AndBug
#Security Testing#Malware Analysis
A modified version of Cuckoo Sandbox with enhanced features and capabilities.
AndBug: A Debugger for Android's Dalvik Virtual Machine
AndBug is a specialized debugger for the Dalvik virtual machine, which operates on the Android platform. It is particularly designed for reverse engineers and developers who need to analyze and troubleshoot applications effectively.
It utilizes the same interfaces as Android's Eclipse debugging plugin
It uses the same interfaces as the Eclipse debugging plugin for Android, specifically the Java Debug Wire Protocol (JDWP) and the Dalvik Debug Monitor (DDM). This functionality enables users to connect to Dalvik methods, examine the process state, and even make changes. Unlike Google's own Android Software Development Kit debugging tools, AndBug does not require or anticipate having access to the source code.
It does, however, require that you have some comfort with Python
It does, however, require that you are somewhat comfortable with Python, as it uses a concept known as 'hooks' for scripted breakpoints in most nontrivial tasks. If your aim is simply to display loaded classes, methods, or threads, there are example scripts available specifically for that purpose. AndBug is an evolving program; I am currently in the process of separating one-off scripts I created at IOActive for various tasks from those used in customer and IOActive-proprietary contexts. At this time, I do not recommend installing it, as you will likely need to update it frequently afterward. AndBug runs smoothly from its own source directory with minimal setup required. Be sure to install the Android Software Development Kit.
