The Honeynet Project

AREsoft-updater is a simple updater script for Android Reverse Engineering Software belongs to Android Reverse Engineering (A.R.E.) Virtual Machine from the Honeynet Project

AREsoft-updater will check for the latest available version of each individual project/tool listed above and compare it with the local (installed) version in A.R.E. If newer version is available, AREsoft-updater will automatically download and install the update for your A.R.E

I'm announcing the new features of Android dynamic analysis tool DroidBox as GSoC 2012 approaches the end. In this release, I would like to introduce two parts of my work: DroidBox porting and APIMonitor.

The Honeynet Project is happy to announce the release of the Android Reverse Engineering (A.R.E.) Virtual Machine.

Do you need to analyze a piece of Android malware, but dont have all your analysis tools at hand? The Android Reverse Engineering (A.R.E.) Virtual Machine, put together by Anthony Desnos from our French chapter, is here to help. A.R.E. combines the latest Android malware analysis tools in a readily accessible toolbox.

Tools currently found on A.R.E. are:

• Androguard
• Android sdk/ndk
• APKInspector
• Apktool
• Axmlprinter

Beta version is out and the install instructions are available at the project webpage. The new features are:

• Prevent some emulator evasion techniques
• Added visualization of analysis results
• Automated app installation and execution
• Displaying analysis information about the APK
• Static pre-check extracts the app's registered Intents

The following figures show the new visualization added to the beta version.

As the deadline of GSOC has passed, I would like to announce the APKinspector Beta1.0. APKinspector is a tool to help Android application analysts and reverse engineers to analyze the compiled Android packages and their corresponding codes. You can review the Alpha version report and the page of this project to know more about it.

Click the picture below to watch a full demonstration video of APKInspector:

Chinese viewers may view the demo at: http://v.youku.com/v_show/id_XMjk3ODAwMzU2.html

Based on the Alpha release, APKinspector has added some features as follows:

The Android application sandbox is now ready for an alpha release. Details on how to get DroidBox running are available at the project webpage.

At the moment, the following actions are logged during runtime:

• File read and write operations
• Cryptography API activity
• Opened network connections
• Outgoing network traffic
• Information leaks through the following sinks: network, file, sms
• Attempts to send SMS
• Phone calls that have been made

One of the very first Android malwares, Geinimi has been analyzed in the application sandbox DroidBox that is currently being developed. The project is part of GSoC 2011 in collaboration with Honeynet and as a master thesis. The Geinimi application uses DES encryption, and it's possible to uncrypt statically the content, see picture below.