Learn how to set up and use Drozer on Windows to analyze an Android application.
- [Narrator] The standard tool for dynamic analysis of Android apps is Drozer. It's a full testing framework created by NWR Labs, and is available as a free download command line version or as a full buoy paid version. Drozer is pretty useful, as it doesn't need roots and can run as a normal app using its own bridge. I've downloaded and installed the Windows version. Drozer currently has a bug and is unable to find the Java executable after the jdk is installed. In order to fix it, I've hard coded the path into the configuration.py file.
It's in the Drozer lib Drozer folder. You can see it here as C:\\Program Files\\java \\jdk1.8.0_101\\bin. You'll need to put in the path to the jdk you have on your system. The Drozer zip file includes an app called agent.apk, which we need to push onto the device. I'll use adb to do that. I've moved agent.apk into my platform tools directory, so let's install it.
I'll also need to forward tcp ports to enable the connection. I've redirected port 31415. That's the port to the Drozer server, which the agent runs on the device. Before starting the Drozer console, I need to start up the agent on the phone. I'll start the app, and at the bottom left, switch on the server. I'll now head over to the Drozer folder and start up Drozer.
I'm in the Drozer folder, and I'll check what devices are available, and then I'll connect. Okay, we can see my Huawei phone. And we're connected. Drozer has a number of plugin modules that it provides, and we can use the list command to see what modules are available. As we can see, there's a lot we can do with Drozer. Let's have a look at a couple of examples. I'll use the app.package.list module to list the packages on the device.
This lists the packages. I'll just scroll up a bit and we can see the conduct slack package. Let's check the information on that package. This provides a good set of information on the package, showing its data location, its apk location, the permissions it uses, and the customer permission that it has defined. Drozer also analyzes the attack surface of the application for us, the areas which can be potentially exploited.
This is a useful start point for hardening the app. This shows there are seven activities, seven broadcast receivers, and four services exported. However the database or content providers aren't exported, and Drozer hasn't reported that debugging is on, which is good. Let's scroll down to one of the activities.
This lists the seven activities that are exported. Note the tool can be accessed without any permissions being required. Drozer can act as any external app and create an intent to access the activity. Let's see what happens when we start the home activity.
This starts the main Exohack chat screen, and we bypass the login. A malicious app could potentially start the activity. We can also get information on the services that are exported. Okay, this has just been an introductory taste to quite a sophisticated tool. There's a lot more to Drozer, and it's an important tool for verifying that apps have been properly hardened.
- Understanding Android OS, app, and hardware security components
- Using the Trusted Execution Environment
- Developing Android apps with security in mind
- Analyzing existing applications
- Understanding Android vulnerabilities
- Securing Android apps
- Developing secure enterprise apps