Androguard

Reverse engineering, Malware, and goodware analysis of Android applications … and more (ninja !)

Features

Androguard is a full Python tool to play with Android files.

DEX, ODEX
APK
Android’s binary xml
Android resources
Disassemble DEX/ODEX bytecodes
Decompiler for DEX/ODEX files

Changelog v4.1

stricter regex to capture “official” classes.dex files by @eybisi in #986
Restore ‘androguard cg’ callgraph generation by @ehrenb in #985
add tests for class, fields, and method access flags using the TestActivity.apk file (attempt #2) by @ehrenb in #997
minor update about sessions and added warning before deletion in expo… by @erev0s in #1003

Installation

git clone https://github.com/androguard/androguard.git
cd androguard
pip install .

Tool

androarsc

Usage: androarsc.py [options]

Options:
  -h, --help            show this help message and exit
  -i INPUT, --input=INPUT
                        filename input (APK or android resources(arsc))
  -p PACKAGE, --package=PACKAGE
                        select the package (optional)
  -l LOCALE, --locale=LOCALE
                        select the locale (optional)
  -t TYPE, --type=TYPE  select the type (string, interger, public, ...)
  -o OUTPUT, --output=OUTPUT
                        filename output
  -v, --version         version of the API

androauto

Usage: androauto.py [options]

Options:
  -h, --help            show this help message and exit
  -d DIRECTORY, --directory=DIRECTORY
                        directory input
  -v, --verbose         add debug

androaxml

Usage: androaxml.py [options]

Options:
  -h, --help            show this help message and exit
  -i INPUT, --input=INPUT
                        filename input (APK or android's binary xml)
  -o OUTPUT, --output=OUTPUT
                        filename output of the xml
  -v, --version         version of the API

androdd

Usage: androdd.py [options]

Options:
  -h, --help            show this help message and exit
  -i INPUT, --input=INPUT
                        file : use this filename
  -o OUTPUT, --output=OUTPUT
                        base directory to output all files
  -d DECOMPILER, --decompiler=DECOMPILER
                        choose a decompiler
  -j, --jar             output jar file
  -f FORMAT, --format=FORMAT
                        write the method in specific format (png, ...)
  -l LIMIT, --limit=LIMIT
                        limit analysis to specific methods/classes by using a
                        regexp

androdis

Usage: androdis.py [options]

Options:
  -h, --help            show this help message and exit
  -i INPUT, --input=INPUT
                        file : use this filename (DEX/ODEX)
  -o OFFSET, --offset=OFFSET
                        offset to disassemble
  -s SIZE, --size=SIZE  size

androgui

usage: androgui.py [-h] [-d] [-i INPUT_FILE] [-p INPUT_PLUGIN]

Androguard GUI

optional arguments:
  -h, --help            show this help message and exit
  -d, --debug
  -i INPUT_FILE, --input_file INPUT_FILE
  -p INPUT_PLUGIN, --input_plugin INPUT_PLUGIN

androlyze

androlyze is a tool that spawns an IPython shell.

Source: https://github.com/androguard/

Tags: androguard