All Android projects and mainly this project, as well as original Aurasium framework itself, would not be possible without third-party tools. It includes developer tools provided as a part of the Android platform, but also the hooking, instrumentation and static analysis tools which are usually standalone open-source projects.
A detailed analysis of all existing tools is not possible, however, there has been identified and described some most important tools with regard to this project. Android Debug Bridge, a command line tool needed for development and especially for the communication with the physical or emulated device, is essential in this project, because the profound part of obtaining the information needed for design and implementation are experiments, which are performed due to this instrument. The second very important tool in this category is the Device Monitor, which enables tracking the file system and provides also graphical tools for debugging and analysis of Android applications. The part of Android SDK is also the third selected tool, Android Asset Packaging Tool, for managing the content of APK files. The next described tools are static analysis tools Smali and Baksmali, which are utilized in repackaging script for unpacking the Class files for injection. The last reverse- engineering tool, Apktool, is higher-lever utility which simplifies the use and wraps the other tools together. Information is based on Android Hacker’s Handbook book [11] and on the manuals and documentations provided with the tools.
Android Debug Bridge
Android Debug Bridge (ADB) is universal tool for command line, which enables communi- cation with emulator or the physical device with Android OS. This client-server application contains three parts:
∙ A Client – which runs on development machine and can be invoked from a shell by issuing an adb command.
∙ A Server – which runs as a background process also on the development machine and manages communication between the client and the adb daemon running on an emulator or device.
∙ A Daemon – which runs as a background process on each emulator or device instance [1].
When the ADB Client is started and server process is not already running, it starts the server process, which subsequently binds to local TCP port 5037 and listens for commands send from all adb clients. The actual communication between development machine and the physical or emulated device is performed between the ADB Server and Deamon using the odd-numbered ports in the range 5555 to 5585, the range used by emulators or devices. The even-numbered port is assigned to each device for console connections. ADB Server handles commands to all connected devices. The selection of some ADB commands is shown in table 4.3.
Device Monitor
Android Device Monitor (ADM) is a stand-alone tool that provides a graphical user interface for several Android application debugging and analysis tools. The Monitor tool does not
Category Command Description
General devices Prints a list of all attached instances. help Prints a list of supported ADB commands.
Debug logcat Prints log data to the screen.
Data install Pushes an Android application to an instance. pull Copies file from an instance to the computer. push Copies file from the computer to an instance.
Networking forward Forwards socket connections from local port to a remote port on the instance
Server start-server Starts the ADB server. kill-server Terminates the ADB server.
Shell shell Starts a remote shell in the target instance.
Table 4.3: Android Debug Bridge Commands [1]
require installation of an integrated development environment (IDE) [1]. ADM encapsulates the following tools:
∙ Dalvik Debug Monitor Server (DDMS) – debugging tool, which provides printscreen of device, informations about threads, state of RAM memory, incoming calls, SMS messages as well as file system.
∙ Tracer for OpenGL ES – tool for OpenGL Embedded Systems (ES) code analysis in Android application. This tool enables OpenGL ES commands and screen catching
∙ Hierarchy Viewer – enables debugging and optimization of GUI providing the visual representation of component hierarchy.
∙ TracerView – a graphical viewer for execution logs saved by your application, which helps to debug the application and profile its performance [1].
Smali and Baksmali
Smali (resp. Baksmali) is an assembler (resp. equivalent disassembler) for Dalvik Virtual Machine. DVM executes instructions represented in Dalvik bytecode and stored in Dalvik executable (DEX) format. This tool works similarly as the ordinary assembler for physical machine, but it converts files from Java assembler language called Smali to DEX format. Illustration of this principle is shown in figure 4.3. Smali syntax is based on Jasmin and dedexer. Jasmin is the standard assembly format for Java, dedexer is another DEX file disassembler like Smali, which is focuesd on Dalvik operation codes.
Android Asset Packaging Tool
Android Asset Packaging Tool (AAPT) is a tool for managing the content of Android APK files. It can view, create, and update Zip-compatible archives (zip, jar, apk) and also compile resources into binary assets. This tool is the part of Android SDK used every time the developer wants to generate new APK file, since it is the base builder for Android aplications.
Apktool
Apktool is an universal Android reverse-engineering tool which also utilizes and wraps the Smali and Baksmali tool as well as AAPT. The tool can unpack the existing APK files into the original resources contained in them in human-readable XML form. It can also produce disassembly output of all classes and methods using Smali. Apktool creates project-like file structure and includes also embedded Smali debugger.