Ready to Start Your Career?

By: anomali8888
August 2, 2017
Analyzing AndroidManifest.xml File with Yara and Python
By: anomali8888
August 2, 2017

By: anomali8888
August 2, 2017

AndroidManifest.xml
file (with precisely that name) in its root directory. The manifest file provides essential information about your app to the Android system, which the system must have before it can run any of the app's code." by this explanation we can ensure that the following XML file contains very vital information for running Android APK file and also because its vital and contain essential information a hacker can exploit the permission inside the XML file to get sensitive information inside the application.Standard security in AndroidManifest.xml:here is the list of component and security guideline for an android manifest file: (source: https://pentestlab.blog/category/mobile-pentesting/page/6/)- Debug Mode
- Backup Flag
- External Storage
- Permissions
- Application Components
- Intents
- Summary
- Activities
- Services
- Content Providers
- Broadcast Receivers
rule [name of the rule]{meta: [the meta description of the rule, i like to use to this so it will not get confused with other rule]description = " [fill into the description] "strings:[the string that will be check]$variable = " [fill the string that you want to match] "condition: [the condition that have to be fulfill so it can generate true or false value]$variable [you can add boolean operator to be more specific]}example:rule android_export{meta:description = "android activity can be exported by other application"strings:$check = "android:exported="true""condition:$check}with that we can move to create our python code, here i paste the code that i have write from analyzing androidmanifest.xml file:import yaraimport rerules = yara.compile("manifest_rule.yara")#the yara filewith open("sieve/AndroidManifest.xml") as file:matches = rules.match(data=file.read())# don't forget to indent this line of codeNote: The data that is going to be passed in the variable from matching yara rule will be in dictionary value.That's pretty easy right now. The one that I just showed was just the simple implementation that you can use for implementing Yara in python you can develop it even further and add more rule in Yara file.Thank you.
Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry