool.
20

21
00:02:02,060 --> 00:02:07,670
Here we are saying that as an analyst once you get used to your process it would make sense to develop
21

22
00:02:07,670 --> 00:02:14,610
scripts on top of outputs to automate the process Androguard is nothing more than a collection of
22

23
00:02:14,610 --> 00:02:15,640
python scripts.
23

24
00:02:15,660 --> 00:02:23,840
On top of the APK outputs so for example if you want scripts to find all the permissions being used
24

25
00:02:24,440 --> 00:02:27,040
you run apktool against it.
25

26
00:02:28,030 --> 00:02:35,190
Do some string analysis on the XML and find all the permissions inside, which is essentially what Androguard
26

27
00:02:35,190 --> 00:02:36,970
is doing over here.