• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2016
  • November
  • 1
  • Hack any Mobile APP – Reverse engineering and Analysis Framework.

Hack any Mobile APP – Reverse engineering and Analysis Framework.

November 1, 2016July 27, 2019 Comments Off on Hack any Mobile APP – Reverse engineering and Analysis Framework.
hack any mobile app mara framework mara framework tutorial

MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a tool that puts together commonly used mobile application reverse engineering tools, in order to make the task or reverse engineering and analysis easier and friendly to mobile application developers and security professionals.

Features supported

  • Reverse engineer apk files to smali, java jar files, java source code and dalvik bytecode (jadx format)
  • Reverse engineer dex, jar and class files into java source code and dalvik bytecode (jadx format)
  • Statically Analyze java source code and dalvik bytecode
  • Scan for apk vulnerabilities via androbugs
  • Scan ssl domains found in the app via the standalone SSL scanner that makes use of pyssltest and testssl

Installing MARA on Linux

MARA ships with a script that assists in downloading and installing the dependencies above. Simply run thesetup.sh script with sudo privilege and it will install them.

The following are the requirements for running MARA. The domain SSL scanning component requires an active internet connection. MARA works with Open JDK or Oracle JDK. We recommend version 7 and above when using either of them.

Java JDK

sudo apt-get -y install openjdk-7-jdk
Tree

sudo apt-get -y install tree
Install 32bit libs

sudo dpkg –add-architecture i386
sudo apt-get update
sudo apt-get -y install libgtk2.0-0:i386 libxxf86vm1:i386 libsm6:i386 lib32stdc++6

Figlet

sudo apt-get -y install figlet
sudo cp tools/figlet/doom.flf /usr/share/figlet
Smalisca

sudo pip install smalisca
Unirest

sudo pip install unirest
AHA – Ansi HTML Adapter

sudo apt-get -y install aha
Python3

apt-get install -y python3
Androwarn dependencies

sudo apt-get -y install python python-jinja2 git
Smali graph generation dependency

pip install pydot
After meeting all the requirements. If you run ./mara.sh –help you should see the MARA help menu as shown below.

mara

MARA ships with a SSL scanner script that makes use of pyssltest and testssl. The stand alone SSL scanner can be run using the command ./ssl_scanner.sh and follow the instructions displayed. The findings from the scan are dumped in the domain scans folder i.e. /MARA_Framework/data/domain_scans/

While analyzing APK files, MARA provides the option of scanning domains found in the apk using the above mentioned tools. This scan runs in the background and can be skipped. In the event the scan is performed, the user is required to tail the two log files i.e pyssltest.log and testssl.log in/MARA_Framework/data/apk_name/analysis/static/ssl_scan/log/

Post navigation

iSniff GPS – Determine where a device and its owner have been
Configure Network Share via Samba CLI

Related Articles

Andrill – Vulnerable Mobile Application with Various Levels

- Mobile Hacking
August 2, 2019

Yaazhini – Free Android APK & API Vulnerability Scanner

- Mobile Hacking
June 12, 2019

ANDRAX v3 – The First And Unique Penetration Testing Platform For Android Smartphones

- Mobile Hacking
June 12, 2019June 12, 2019
hacker gadgets
hacker phone covers

Recent Posts

confused: check for dependency confusion vulnerabilities

confused: check for dependency confusion vulnerabilities

February 27, 2021
CornerShot - Amplify Network Visibility From Multiple POV Of Other Hosts

CornerShot – Amplify Network Visibility From Multiple POV Of Other Hosts

February 26, 2021
A picture of Police seized 52,000 pills during execution of a search warrant

Four Arrested in Germany for Selling Drugs on the Darkweb

February 26, 2021
SaltStack Multiple High-Risk Vulnerabilities Alert

SaltStack Multiple High-Risk Vulnerabilities Alert

February 26, 2021
OpenWifiPass - An Open Source Implementation Of Apple's Wi-Fi Password Sharing Protocol In Python

OpenWifiPass – An Open Source Implementation Of Apple’s Wi-Fi Password Sharing Protocol In Python

February 26, 2021
All You Need to Know About PKT Cryptocurrency

All You Need to Know About PKT Cryptocurrency

February 26, 2021

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs
ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook
Twitter
Google-plus
Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW