Android-Disassembler

Analyze malicious app on your phone

Android Disassembler is an application that is able to analyze several types of files such as APK files, dex files, shared libraries (aka .so files) (NDK, JNI), windows PE files(EXE, DLLs, SYSs, etc..), linux executables, object files and much more. These app features are based on capstone library, elf parser, PE parser, backsmali, and facile reflector.

Version 2.1.0 release!

What's new : Fix several minor bug, improve UX

Features

• Shows details of elf files.
• Shows symbol table(functions or objects' ,... names) of elf files.
• Disassembles the code sections.
• Has various export options of the disassembly. (Reloadable raw file, compilable txt file, analytic text files, json, and reloadable database)
• Supports projects.
• Supports directly launching from file browsers.
• Supports many ABIs(arm,x86,x64,MIPS,PowerPC,...)
• Jump to address by symbols' names, or a hex address.
• Syntax colorizing.
• Support PE and other bin formats.
• Sort symbols if needed.
• Colorize PUSH/POP instructions.
• Colorize ARM arch instructions better.
• Added Follow Jump menu for jump instructions.(With BackStack)
• Can override auto parse setup
• You can copy an instruction to the clipboard.
• It now parses IAT, EAT of PE headers.
• You can now choose the columns to view.
• Supports analyzing system files(which are not accessible without root permission) for rooted phones.
• Friendlier message for non-parsable files.
• The storage chooser now retains the session, so that it remembers the last browsed folder.
• Added Hex View and utility calculator.
• Theme installation is automated.
• Choose which binary to analyze when the zip/apk has multiple binaries.
• Choose APK from installed
• Search for strings in the binary (Unfortunately only for ascii characters)
• Bytewise analysis (mean, hashes, entropy, g-test, chi-test, autocorrelation) to help determine if the file is encrypted
• Support .NET assemblies
• Support dex files
• Analyzing multiple files in a project is allowed.

Usage explanation video

Materials about assemblies

• ARM
• ARM BlackHat
• Intel
• Wiki

Error Handling

• The app crashes!

  Sorry for inconvenience, please send an error report as an issue. If you can't wait for the next stable version, please check / grant the read/write permission to the app.

• NotThisFormatException

  Is it a well known executable file? (ELF:.so, .o, .lib, .a, etc.., PE:.exe, .dll, .sys, ...) Then please report me with the file you tried to disassemble. If not, you need to press OK and setup manually.

Feature requests are welcomed!

Build & Pull request

• Use Android studio.
• Any improvements are welcomed!

Open Source

This app used

• Capstone
• Storage-Chooser
• Colorpickerview
• Java-binutils
• PECOFF4J.
• Root File Chooser
• PhotoView
• Multi-level-Listview
• Facile-api
• plthook
• ELFIO - bibliography: TimScriptov/Disassembler
• apache commons compress
• apache commons io
• LouisCAD/Splitties
• Material-components-android
• Kotlix coroutines
• SnackProgressBar
• Spek
• Kotlinx serialization
• AndroidX
• smali

TODO

• Show prototypes of NDK/C standard APIs in the symbols tab.
• More sophisticated colorizing
• Generate more useful comments
• Provide assembly tutorials.
• Add pseudo-virtual machine to debug.
• Allow users to analyze active processes.
• Add arrow beside the disassembly.
• Row selection
• Better support for thumb assemblies
• Add compatibility for OllyDbg's .udd/.bak files
• Add compatibility for IDA's produce files.
• About to add other utilities.
• Add android resource analyzer
• Let user choose file from google drive
• Let user choose samples from web by hashes

Thanks

https://reverseengineering.stackexchange.com/a/20124/23870

XRefs

https://reverseengineering.stackexchange.com/a/18203/23870

Privacy Policy

I think I have to notice you that:

• When the crash report with types such as FileCorruptedException is sent, the file you are analyzing may be attached to the bug report email, and be uploaded to the repository in github.com.