/Adhrit

Adhrit is an open source Android APK reversing and analysis suite. The tool is an effort to find an efficient solution to all the needs of mobile security testing and automation. Adhrit has been built with a focus on flexibility and mudularization. The project is subject to continuous updations and will incorporate the latest available methodologies and tools. Adhrit has been presented at conferences like OWASP Seasides, ThreatCon and Cysinfo. Feature requests and bug reports are always welcome!

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

Logo

INDIA BUILD STATUS Open Source Love made-with-python saythanks pep8 version Hits

Adhrit is an open source Android APK reversing and analysis suite. The tool is an effort to find an efficient solution to all the needs of mobile security testing and automation. Adhrit has been built with a focus on flexibility and mudularization. The project is subject to continuous updations and will incorporate the latest available methodologies and tools. Adhrit has been presented at conferences like OWASP Seasides, ThreatCon and Cysinfo. Feature requests and bug reports are always welcome!

Features:

  • APK Extraction

    • assets
    • classes.dex
    • native libraries
    • jar file from dex (integrated Enjarify)

  • Source Extraction

    • Certificate/signature
    • Java source (CFR)
    • smali source
    • Parsed XML resource files
    • Parsed AndroidManifest
    • Native library

  • Static Analysis

    • Manifest analysis

      • Critical permission usage analysis
      • MainActivity identification
      • Backup status
      • Exported activities
      • Identify intent filters
      • Automated ADB payload generation for exported activities

    • Bytecode analysis

      • const-strings
      • CTF flags
      • URLs

    • Native Library analysis

      • Library info
      • Sections
      • Base64 Decoding of strings from .data

    • Malware analysis

      • VirusTotal scan
      • VirtualApp droppers scan

  • Dynamic Analysis

    • Automatically setting up a testing environment
    • Launching MainActivity
    • Checking for root access in the emulator/device
    • Dumping the runtime log

  • Miscellaneous

    • Rebuilding the APK
    • Signing the APK
    • Deploying the APK into an emulator/device

Screenshots:

1

2

3

4

5

6

Pre-requisites:

  • Linux or MAC
  • Python3
  • Java JDK

Quick Setup

  1. Dowload the zip or clone the package and extract the tool ( git clone https://github.com/abhi-r3v0/Adhrit.git ).
  2. Open config and input your VirusTotal API key without any quotes. (Click here to know how to obtain your VT API key)
  3. Open a terminal and cd into the directory.
  4. Run python3 installer.py for installing the necessary tools.

Presentations / Conferences:

Usage:

  1. Place the application (apk file) in the tool directory.
  2. Use python3 adhrit.py -h for usage help.

Example: python3 adhrit.py -a myapp.apk

ADHRIT can now be run in two modes:

Pentest Mode

python3 adhrit.py -pen myapp.apk

Malware Analysis Mode

python3 adhrit.py -mal myapp.apk

Refer to the detailed documentation for complete details

Blogs:

Video:

Team:

Project Lead:

Lead Contributors:

Logo:

Mentions:

Credits:

Note:

  1. Filenames with two '.' may give an error. Please rename the apk in such cases. For example, if your file name is my.app.apk, rename it to myapp.apk