Introduction
Are you a Backtrack/kali freak? Ever thought of having a
similar distribution in your arsenal dedicated for Android Security? “Android Tamer” is the solution to fulfill
your needs.
What is Android Tamer?
Android Tamer is a Linux based distribution developed for
Android Security Professionals. This distribution is based on Ubuntu 10.04LTS
which includes various popular tools available for Android Development,
Penetration Testing, Malware Analysis, ROM Analysis and Modification, Android
Forensics etc.
This article walks you through various tools available in
“Android Tamer” and how they fulfill our real life android Security needs.
Prerequisites:
Machine with Virtual Box installed.
RAM: 512Mb (minimum)
Bringing it UP:
We can download the latest version of android tamer from its
official website (http://www.androidtamer.com).
Currently there are two versions available. Once after downloading, extract the
zip file which gives a VMDK file which can be opened with virtual machines like
VMware Workstation or VirtualBox. It is suggested to use this VMDK file in
virtual box rather than VMware since it is optimized for Virtual Box. To know
more about VMDK files, please visit http://en.wikipedia.org/wiki/VMDK.
Now, open up Virtual Box and create a new virtual machine instance and boot the VMDK file to start running “Android Tamer”. It greets us with a brand new window which needs a username and password to login.
The default username:password is tamer:android.
Description of Available Tools:
“Android Tamer” has several popular tools preinstalled with
the following as its main sections.
ROM Modding
Reverse Engineering
Pen Testing
Malware Analysis
Forensics
Development
Vulnerable Lab
Tools
Rooting
Let’s now explore each section and see the existing tool set
and how they can be useful.
Reverse Engineering:
This section contains the most popular Android Reverse
Engineering tools which include dex2jar, JD-GUI, APKTOOL etc.
APK Analyser is another important tool available in Reverse
Engineering Section. APK Analyser is a powerful framework which allows us to
disassemble byte codes, analyze application architecture, performing byte code
injections in Android Apps and the list goes on. This is one of the best tools
available to analyze android apps and comes preinstalled with Android Tamer.
Malware Analysis:
This is one of the finest sections which includes some great
automated tools for Android Malware Analysis.
DroidBox is one among them. We can simply, go and use
droidbox from its command line by navigating to the directory /Arsenal/Droidbox. In general you may
find it difficult to set up droidbox in your local machine as it has some
dependencies to be installed to run the tool. Android Tamer sets everything
ready for you.
AndroGuard is another great set of python tools preinstalled
for malware analysis. This is one of the best tools I have seen on internet for
Android Malware Analysis.After its release, there are a lot of other tools
built based on AndroGuard.You can go ahead and see the documentation available
at their official link (https://code.google.com/p/androguard/).
Pen Testing
Pen testing Section is the right place for you, if you are
looking for a strong set of tools to audit the security of your Android Apps or
Smart Phone.
This contains tools required to audit both “browser based
apps” and “native apps”.
Tools for testing browser based apps include, BurpSuite,
w3af, Firefox with all the required plugins, OWASP ZAP etc.
It comes preinstalled with Mercury Framework which is one of
the best ones available for auditing android apps. It basically looks for
vulnerabilities in IPC end points of an application.
Android Tamer also contains Smart Phone Pentest Framework by Bulb
Security. Smart Phone Pentest Framework has metasploit kind of functionality to
audit the security of your smartphone.
Development
Development section is one my favorite sections which allows
you to write your POC apps during your pentest. Let’s assume, you have
identified content provider leakage vulnerability in an application and want to
write a malicious app as a Proof of Concept to exploit the identified
vulnerability. Tools available in development section come handy to fulfill
your needs.
It is not recommend for users to use this section for
fulltime development as it eats a lot of memory and system goes slow.
Eclipse + ADT: Android Tamer contains Eclipse IDE integrated
with ADT bundle which enables us to write Android Apps.
DDMS:Dalvik Debug Monitor Service is an excellent solution to
do things such as interacting with the file system, controlling the emulator,
pulling and pushing files from/to the device or emulator, debugging
applications etc.
Android NDK: Android Native Development Kit enables us to
write low level applications in C/C++.
Forensics:
Android Tamer consists of some preinstalled digital forensic
tools.
AFLogical Open Source Edition:
AFLogical is another popular logical data extraction tool
made for Android Platform. It pulls all available MMS, SMS, Contacts, and Call
Logs from an Android device and presents the data to the examiner.
Sleuthkit is another command line tool integrated to perform
in depth analysis of file systems. This tool also has a Graphical User Interface
version named AutoSpy.
Rooting and ROM Modding:
If during your pentest or forensics / device assessment you
come across a device which is non rooted and you need to root in order to get
gain more insight then the default installation also comes packages with
android version specific rootkits. such as Gingerbreak, ZergRush, psnneuter
etc.
At times it might be required to check for or modify existing
ROM's or analyze content on existing rom backup in such scenario's dsixda
kitchen is provided which works adds rom modding capabilities to the system.
In order to flash these customized packages back into the
device we need flashing utilities like fastboot, Flashtools, heimadal etc as
flashing tools.
It is also combined with some common tools like QT-ADB which
acts as a filemanager kind of utility for devices utilizing the ADB interface.
Final Words:
If you are looking for a framework for your all your android
security needs, Android Tamer could be one of the best tools that you can look
into.
0 comments :