Android APK Analysis

Well during semester break a couple of weeks ago, I’ve done research on Kad Kahwin Scam Analysis APK (will do writeups on it later), so here is what I found regarding Android Analysis

Static Analysis

Static analysis is the process of examining files or code without executing them. This involves identifying patterns, signatures, or characteristics that remain consistent and do not change. It is used to detect vulnerabilities, ensure compliance with coding standards, and analyze malware by inspecting its structure and content. This type of analysis can help identify potential issues early in the development process, making it a critical step in both security assessments and software quality assurance.

MobSF

So you can use this tool right here it basically automates everything you want regarding Static Analysis

Methodology

1. Permission File: Review the file permissions to ensure it has the necessary access levels for its intended function.
2. Source Code: Examine the source code for any irregularities or suspicious patterns that could indicate malicious activity.
3. Malicious Function: Identify any functions within the code that perform actions typically associated with malware, such as data exfiltration or unauthorized access.
4. Find Command and Control (C2C): Look for any code that attempts to connect to a remote server, which could be indicative of a Command and Control server used by the attacker.
5. Intention of Threat Actor: Analyze the behavior of the code to understand the potential intentions of the threat actor, such as stealing data, disrupting services, or gaining unauthorized

Dynamic Analysis

Dynamic analysis is a technique used in software testing and security assessment where a program is executed and its behavior is observed in real-time. This contrasts with static analysis, which examines code without running it. Dynamic analysis is particularly valuable for identifying runtime issues and security vulnerabilities that may not be apparent through static analysis alone.

Android Emulator

An Android emulator allows you to simulate an Android device on your computer, providing a controlled environment for testing and analyzing applications. Emulators are essential for dynamic analysis because they enable you to observe the behavior of an app without needing a physical device. Here’s how you can set up and use an Android emulator for dynamic analysis

Connect to device

./emulator -list-avds
./emulator -avd Pixel_7_Pro_33_API

ADB

Android Debug Bridge, a versatile command-line tool that lets you communicate with an emulator instance or connected Android device.

Setting up

adb devices
adb install path/to/your/app.apk
adb shell

Burp Suite

Burp Suite is a powerful and popular tool for performing security testing of web applications. It provides a wide range of features that allow you to intercept, inspect, and modify web traffic between your browser and the target application. Burp Suite is essential for identifying vulnerabilities and understanding the behavior of web applications during runtime

Setting up the proxy is a pain in the ass btw :)