Thursday, August 4, 2016

Mobile Application Reverse Engineering: MARA


Mobile Application Reverse engineering and Analysis Framework

    MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a tool that puts together commonly used mobile application reverse engineering tools, in order to make the task or reverse engineering and analysis easier and friendly to mobile application developers and security professionals.



Features supported
  • Reverse engineer apk files to smali, java jar files, java source code and dalvik bytecode (jadx format)
  • Reverse engineer dex, jar and class files into java source code and dalvik bytecode (jadx format)
  • Statically Analyze java source code and dalvik bytecode
  • Scan for apk vulnerabilities via androbugs
  • Scan ssl domains found in the app via the standalone SSL scanner that makes use of pyssltest and testssl

Installing MARA on Linux


MARA ships with a script that assists in downloading and installing the dependencies above. Simply run the setup.sh script with sudo privilege and it will install them.
The following are the requirements for running MARA. The domain SSL scanning component requires an active internet connection. MARA works with Open JDK or Oracle JDK. We recommend version 7 and above when using either of them.

Java JDK
sudo apt-get -y install openjdk-7-jdk 

Tree
sudo apt-get -y install tree

Install 32bit libs
sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get -y install libgtk2.0-0:i386 libxxf86vm1:i386 libsm6:i386 lib32stdc++6

Figlet
sudo apt-get -y install figlet
sudo cp tools/figlet/doom.flf /usr/share/figlet

Smalisca
sudo pip install smalisca
Unirest
sudo pip install unirest

AHA – Ansi HTML Adapter
sudo apt-get -y install aha

Python3
apt-get install -y python3

Androwarn dependencies
sudo apt-get -y install python python-jinja2 git

Smali graph generation dependency
pip install pydot



After meeting all the requirements. If you run ./mara.sh –help you should see the MARA help menu as shown below.

mara

     MARA ships with a SSL scanner script that makes use of pyssltest and testssl. The stand alone SSL scanner can be run using the command ./ssl_scanner.sh and follow the instructions displayed. The findings from the scan are dumped in the domain scans folder i.e./MARA_Framework/data/domain_scans/
     While analyzing APK files, MARA provides the option of scanning domains found in the apk using the above mentioned tools. This scan runs in the background and can be skipped. In the event the scan is performed, the user is required to tail the two log files i.e pyssltest.log and testssl.log in/MARA_Framework/data/apk_name/analysis/static/ssl_scan/log/

No comments:

Post a Comment