Want to Join Us ?

you'll be able to discuss, share and send private messages.

Release Appie – Android Pentesting Portable Integrated Environment by Aditya Agrawal

Discussion in 'Reverse engineering' started by storm shadow, Feb 10, 2015.

Share This Page

  1. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    Great toolkit from Aditya Agrawal

    since i did py Super ADB QT plugin for ida pro ive been looking at explore kits for android penetasion.
    And this is proberlly the best so far i've seen.



    Appie – Android Pentesting Portable Integrated Environment

    Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.
    It is completely portable and can be carried on USB stick or your smartphone. It is one of its kind Android Security Analysis Tool and is a one stop answer for all the tools needed in Android Application Security Assessment.
    Why Appie was created ?
    Just because i wanted something awesome instead of traditional virtual machines.
    Difference between Appie and existing environments ?
    • Tools contained in Appie are running on host machine instead of running on virtual machine.
    • Less Space Needed(Only 600MB compared to atleast 10 GB of Virual Machine)
    • As the name suggests it is completely Portable i.e it can be carried on USB Stick or on your own smartphone and your pentesting environment will go wherever you go without any configuring changes.
    • Awesome Interface [​IMG]
    What Does Appie Mean ?
    In the search for an awesome name ,i found Appie which stands for Android Pentesting Portable Integrated Environment and the most important thing the name define itself.
    Getting Started
    • Download the file.
    • Unzip the file.
    • Click on the executable Appie in the extracted folder.
    • Go through the Usage
    I have also started a series on Android Application Security for the ones who need to learn about android application security.In that series i have used Appie extensively.
    Which tools are included in Appie ?
    Usage
    • Drozer Usage
      • Type in drozer console connect and drozer application will load up in the right half.
        [​IMG]
    • Type sublime in the console and it will load up Sublime Text in the right half.It has been customized like this to have a better experience while testing. No hassle of Tabs/Windows.
    • Type apktool in the Appie and it will list the default options of apktool.
      [​IMG]
    • Introspy can be used by just typing introspy in the console.
    • eclipse can be used to launch Eclipse for Android Application Development.
    • Androidguard SublimeText Plugin
      • CTRL+F5: open a APK/DEX/ODEX/AXML/ARSC files
      • F5: switch to Dalvik Bytecodes to source codes, switch to AndroidManifest.xml summary to original xml file
      Click on the GIF to view it.
      [​IMG]gif
    • Jd-GUI Usage
      • Type jdgui in the console and a new tab will open with JD-GUI in it .
        [​IMG]
    • Keywords
      like apktool, eclipse, dex2jar, adb, sqlite3 can be directly used in the console and will link to the corresponding files.
    To Do
    • New Logo.Currently i’m using logo of Conemu.If you could suggest something, i am all ears [​IMG]
    • Currently i’m figuring out a way to make Genymotion also portable and ship with the Appie with better configuration.
    How Appie kickstarted ?
    Actually when i started in Android Application Security ,I found that there are so many tools which are needed during the assessment of Android Applications and every penetration tester had to install those in his system.One way to skip those installations would be to work on a Virtual Machine(based on Android Security) like Santoku-Linux but i personally do not like virtual machines because working on VM and working on Host machine is never the same.
    One day I came across Cmder which is an amazing portable console emulator for windows.It has all the UNIX utilities like ls,cat,find,cp etc which are not there in windows so it gives experience of linux while working on windows environment.That was the day when I thought of getting those Android Security tools in to Cmder and make something which could the change the experience of a security professional to something intuitively amazing.
    The main credit goes to awesome Project Cmder without which this awesome tool could not have been existed.
    Frequently Asked Questions
    Q. When it will be available for Linux/Mac?
    Currently this is only available for windows but yes i am figuring out something for Linux/Mac as well. But for now you can run Appie on Win7/Win8 Virtual machine. Appie doesn’t need any software pre-installed on the machine, it contain all the environments like Java Runtime Environment, Python Environment neccessary for it’s running.
    Q. I am interested in Android Security and willing to learn it. Do you know any resources where i could start ?
    Yes. Actually myself have started an Android Application Security Series in which i have started from the very basics and explained each vulnerability in detail. Hope you will like it [​IMG]
    Q. How can i work in FullScreen in Appie ?
    Just press Alt + Enter while using Appie to go in FullScreen Mode and do the same to come back in normal mode.
    Q. How could i resize Appie ?
    If you move your cursor along it edges then outer boundary start appearing and you can resize using it but this procedure is something everyone is not able to follow.
    There is an alternative way to da this
    • Right click on the top bar and then click on settings.
    • Then a new window will appear then uncheck “Hide caption Always” and then save settings as given below.
      [​IMG]
    • Then Appie would look something like this.
      [​IMG]
    • You can now resize the window as you would like. After that you can again go to setting and check that option again and save settings.
    Appie will save your current windows size and will open as it is when you open next time.
    Q. Why is Appie throwing up red flags with being malware?
    Actually Appie is packed by UPX which is identified as malware by some antivirus softwares. You can scan Appie.exe with virtustotal.com and see the result. As an alternative there is a Appie.bat file in the same directory which upon running won’t show any warnings.
    Q. ADB is not running properly.
    Actually in order to run adb with your emualtor, you need to set the path of Android SDK Tools in your emulator.
    Android SDK TOOLS Path:- path_to_appie/bin/adt/sdk/
    If you are using Genymotion Device as your emulator then follow the procedure below.
    • First go to Genymotion then click on settings.
    • Then in the ADB tab, select “Use Custom Android SDK Tools”
    • Then select the path of sdk folder which is located at path_to_appie/bin/adt/sdk/
    [​IMG]
    It will through an error that “AAPT tool not found”. Ignore it. Actually AAPT is used for drag and drop feature in genymotion which we don’t require.
    Donate
    Appie has been developed to provide a better experience to Android Security Professionals and to take Android pentesting to a new level. If you appreciate Appie and want to see Appie kept being developed, please consider donating to this Project.Also such support motivates me to continue to work hard for something and something that helps make a difference [​IMG]
    [​IMG]

    Download
    Follow @exploitprotocol for more future updates about Appie and Android Security.
    [​IMG]

    https://manifestsecurity.com/appie/
     
    Rip Cord likes this.
  2. Abkarino

    New Member

    A very nice toolkit thank you so much @storm shadow for this good release and post.
     
    Rip Cord and storm shadow like this.
  3. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    Abkarino and Rip Cord like this.
  4. Abkarino

    New Member

    Yea my friend it is a very long time since you disappeared from PS3 hacking scene ;)
    Now i'm a member of famous Rebug Team :)
    And i'm working in hacking SysCon project, i hope to see you back my friend :)
     
    Rip Cord and storm shadow like this.
Top