Penetration testing

Android Penetration Tools Walkthrough Series: Androguard

Today, much of our personal and financial information is tied to mobile and web apps. Penetration testing is an ever-growing enterprise in the tech space, as security is becoming more important than ever before. The ability to study a piece of software for liabilities is the goal of reverse software engineering.

In this article, we will guide you step-by-step through the process of using one of the most relevant new programs in the industry: Androguard.

Earn two pentesting certifications at once!

Enroll in one boot camp to earn both your Certified Ethical Hacker (CEH) and CompTIA PenTest+ certifications — backed with an Exam Pass Guarantee.

View Pricing

What is Androguard?

Androguard is a Python-based tool used for reverse engineering Android apps. This entails taking the raw Android Package (.apk) files of the app and breaking them down to analyze. From there, penetration testing for malware and vulnerabilities can be done. Androguard is supported by Linux, Windows, and OSX as long as Python is installed on the system. Note that running Androguard on Windows deals with a great many dependencies, and for simplicity sake, we recommend you use a Virtual Machine to run Linux for the use of this tool.

How do I use Androguard?

This instrument is used through the command prompt terminal. Once you download and install Androguard, you can easily input different commands that will provide specific information about the app – such as permissions, associated files, and the code itself.

How to run Linux on Windows

You can run Linux inside Windows by using a virtual machine like the free VMware Workstation 14 Player, which you can find here. Download the installer, run it, and follow the instructions. Create a new instance with Ubuntu Linux as the operating system which is already in the setup options. You will then be able to use the command line terminal from Linux.

How to download and install Androguard

1. Install Python 3 on your system.

Linux

Check to see if Python 3 is already installed by running the following command:

$ python3 --version

If the latest version is not already installed, use the following commands to install it with your distribution's package manager:

● On Debian-based derivatives such as Ubuntu, use APT

$ sudo apt-get install python3

● On Red Hat and derivatives, use yum:

$ sudo yum install python3

● On SUSE and derivatives, use zypper:

$ sudo yum install python3

Verify that Python was installed correctly – again with the following command:

$ python3 –version

Python 3.6.2

Then you need to install the dependencies iPython and pygments with:

$ pip2 install ipython

$ pip2 install pygments

You may need to upgrade "pip" to do so. Ubuntu will guide you with this.

OSX

i. First, you need to install Xcode on your machines.

ii. Then run the following command in the terminal:

$ xcode-select --install

iii. Now you need to install Homebrew package manager.

iv. Add the following line at the end of your "~/.profile" file:

export PATH=/usr/local/bin:/usr/local/sbin:$PATH

v. Now you can install Python 3 with:

$ brew install python3

vi. After installing Python 3, run the following commands to install iPython and pygments:

$ sudo easy_install ipython

$ sudo easy_install pygments

2. Download Androguard

Download the Androguard 2.0 source code from Github Here. Unzip it to your desired folder, right-click inside it, and open a terminal there.

3. Install Androguard

Navigate to the Androguard folder where you downloaded the Github source code. Open the terminal from that location and run the following command:

$ sudo python setup.py install

You are now ready to use Androguard!

You can now use Androguard and all of its features. As you may have noticed, in the androguard folder that you created, there are multiple python files such as setup.py. The different utilities each have a similar file which can be run and then used to gather data.

We will be reviewing the most popular utilities of Androguard:

● Androlyze

● Androdd

● Androaxml

● Androsim

● Androapkinfo

There are other utilities as well:

● Androarsc

● Androauto

● Androcsign

● Androdiff

● Androgexf

● Androsign

● Androdis

● Androgui

We will now take a look at the top Androguard utilities.

Androlyze

Androlyze decompiles the apk file and opens the iPyhton shell where you can input commands to show files and permissions. To do this, save the apk file inside the androguard folder, then use the following commands:

To run androlyze:

$ androlyze.py -s

To open the iPython Androlyze shell:

$ a,d,dx = AnalyzeAPK(<apk_file_name>, decompiler="dad")

We will use the default decompiler, DAD. This comes standard with the Androguard installation. After running this last command, the system may take a fair amount of time depending on how large the apk file is.

There are many commands to show information about the app's files. Some favorites are:

● Shows the signature name of the app:

$ a.get_signature_name()

● Shows the actual signature of the app:

$ a.get_signature()

● Shows all files in the app:

$ a.get_files()

● Shows all Activities in the app:

$ a.get_activities()

● Shows all Services in the app:

$ a.get_services()

● Shows all Receivers in the app:

$ a.get_receivers()

● Shows all permissions requested by the app:

$ a.get_permissions()

● Shows potentially dangerous permissions:

$ a.get_details_permissions()

● Shows all class names:

$ d.get_classes_names()

● Shows all strings defined:

$ d.get_strings()

● Shows all methods in a class:

$ d.get_methods()

You can also type a. , d. , or dx. and then the "Tab" key to see a smart list of the commands that are available.

Example:

This is a.get_signature_name()

To exit the Androlyze shell, type the command exit to end the session. This can also take some time.

Androdd

We can use Androdd to view the java code files of an app by using the following commands:

$ androdd.py -i myAPK.apk -o output

Where "myAPK.apk" will be replaced by your apk filename and "output" will be the name of the folder in which the .java files will be dumped. Androdd will dump all the files, so a quick search in the newly created output folder for ".java" will yield the java files to view.

Androaxml

To see the AndroidManifest.xml file as a readable XML file, use the following command:

$ androaxml.py -i <apk_file_name> -o <name_of_output_file>

As before, the file names can be filled in.

Example:

$ androaxml.py -i myAPK.apk -o OUTPUT.xml

Androsim

This utility can be used to compare two apk files by using the command:

$ androsim.py -i <apk_file_name> <path_of_second_apk> -c ZLIB -n

Androapkinfo

Use the following command to display descriptive information about Main Activity, All Activities, Services, Files, Permissions, and Obfuscation data:

$ androapkinfo.py -i <apk_file_name>

More uses

The services available through the Androguard suite are numerous. In addition to the methods provided, you can also generate graphical lists and charts. Check out all the different uses of Androguard Here.

Conclusion

Androguard is a versatile tool that can help any pen tester to gather analysis information about an Android app. The installation and setup process for using this tool is fairly straightforward. However, it helps to know exactly what steps to take and when to take them.