Online Android Sandbox

Project Name: Project 3 - Online Android Sandbox
Mentor: Hugo Gascon (DE)
Backup mentor: TBC
Skills required: Android, Python, VirtualBox or other virtualization technologies, web tech (HTML, JavaScript) and some database solution.
Project type: New tool (by combining others)
Project goal: Integrate static and dynamic analysis Android tools from the Honeynet Project into a friendly public online sandbox.
Description:

As described in the introduction, Droidbox is used in a range of other projects. Even though these projects collect a lot of data, only few of them are available and the data is not always shared. The main goal of this project is therefore to design and implement both an easy-to-use web-frontend and also the backend to automatically analyze and retrieve the combined results of several Android reverse engineering tools.

The online Android sandbox, which will be hosted in the Honeynet Project’s cloud, will initially combine powerful tools developed as part of previous GSoC, like Androguard[1] for static analysis and Droidbox for dynamic analysis[2] but it is to be designed as an extensible platform to allow for the inclusion of new tools and techniques. The frontend will allow for any user to submit an APK and visualize the results from the static and dynamic analysis as soon as the execution of the sample is completed. As implemented in malwr.com[3], the online sandbox for x86 binaries based on Cuckoo, the dynamic analysis will be queued and run in the background and an email will be sent to the user when ready.

If successful, this GSoC project will guarantee constant testing and feedback for the Androguard and Droidbox codebases, which will sure lead to further and faster improvements. Moreover, it will provide a constant stream of suspicious samples and a platform to test experimental techniques developed within the Honeynet Project.

[1] https://github.com/androguard/androguard/
[2] https://github.com/pjlantz/droidbox/
[3] http://malwr.com/