android malware

Hunt Android Malware By Android Frida Library”Uitkyk”

android malware

Uitkyk is a custom Android Frida library which gives an API to investigate Android applications for suspicious movement (Android Malware). This is an accumulation of assets to aid the recognizable proof of pernicious Android applications at runtime. This is a PoC library to show the abilities of performing runtime examination on Android.

Repository

The Directory “Frida Scripts” contains some essential Frida contents to aid the runtime investigation of Android applications. The directory “Android Library” contains the custom Android Frida library which can be utilized by Android applications to collaborate with Frida server occasions.The directory “UitkykDemoApp” contains a demo Android application which uses the Uitkyk library.

Requirements

A Frida Server instance is essential to be currently executing on the device.The defaults configuration of network will be enough but you may use custom IP addresses and host.

How to use Uitkyk

1. Add the module to android application as a regular module.
2. There are two ways-To run the Frida identical of “frida-ps -U”

Run:UitkykUtils uitkykUtils = new UitkykUtils(fridaHost, fridaPort);
uitkykUtils.analyzeProcess(this.pid)

3.To run the Frida equivelant of “frida -U -l AnalyzingHeapForObjects.js com.an.android.app”, use:

UitkykUtils uitkykUtils= new UitkykUtils(fridaHost,fridaPort);
uitkykUtils.fridaPS();

Scripts

To run the scripts, go to the Scripts Directory and execute the following commands

frida -U -l AnalyzingHeapForObjects.js com.an.android.app
frida -U -l CatchingRuntimeExec.js com.an.android.app

Uitkyk Demo Application

This application utilizes the Uitkyk library. A local instance of Frida Server is essential to run currently running on the system. Import the library into the application to guarantee the application assembles and runs.

https://github.com/brompwnie/uitkyk/archive/master.zip

Leave a Reply

Your email address will not be published. Required fields are marked *