[Android Tool] Dexcalibur

OWASP / owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

https://mas.owasp.org/

Creative Commons Attribution Share Alike 4.0 International

11.66k stars 2.31k forks source link

[Android Tool] Dexcalibur #1450

Open cpholguera opened 5 years ago

cpholguera commented 5 years ago

Evaluate Dexcalibur (https://github.com/FrenchYeti/dexcalibur/wiki/Gallery) and check if it makes sense to add to MSTG. If it does add it to 0x05b.

https://www.youtube.com/watch?v=2dGoolvMEpI

FrenchYeti commented 4 years ago

You can find more information here (old sldies) : https://2019.pass-the-salt.org/files/slides/02-Dexcalibur.pdf This tool is used in order to perform deobfuscation, anti-root/debug/emulator bypass, intercept serialization, follow data, and more. It focus on bytecode static analysis / DBI / and dynamic analysis. Minimalist VM can simplify CFG and print results as pseudo-code (it performs constant propagation, removing useless goto and always True/False predicate, ...)