In recent days almost all the malwares are protected by packers or cryptors to protect it from security scanners. The malware analysts waste lot of time in analyzing same malware variants protected by different packers. Memory scanning can be employed to fight against such type of samples.
Vejovis is a project that was started to develope an user mode memory scanning tool "MeMMoN - A Process Memory Scanning Tool". It scans the memory of all the processes in the system. It can be downloaded from the below link.
Download Link
Wednesday, August 10, 2011
Friday, March 18, 2011
Reversing Android Applications
In the recent weeks we are witnessing a massive increase in the amount of malwares for android mobiles. Most of the malwares sent SMS to premium mobile numbers. Before getting into reversing android applications let us see how they can be developed. Android os is based on modified version of Linux Kernel.Android uses Dalvik Virtual Machine(DVM) to execute all android applications.
The android applications can be developed using Java in Android SDK. The tool dx included in Android SDK transforms JAVA .class files to Android .dex(Dalvik Executables) files. Then the .dex files are archived usins zip to form .apk(Android apps) files. To get the .dex file and the rest of the resource files of the andoid application, unarchive the .apk file.
Unlike Windows PE files in Android you can get the source code of android applications from the available .apk files. Here we are going to employ a trick through which we can get the source code of Android apps.
The first step is converting the .apk file to .jar(JAVA Archive). Then using JAVA Decompiler to get the source of the class files that are transformed to form the .dex file and later to .apk file.
To convert .apk to .jar we can use Dex2Jar(Google code project).
/>Dex2Jar <%file name%>
Then finally we can use JAVA Decompiler to get the JAVA source code.
Reference:
http://www.android.com/
http://developer.android.com/guide/basics/what-is-android.html
http://en.wikipedia.org/wiki/Android_%28operating_system%29
http://www.dalvikvm.com/
http://java.decompiler.free.fr/
http://code.google.com/p/dex2jar/
The android applications can be developed using Java in Android SDK. The tool dx included in Android SDK transforms JAVA .class files to Android .dex(Dalvik Executables) files. Then the .dex files are archived usins zip to form .apk(Android apps) files. To get the .dex file and the rest of the resource files of the andoid application, unarchive the .apk file.
Unlike Windows PE files in Android you can get the source code of android applications from the available .apk files. Here we are going to employ a trick through which we can get the source code of Android apps.
The first step is converting the .apk file to .jar(JAVA Archive). Then using JAVA Decompiler to get the source of the class files that are transformed to form the .dex file and later to .apk file.
To convert .apk to .jar we can use Dex2Jar(Google code project).
/>Dex2Jar <%file name%>
Then finally we can use JAVA Decompiler to get the JAVA source code.
Reference:
http://www.android.com/
http://developer.android.com/guide/basics/what-is-android.html
http://en.wikipedia.org/wiki/Android_%28operating_system%29
http://www.dalvikvm.com/
http://java.decompiler.free.fr/
http://code.google.com/p/dex2jar/
Subscribe to:
Posts (Atom)