Question about the number of APIS in APK ?

[dinasaif]

I really try to use RAPID to get all APIS and strings it was very quick and easy but I noticed that the number of APIS in sample.apk with your tool =1640 while when I use DERG tool in this link : https://github.com/ylimit/derg It was 1211 APIS only I want to know why this antibiosis . also I tried that in different APKs but I reached to the same result . Can you explain to me why this antibiosis? The strings also appear to me encrypted in console Why??? I want to find if developer write commands in his code like "chmode"how can I check from that with RAPID?

[xiaoluzhang1985]

Thanks for the asking

1. RAPID is aiming to collect all potentially valuable information from DEX file. So that it treats all Android API as other tools may do and plus those APIs calling 3rd party libraries/JAR files as APIs. This may be why RAPID has more APIs as results.

2.The strings obtained by RAPID are not encrypted at all. some special characters in DEX files appears frequently. For example comments are also considered as strings. Therefore using the proper character set in your console could be helpful for making them readable. However again the strings can be different type of information, they do not have to be all readable by human beings.

1. For the "chmode" question, you can search it in string list. RAPID is more inclined to use much less time processing a large set of applications. If you have any requirements for manual analysis, I suggest that you can try JEB as a commercial tool or JD-GUI plus dex2Jar as free tools (or other tools mentioned on the RAPID paper) to accomplish the manual analysis part of your work.

[dinasaif]

Thank you very much ,I was worried about number of APIS . I will search in String list about "chmode" I know that API stands for :application program interface so do you extract them from import lines only that before the beginning of the class or how can you extract them ? I want to use your tool because really it is amazing but I want also to understand that.

On Wed, Jul 27, 2016 at 7:56 PM, xiaoluzhang1985 notifications@github.com wrote:

Thanks for the asking

1. RAPID is aiming to collect all potentially valuable information from DEX file. So that it treats all Android API as other tools may do and plus those APIs calling 3rd party libraries/JAR files as APIs. This may be why RAPID has more APIs as results.

2.The strings obtained by RAPID are not encrypted at all. some special characters in DEX files appears frequently. For example comments are also considered as strings. Therefore using the proper character set in your console could be helpful for making them readable. However again the strings can be different type of information, they do not have to be all readable by human beings.

1. For the "chmode" question, you can search it in string list. RAPID is more inclined to use much less time processing a large set of applications. If you have any requirements for manual analysis, I suggest that you can try JEB as a commercial tool or JD-GUI plus dex2Jar as free tools (or other tools mentioned on the RAPID paper) to accomplish the manual analysis part of your work.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/unhcfreg/RAPID/issues/2#issuecomment-235666903, or mute the thread https://github.com/notifications/unsubscribe-auth/ANQhGZgYfNP6E9mnJh8hj22UEjLwxY5fks5qZ5vNgaJpZM4JWZRu .

[xiaoluzhang1985]

No problem, this question is related to DEX file structure, RAPID parses the binary code of DEX file directly not extracting information from 'smail' or other middle representation, so that there is no any 'import line' in it. What RAPID dose for extracting all APIs is to grab the section storing the information regarding to all methods' definition in DEX file, and pick up those API methods. I suggest that you can google some DEX file structure article for having a better understanding about DEX file:)

[dinasaif]

Dear xiaoluz, I will present presentation on 18/9/2016 in my university . I will talk about your tool . What is your opinion?can I add or remove any information? I want simple request from you please I want 10,451 free applications considered as benign samples downloaded from Google Play because before the presentation I must have all dataset , I already have malicious and 20 apps only from google play.😃 I will write in my paper that I took the benign apps from you. [image: Inline image 1]

On Thu, Jul 28, 2016 at 3:42 PM, XIAOLU ZHANG notifications@github.com wrote:

No problem, this question is related to DEX file structure, RAPID parses the binary code of DEX file directly not extracting information from 'smail' or other middle representation, so that there is no any 'import line' in it. What RAPID dose for extracting all APIs is to grab the section storing the information regarding to all methods' definition in DEX file, and pick up those API methods. I suggest that you can google some DEX file structure article for having a better understanding about DEX file:)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/unhcfreg/RAPID/issues/2#issuecomment-235897928, or mute the thread https://github.com/notifications/unsubscribe-auth/ANQhGdaBAQeIMxjqVYPJz1B638llPHkfks5qaLHYgaJpZM4JWZRu .

[xiaoluzhang1985]

Thanks for your interests in RAPID. Unfortunately I am not allowed to diffuse all the benign apps to a third party or any individuals because the application were all developed for commercial use and released on google play where embrace the corporate responsibility.

In simple words, I can only download and maybe test them but not be able to share them with others. Sorry for the inconvenience.

[dinasaif]

Thanks for your replay I already use apk downloader for download apk but this is tedious process to download one by one. If you want I can send you mail from my university mail or send you document from my university. If you don't want to help me tell me any way to download these apps quickly. Thanks again yours Dina

On Sat, Sep 3, 2016 at 4:59 PM, XIAOLU ZHANG notifications@github.com wrote:

Thanks for your interests in RAPID. Unfortunately I am not allowed to diffuse all the benign apps to a third party or any individuals because the application were all developed for commercial use and released on google play where embrace the corporate responsibility.

In simple words, I can only download and maybe test them but not be able to share them with others. Sorry for the inconvenience.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/unhcfreg/RAPID/issues/2#issuecomment-244551134, or mute the thread https://github.com/notifications/unsubscribe-auth/ANQhGaG70xtkhntJgmt-jUY8M7QhIsCpks5qmYtTgaJpZM4JWZRu .

[xiaoluzhang1985]

Unfortunately, I do not think there is any other simpler way for downloading these apps.

Again, It is not I am not will to help but I am not allowed to disseminate those GOOGLE PLAY applications. If I can I would share the entire dataset as the paper published.

My apology.

[dinasaif]

Thank you very much😃

On Sun, Sep 4, 2016 at 1:17 AM, XIAOLU ZHANG notifications@github.com wrote:

Unfortunately, I do not think there is any other simpler way for downloading these apps.

Again, It is not I am not will to help but I am not allowed to disseminate those GOOGLE PLAY applications. If I can I would share the entire dataset as the paper published.

My apology.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/unhcfreg/RAPID/issues/2#issuecomment-244575149, or mute the thread https://github.com/notifications/unsubscribe-auth/ANQhGVM8T0BruIlN4Q0v8Zo8RnR1LHcQks5qmf_8gaJpZM4JWZRu .