MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a tool that puts together commonly used mobile application reverse engineering tools, in order to make the task or reverse engineering and analysis easier and friendly to mobile application developers and security professionals.
Features supported
- Reverse engineer apk files to smali, java jar files, java source code and dalvik bytecode (jadx format)
- Reverse engineer dex, jar and class files into java source code and dalvik bytecode (jadx format)
- Statically Analyze java source code and dalvik bytecode
- Scan for apk vulnerabilities via androbugs
- Scan ssl domains found in the app via the standalone SSL scanner that makes use of pyssltest and testssl
Installing MARA on Linux
MARA ships with a script that assists in downloading and installing the dependencies above. Simply run thesetup.sh script with sudo privilege and it will install them.
The following are the requirements for running MARA. The domain SSL scanning component requires an active internet connection. MARA works with Open JDK or Oracle JDK. We recommend version 7 and above when using either of them.
Java JDK
sudo apt-get -y install openjdk-7-jdk
Tree
sudo apt-get -y install tree
Install 32bit libs
sudo dpkg –add-architecture i386
sudo apt-get update
sudo apt-get -y install libgtk2.0-0:i386 libxxf86vm1:i386 libsm6:i386 lib32stdc++6
Figlet
sudo apt-get -y install figlet
sudo cp tools/figlet/doom.flf /usr/share/figlet
Smalisca
sudo pip install smalisca
Unirest
sudo pip install unirest
AHA – Ansi HTML Adapter
sudo apt-get -y install aha
Python3
apt-get install -y python3
Androwarn dependencies
sudo apt-get -y install python python-jinja2 git
Smali graph generation dependency
pip install pydot
After meeting all the requirements. If you run ./mara.sh –help you should see the MARA help menu as shown below.
MARA ships with a SSL scanner script that makes use of pyssltest and testssl. The stand alone SSL scanner can be run using the command ./ssl_scanner.sh and follow the instructions displayed. The findings from the scan are dumped in the domain scans folder i.e. /MARA_Framework/data/domain_scans/
While analyzing APK files, MARA provides the option of scanning domains found in the apk using the above mentioned tools. This scan runs in the background and can be skipped. In the event the scan is performed, the user is required to tail the two log files i.e pyssltest.log and testssl.log in/MARA_Framework/data/apk_name/analysis/static/ssl_scan/log/
