Các công cụ cần thiết cho Android Apps Reversing || Analysis

Dynamic analysis
Droidbox: An Android Application Sandbox for Dynamic Analysis, “the sandbox will utilize static pre-check, dynamic taint analysis and API monitoring. Data leaks can be detected by tainting sensitive data and placing taint sinks throughout the API. Additionally, by logging relevant API function parameters and return values, a potential malware can be discovered and reported for further analysis.” Source: http://www.honeynet.org/gsoc/slot5
http://code.google.com/p/droidbox/


The Android SDK: “A software development kit that enables developers to create applications for the Android platform. The Android SDK includes sample projects with source code, development tools, an emulator, and required libraries to build Android applications. Applications are written using the Java programming language and run on Dalvik, a custom virtual machine designed for embedded use which runs on top of a Linux kernel.” Source: http://www.webopedia.com/TERM/A/Android_SDK.html

Using the Android SDK we can create a virtual android device almost identical in functionality and capabilities of an android telephone and using that virtual device as secure environment we can execute the malware and observe the behavior of it.
http://developer.android.com/sdk/index.html

androidAuditTools: “Dynamic Android analysis tools”
https://github.com/wuntee/androidAuditTools

Static analysis 

Mobile Sandbox: mobile sandbox provides static analysis of malware images with an easy accessible web interface for submission.
http://www.mobile-sandbox.com (still in beta)

IDA pro version 6.1 and above: IDA pro, the known and most common among reverse engineers disassembler and debugger is supporting Android bytecode from the professional versions 6.1 and above.
http://www.hex-rays.com/products/ida/6.1/index.shtml

APKInspector: “APKinspector is a powerful GUI tool for analysts to analyze the Android applications.”      http://code.google.com/p/apkinspector/
Dex2jar: “A tool for converting Android’s .dex format to Java’s .class format”

http://code.google.com/p/dex2jar/
Jd-gui: “JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields.”

http://java.decompiler.free.fr/?q=jdgui

Androguard: “Reverse engineering, Malware analysis of Android applications … and more !”

http://code.google.com/p/androguard/
JAD: “Java Decompiler”

http://www.varaneckas.com/jad
Dexdump: “Java .dex file format decompiler”


http://code.google.com/p/dex-decomplier/
Smali: “smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android’s Java VM implementation. The syntax is loosely based on Jasmin’s/dedexer’s syntax, and supports the full functionality of the dex format (annotations, debug info, line info, etc.)”

http://code.google.com/p/smali/