Hack any Mobile APP – Reverse engineering and Analysis Framework.

November 1, 2016November 18, 2017 haxf4rall2017 0 Comments hack any mobile app, mara framework, mara framework tutorial

MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a tool that puts together commonly used mobile application reverse engineering tools, in order to make the task or reverse engineering and analysis easier and friendly to mobile application developers and security professionals.

Features supported

Reverse engineer apk files to smali, java jar files, java source code and dalvik bytecode (jadx format)
Reverse engineer dex, jar and class files into java source code and dalvik bytecode (jadx format)
Statically Analyze java source code and dalvik bytecode
Scan for apk vulnerabilities via androbugs
Scan ssl domains found in the app via the standalone SSL scanner that makes use of pyssltest and testssl

Installing MARA on Linux

MARA ships with a script that assists in downloading and installing the dependencies above. Simply run thesetup.sh script with sudo privilege and it will install them.

The following are the requirements for running MARA. The domain SSL scanning component requires an active internet connection. MARA works with Open JDK or Oracle JDK. We recommend version 7 and above when using either of them.

Java JDK

sudo apt-get -y install openjdk-7-jdk
Tree

sudo apt-get -y install tree
Install 32bit libs

sudo dpkg –add-architecture i386
sudo apt-get update
sudo apt-get -y install libgtk2.0-0:i386 libxxf86vm1:i386 libsm6:i386 lib32stdc++6

Figlet

sudo apt-get -y install figlet
sudo cp tools/figlet/doom.flf /usr/share/figlet
Smalisca

sudo pip install smalisca
Unirest

sudo pip install unirest
AHA – Ansi HTML Adapter

sudo apt-get -y install aha
Python3

apt-get install -y python3
Androwarn dependencies

sudo apt-get -y install python python-jinja2 git
Smali graph generation dependency

pip install pydot
After meeting all the requirements. If you run ./mara.sh –help you should see the MARA help menu as shown below.

MARA ships with a SSL scanner script that makes use of pyssltest and testssl. The stand alone SSL scanner can be run using the command ./ssl_scanner.sh and follow the instructions displayed. The findings from the scan are dumped in the domain scans folder i.e. /MARA_Framework/data/domain_scans/

While analyzing APK files, MARA provides the option of scanning domains found in the apk using the above mentioned tools. This scan runs in the background and can be skipped. In the event the scan is performed, the user is required to tail the two log files i.e pyssltest.log and testssl.log in/MARA_Framework/data/apk_name/analysis/static/ssl_scan/log/