Finding APK package/activity name

During my research I had a problem of finding the package and activity name of the android APK file. Googling only results to tons of messed up solution which usually didnt work.

In this post I am sharing a piece of code I wrote in Python to analyse the result of android aapt tool (*well I am a Python freak so you are going to feel Python in this blog!):

def get_package_activity_name(apk_address):
	command = "aapt dump badging %s" %apk_address
	aapt_result = subprocess.Popen(command, stdout=subprocess.PIPE, shell=True).communicate()[0]
	lines = aapt_result.split("\n")
	myDic = {}
	for line in lines:
		splitedline=line.split(":")
		if len(splitedline)==2:
			myKey,myValue=line.split(":")
			myDic[myKey]=myValue
	package = myDic['package'].split("'")[1]
	activity = myDic['launchable-activity'].split("'")[1].split(".")[-1]
return package, activity

I hope you can use this code or the idea of how to use aapt for obtaining package and main activity names.

Advertisements

Android Reverse Engineering Platforms

The primary requirement for malware analysis is preparing a safe and reliable platform for running the malware to observe the behavior or perform reverse engineering techniques. Android malware, as much as other platforms, demands such environments which is a bit hard to find maybe because of the weakness of Android devices processors and physical memory; as malware analysis task demands for high processor performance and physical memory capacity.

Here is a list of some of platforms for Android malware reverse engineering, debugging, monitoring and generally emulating the Android structure and behavior…

  • Android-x86 provides a ready-to-use virtual machine disk which can be simply mounted and used to run original Android on VirtualBox. The advantage of this method is that the experience is 99% like an actual Android device, but with higher processor performance, physical memory and storage.

More info: http://www.android-x86.org/

  • ARE (Android Reverse Engineering) is a comprehensive ready-to-use virtual machine to work with Android. Unlike Android-x86 this is a tool set for Android Reverse Engineering which contains some of the necessary tools.

More info: https://redmine.honeynet.org/projects/are

  • Androguard provides a python based tool to analyze Dex/Odex, APK, Android’s Binary XML and Android Resources (arsc) for Python powered Linux, OSX and Windows platforms.

More info: http://code.google.com/p/androguard/

  • APKinspector is another python based tool which provides a GUI tool to aide analysis and reverse engineering of compiled Android packages and their DEX code.

More info: http://code.google.com/p/apkinspector/

  • Android-apktool brings the capability of reverse engineering Android APK codes using Java runtime environment. Thanks to Java portability, this tool is usable in Windows, Linux and OSX operating systems.

More Info: http://code.google.com/p/android-apktool/

  • Dare (Davlik Retargeting) retargets DEX and APK Android applications to raw .class files. You will need additional tool for further reverse engineering. This tool is an improved version of DED by same developers.

More Info: http://siis.cse.psu.edu/dare/index.html

  • Droidbox is a sandbox which offers dynamic analysis of Android applications. These types of analysis mainly used to know the malware at first place; just to get some clues about the behavior of the malware. This tool provides network traffics, accessed files, accessed services, data leakages, circumvented permissions, cryptography operations and SMS/Phone calls of the malware.

More Info: http://code.google.com/p/droidbox/

  • Smali is a simple assembler/disassembler tool for Android DEX codes. It provides the debug info, annotations, line info and etc.

More Info: http://code.google.com/p/smali/