DroidBox

Introduction: DroidBox is designed to provide dynamic analysis of Android applications.

The following information is provided in the results generated upon completion of the analysis: - Hashes for the analyzed package - Incoming and outgoing network data - File read and write operations - Services that were started and classes loaded using DexClassLoader - Information leaks occurring via the network, files, and SMS - Circumvented permissions - Cryptographic operations executed using the Android API - A list of broadcast receivers - Sent SMS messages and phone calls Additionally, two graphs are created to visualize the behavior of the package. One graph illustrates the chronological order of the operations, while the other is a treemap that allows for comparison of similarities between analyzed packages.

This guide will help you set up and run DroidBox effectively.

The release has only been tested on Linux and Mac OS. If you do not have the Android SDK, you can download it from http://developer.android.com/sdk/index.html.

The following libraries are needed: pylab and matplotlib, which will provide visualization for the analysis results. To set up the SDK tools, export the following paths: export PATH=$PATH:/path/to/android-sdk/tools/ export PATH=$PATH:/path/to/android-sdk/platform-tools/ Make sure to download all necessary files.