Android逆向必備網址和書籍
幾本android安全基礎書籍
Android Apps Security
http://www.itpub.net/forum.php?mod=viewthread&tid=1730861
Application Security for the Android Platform: Processes, Permissions, and Other Safeguards
http://www.itpub.net/forum.php?mod=viewthread&tid=1557863
Decompiling Android 一本介紹apk的入口書籍,對dex進入了很形象的剖析!
http://www.itpub.net/forum.php?mod=viewthread&tid=1709054
Android Security: Attacks & Defenses 新出的書籍,沒有下載哦!
http://www.amazon.cn/Android-Security-Attacks-and-Defenses-Misra-Anmol/dp/1439896461
支援正版,大家多買實體書!
幾個簡單教程:
http://securitycompass.github.io/AndroidLabs/lab8.html。一些基礎知識。
http://www.mcafee.com/us/resources/white-papers/foundstone/wp-pen-testing-android-apps.pdf。簡單滲透。
https://viaforensics.com/category/mobile-security/ 。一個瘋狂的網站,裡面有大量的資訊。
以下是本人在日常的應用安全分析及Android病毒分析中收集的與Android逆向分析相關的工具網站,歡迎博友提供未收錄的網址。
androidterm:
Android Terminal Emulator
http://code.google.com/p/androidterm/
smali:
An assembler/disassembler for Android’s dex format
https://code.google.com/p/smali/
AndBug:
a debugger targeting the Android platform’s Dalvik virtual machine intended for reverse engineers and developers
apkinspector:
APKinspector is a powerful GUI tool for analysts to analyze the Android applications.
https://code.google.com/p/apkinspector/
androguard:
Reverse engineering, Malware and goodware analysis of Android applications … and more (ninja !)
https://code.google.com/p/androguard/
dex2jar:
Tools to work with android .dex and java .class files
http://code.google.com/p/dex2jar/
STOWAWAY:
A static analysis tool and permission map for identifying permission use in Android applications
http://www.android-permissions.org/
COMDROID:
A static analysis tool for identifying application communication-based vulnerabilities.
http://www.comdroid.org/
mobile sandbox:
Provide an Android application file (apk-file) and the Mobile-Sandbox-System will analyze the file for malicious behaviour.
http://mobilesandbox.org/
DexGuard:
DexGuard is specialized optimizer and obfuscator for Android
http://www.saikoa.com/dexguard
android-stuff:
This is a repository for random scripts and files using for Android reversing
https://github.com/jlarimer/android-stuff
APK_OneClick:
decompile & disassemble APKs
APK IDE:
小米人APK改之理(Apk IDE)是一款視覺化的用於修改安卓Apk程式檔案的工具
smali-cfgs:
connectbot:
Secure shell (SSH) client for the Android platform
金山火眼:
線上APK檔案掃描及行為分析
Virustotal:
VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
https://www.virustotal.com/en/
AndroTotal:
AndroTotal is a free service to scan suspicious APKs against multiple mobile antivirus apps.
http://beta.andrototal.org/
持續更新中…….