Skip to main content

androguard

Androguard is a comprehensive Android APK reverse engineering tool designed for automated security workflows within Canva. It enables users to perform various analyses on APK files, including package metadata extraction, resource inspection, and call graph generation.

Ideal Use Cases & Fit

Androguard excels in scenarios requiring in-depth analysis of Android applications, such as malware detection, security audits, and application forensic investigations. Its ability to extract detailed information from APK files makes it particularly effective for security researchers. It is not suitable for real-time scanning or contexts that require a lightweight analysis due to its complexity and processing time.

Value in Workflows

Integrating Androguard into security workflows enhances the depth of analysis conducted on Android applications, providing essential insights during early reconnaissance and post-processing stages. By leveraging its various analysis features, security professionals can uncover potential vulnerabilities and streamline their workflows, improving overall security posture.

Input Data

Androguard expects an APK file as input, which serves as the target for analysis. The required field for this input is:

  • target: The APK file to analyze (e.g., application.apk).

Configuration

  • operation: Specifies the analysis operation to perform, such as apkid, arsc, axml, cg, or sign. This is a required field with a default value of apkid.

For ARSC Operation

  • arsc-list-locales: When set, lists all available locales in the APK.
  • arsc-list-packages: Lists all available package names in the APK.
  • arsc-list-types: Lists all available resource types in the APK.
  • arsc-locale: Filters resources by a specific locale (e.g., en, es, fr).
  • arsc-package: Filters resources by package name (e.g., com.example.app).
  • arsc-resource-id: Resolves specific resource ID and returns its value for the given locale and package.
  • arsc-resource-type: Filters resources by type (e.g., string, drawable, layout).

For AXML Operation

  • axml-resource: Parses a specific binary XML file within the APK instead of the default AndroidManifest.xml.

For CG Operation

  • cg-accessflag: Regex pattern to filter methods by access flags.
  • cg-classname: Regex pattern to filter methods by class name.
  • cg-descriptor: Regex pattern to filter methods by descriptor/signature.
  • cg-methodname: Regex pattern to filter methods by method name.

Output Control

  • output-parse-xml: Converts XML output to JSON format for ARSC and AXML operations.
  • output-raw: Outputs raw tool output without JSON wrapper for various operations.