During my research for the Android platform and in some pentests I tried several things and used different techniques. This is kind of a summary post and I packed some of my tools together into one zip file. The contents are:
- Importing Burp CA into the Android phone, which I already wrote a blog post about
- Some Ubuntu bash scripts that can be used to compile statically linked ARM binaries for Android, which I already wrote a blog post about
- Decompiling/Disassembling bash scripts that I used to disassemble/decompile 3’500 apps from the market, including the Apple Script for Mac to automate the JD-GUI decompilation
- A simple Python script that can be used to install a list of apps on your Android mobile
- A list of Google Market App IDs, one list with free apps, one list with apps that cost money
- A bash script that creates the Metasploit ARM reverse TCP shell payload
- GingerBreak2 and RageAgainstTheCage exploit but including Ubuntu bash ARM compilation scripts, that let you compile the binary on your own instead of using the shipped ARM binary (I only tested the RageAgainstTheCage exploit)
- A list of interesting files on the Android filesystem, that serves as a starting point if you don’t know where to start. Having a rooted phone to access the entire filesystem and using a text editor (.xml and .conf files) and a sqlite db viewer (files ending on .db) you’ll find pretty interesting stuff.
- A file with the Hidden Secret Codes I found on my HTC Desire and in some apps. Actually only two of the 3’500 apps I decompiled had secret codes: The Twicca Twitter client (dial *#*#459338#*#*) and Baidu, the chinese search engine app (*#*#22438#*#*)
You can download the zip file here. I didn’t want to make up my own Android tool project svn or anything like that, but if you have your own toolset (e.g. you’re the developer of one of the tools below), I’d be happy to give my scripts to your project. If you have any feedback, just let me know, I’m happy to discuss it.
Addtionally, I thought I’ll write down some project/tools I used or I want to look into in the future:
- Androguard
- Apkinspector (GUI combining apktool, dex2jar, a Java decompiler, byte code, etc.)
- DED
- androidAuditTools
- Smartphonesdumbapps
- Taintdroid (Privacy issues)
- Android Forensic Toolkit
- viaExtract (There’s a VMWare with viaExtract installed. Does standard Forensic for Android: calls, sms, etc. Needs USB debug on)
I might update this post once in a while