AndBug Logo

AndBug

0
Free
Visit Website

AndBug is a debugger targeting the Android platform's Dalvik virtual machine intended for reverse engineers and developers. It uses the same interfaces as Android's Eclipse debugging plugin, the Java Debug Wire Protocol (JDWP) and Dalvik Debug Monitor (DDM) to permit users to hook Dalvik methods, examine process state, and even perform changes. Unlike Google's own Android Software Development Kit debugging tools, AndBug does not require or expect source code. It does, however, require that you have some level of comfort with Python, as it uses a concept of scripted breakpoints, called 'hooks', for most nontrivial tasks. If you just want to dump loaded classes, methods, or threads, there are example scripts for that. AndBug is very much a program in flux, as I separate one-off scripts I have written at IOActive for various tasks from customer and IOActive-proprietary contexts. I do not recommend installation at this time, as you will want to update it frequently afterwards. AndBug runs very nicely from its own source directory with very little setup. Install the Android Software Development Kit.

FEATURES

ALTERNATIVES

A Linux process injection tool that injects shellcode into a running process

Automatic analysis of malware behavior using machine learning.

YARA extension for Visual Studio Code with code completion and snippets

Assembler/disassembler for the dex format used by Dalvik, Android's Java VM implementation.

A tool that generates Yara rules from training data using logistic regression and random forest classifiers.

A minimal, consistent API for building integrations with malware sandboxes

RetDec is a versatile machine-code decompiler with support for various file formats and architectures.

A .Net wrapper library for the native Yara library with interoperability and portability features.