AREsoft-updater will check for the latest available version of each individual project/tool listed above and compare it with the local (installed) version in A.R.E. If newer version is available, AREsoft-updater will automatically download and install the update for your A.R.E
I'm announcing the new features of Android dynamic analysis tool DroidBox as GSoC 2012 approaches the end. In this release, I would like to introduce two parts of my work: DroidBox porting and APIMonitor.
The Honeynet Project is happy to announce the release of the Android Reverse Engineering (A.R.E.) Virtual Machine.
Do you need to analyze a piece of Android malware, but dont have all your analysis tools at hand? The Android Reverse Engineering (A.R.E.) Virtual Machine, put together by Anthony Desnos from our French chapter, is here to help. A.R.E. combines the latest Android malware analysis tools in a readily accessible toolbox.
Tools currently found on A.R.E. are:
Beta version is out and the install instructions are available at the project webpage. The new features are:
The following figures show the new visualization added to the beta version.
As the deadline of GSOC has passed, I would like to announce the APKinspector Beta1.0. APKinspector is a tool to help Android application analysts and reverse engineers to analyze the compiled Android packages and their corresponding codes. You can review the Alpha version report and the page of this project to know more about it.
Chinese viewers may view the demo at: http://v.youku.com/v_show/id_XMjk3ODAwMzU2.html
Based on the Alpha release, APKinspector has added some features as follows:
The Android application sandbox is now ready for an alpha release. Details on how to get DroidBox running are available at the project webpage.
At the moment, the following actions are logged during runtime:
One of the very first Android malwares, Geinimi has been analyzed in the application sandbox DroidBox that is currently being developed. The project is part of GSoC 2011 in collaboration with Honeynet and as a master thesis. The Geinimi application uses DES encryption, and it's possible to uncrypt statically the content, see picture below.