Arsenal Demo of Android Tamer
A presentation at BlackHat ASIA 2016 in in Singapore by Anant Shrivastava
ANDROID TAMER https://androidtamer.com
WHAT Virtual machine for Android (Security) Professionals Supports VirtualBox VMWare Vagrant / Ansible
WHY Saves time while Finding and installing tools Configuring them Ensuring all other tools are still working Managing updates of each tool
TOOLS INCLUDE 1. adb / fastboot / android-sdk 2. dex2jar / enjarify 3. apktool 4. jad / jd-gui / jadx / jadx-gui 5. drozer 6. DFF / ddrescueview 7. SQLiteManager / SQLiteMan 8. Burp Free / OWASP-ZAP 9. pidcat 10. MobSF (in-progress) 11. Cukoo-droid (in-progress) 12. and more….
CUSTOM FEATURES 1. Easy Management of multiple devices 2. One liner commands (apk2java, drozer_start etc) 3. Scripts for automated analysis 4. So ware update managed over apt-get repository (alpha phase) (http://repo.androidtamer.com/) 5. All Tools pre-configured in PATH (no need to switch directories)
THAT’S NOT IT
@ TWITTER Follow Us @AndroidTamer to get Latest Android News
FB/ANDROIDTAMER
SECURITY ENHANCEMENTS
LEARN ANDROID https://androidtamer.com/learn_android_security
DEMO TIME 1. Application decompiling 2. Automated assessment (drozer_checks) 3. Multi devices management (adb list) 4. MobSF 5. Build your own Distro (Debian compatible Repository)
DEMO: APK2JAVA
DEMO: DROZER_CHECK
DEMO: ADB LIST
- Add entries in ~/.adb_list 2. format of entries “ABC;SERIALNO” 3. echo “abc;1234567890” >> ~/.adb_list
DEMO: MOBSF
BUILD YOUR OWN
PACKAGE REPOSITORY
SUGGESTIONS & SUPPORT 1. Suggest more tools 2. Issues / Challenges faced 3. Support by contributing to the project 4. Write articles & blogposts
THANKS Follow @AndroidTamer for all Updates
Resources
The following resources were mentioned during the presentation or are useful additional information.
