[目录]

0x1.[前言]

0x2.[经典文集]

0x3.[兵器库]

0x4.[黑名单]

0x5.[样本]

[前言]

先 前在微博上零零散散的看到有不少业界人士分享有关Android Malware Analysis的工具或者文章，虽然都很经典，但对像我这样的初学者来说一下子看到这么多奇花异草，难免会有凌乱的感觉。所以我就蠢蠢欲动，打算用本文 来总结一些Android Malware Analysis的必备利器，并抛砖引玉——推荐几篇关于Android Malware Analysis或者Android逆向工程的经典文章。我对本文的定位只是一个Memo而已，所以毫无技术含量可言，高人尽可以无视。本文不会对如何搭 建分析环境(如何下载安装Android SDK;如何使用Android Emulator;如何使用adb等等)做介绍，毕竟这样的文章用Google一搜一大把。也不涉及对具体Malware样本的分析，不过会分享三份从网 上收集的malware供看官一试身手。

[经典文集]

1.                                                                                                                                                     科普型读物，作者在文中介绍了Android OS的架构、Android App组件、Adroid安全模型

2.                                                                                                                                   作者在文中主要介绍了Android SDK中adb的使用

3.Android Reverse Engineering - A Kick Start                                                                                                             作者在文中结合一个实际的CrackMe程序介绍了如何使用baksmali(下文介绍)来对*.apk文件进行破解

4.Analyzing Android Malware                                                                                                                                      作者在文中结合一个名为VideoPlayer.apk的恶意程序介绍了如何使用dex2jar以及JD-GUI进行恶意程序分析

5.                                                                                                                                     作者在文中对一款类型为Trojan:SymbOS/Spitmo的恶意程序作了分析

6.

   一篇内容无比充实的白皮书，属于硬货！谁看谁知道！  

7.Examining the recent Android malware                                                                                                                     作者在文中介绍了利用Android OS漏洞进行提权的恶意程序的工作方式

8.Rooting Exploit for Android Works Silently                                                                                                                 作者在文中同样介绍了利用Android OS漏洞进行提权的恶意程序的工作方式

[兵器库]

 1.

"It is a tool for reengineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app easier because of project-like files structure and automation of some repetitive tasks like building apk, etc."

2.

"Android mobile device runs applications which have been converted into a compact Dalvik Executable (.dex) format."

3.

"JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields."

4.

"you can analyze, display, modify and save your apps easily and statically by creating your own software (by using the API), or by using the tool (androlyze) in command line. This tool is useful when you would like to do reverse engineering on a specific application (e.g : malware)"

5.

"DroidBox is being developed to offer dynamic analysis of Android applications."

6.

"The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. The primary focus of this project is to provide a visualization layer that’s typically missing in existing Android reverse engineering tools, as well as to create a unified platform that combines several existing Android reverse engineering tools into a single unified view and context."

值得说明的是droidbox和apkinspector都是中的两个项目，多少有一些“学院派”的风格，估计目前也还只停留在实验室阶段，至少还没有看到有文章介绍用其来真刀真枪地分析恶意程序

[黑名单]

 一个开源的Android malwares数据库

"This database is open source and anybody can send comments (or an email to androguard (at) t0t0 (dot) fr) in order to add new links to analysis articles, to apply modifications on signatures or to add new signatures."