MARA FRAMEWORK
Mobile Application and Reverse Engineering and Analysis Framework and it’s a tool that contains some major reverse engineering and analysis tools for Mobile Application testing and using this framework we can decompile a particular APK file and analyze the major issues in OWASP Mobile Top and this tool is been mainly used by the Penetration testers, security researchers, and application developers.
We can also use the various features of the APK file like
- APK Reverse Engineering
- APK DE obfuscation
- APK Analysis
- APK Manifest Analysis
- Domain Analysis
- Security Analysis etc.
APK REVERSE ENGINEERING:
- Disassembling Dalvik bytecode to smali bytecode via baksmali and apktool
- Disassembling Dalvik bytecode to java bytecode via enjarify
- Decompiling APK to Java source code via jadx–gui
APK DEOBFUSCATION:
We can extract the APK and analyze the code using Jadx-gui and it shows the codes that has been available for a selected APK File
APK ANALYSIS:
- Parsing smali files for analysis via smalisca
- Dump all assets, libraries and resources
- Extracting certificate data via openssl
- Identify methods and classes via classyshark
- It Extracts the Manifest File in XML format
- Scan for apk vulnerabilities via androbug framework
- Analyse the APK for Potential malicious behavior like androwarn
APK MANIFEST ANALYSIS:
- It Extracts the Intent and exported activities
- It Extracts the Manifest Files and services
- Extract exported services
- Checks if the APK is debuggable
- Checks if the APK allows Databackup
- Check if the APK receives any binary SMS
DOMAIN AND SECURITY ANALYSIS:
Domain analysis is been fetched from the WhatsWeb and the security analysis is checked from the OWASP mobile TOP 10 Checklist
INSTALLATION:
I have downloaded the MARA Framework from Github and listed the option in the framework
We need to launch MARA framework by using the command ./mara.sh
OPTIONS IN FRAMEWORK:
Here In the particular folder of MARA Framework you can see the option by the command of ./mara.sh
And I have downloaded a vulnerable app and configured in the Mara framework
APK ANALYSIS AND REVERSE ENGINEERING:
And after the analysis of the APK it gets saved in the particular folder as given in the below screenshot
Particular Folder that has been saved on the PC is by the below screenshot
Here the decompiled files get saved on the MARA-Framework folders and by viewing this files you can check for the required issues by the vulnerable APK-file.
CONCLUSION:
A multiple set of test tools will be necessary for a more thorough and comprehensive testing process .I have given an overview of the MARA Framework setup process and how it can expedite your android app reverse engineering and static analysis process.
BriskInfosec holds utmost experience in Mobile App Penetration Test to identify potential vulnerabilities and insure coding practises in android application
To know more get in touch with us
AUTHOR
Rajesh
Security Researcher
BriskInfoSec Technology and Consulting PVT LTD
Posts
