AndrotomistLite
AndrotomistLite is a lightweight CLI version of the Androtomist tool which performs Android .APK analysis.
It is a wrapper written in .NET Core 3.1 which utilizes various tools to perform:
- Code analysis using ApkTool and APKProfiler
- Taint analysis using pyflowdroid
- Dynamic instrumentation using Frida
Setup
1. Code analysis requires Apktool, just place the apktool and the .bat file in the same folder as the Runner.exe.
2. Taint analysis requires installation of pyflowdroid:
$ pip install pyflowdroid $ python -m pyflowdroid install
3. Dynamic instrumentation requires extra configuration in the appsettings.json file, such as the android platform tools folder path, the frida folder path, instrumentation script path, and remote address and port to allow connections with network VMs
The source code can be found on Github.
Licence Androtomist's source code is offered under the European Union Public Licence (https://ec.europa.eu/info/european-union-public-licence_en)
Please cite our paper: Kouliaridis, V.; Kambourakis, G.; Geneiatakis, D.; Potha, N. Two Anatomists Are Better than OneāDual-Level Android Malware Detection. Symmetry 2020, 12, 1128