Version: v0.03 Date: UNRELEASED

Web: http://www.apptroller.com/ Twitter: @AppTroller

This program auto-reverse-engineers Android applications, rips out sensitive API calls, replaces them with spoofed/inert data, then rebuilds the application. Root access is not necessary. It is licensed under the GNU Public License version 2.

Installation (for Ubuntu 12.04LTS / Linux Mint 13LTS):

1.) Install Python and Java: # apt-get install python openjdk-7-jdk

2.) Install the Android SDK from: http://developer.android.com/sdk/index.html. Ensure the 'aapt', 'keytool', 'jarsigner', and 'zipalign' tools are in your PATH by adding the 'sdk/tools' and 'sdk/platform-tools' directories to your PATH variable.

3.) (Optional) Download the latest version of apktool from: http://code.google.com/p/android-apktool/. Extract it, and place 'apktool.jar' in the same directory as AppTroller.py. If you don't do this, you will be prompted to automatically download and install apktool when you run AppTroller.py.

Basic example:

python AppTroller.py EvilApp.apk CleanedEvilApp.apk

... where "EvilApp.apk" is the name of the original application and "CleanedEvilApp.apk" is the output.

Example #2:

python AppTroller.py -c alternate.cfg -k EvilApp.apk CleanedEvilApp.apk

... where "-c alternate.cfg" specifies an alternate configuration file (the default is troll.cfg). Individual permissions can be enabled or disabled in these files.

The "-k" option keeps (hence the 'k') the original and modified disassembled sources, along with the diff file for manual analysis.

ChangeLog:

v0.03: ????: ????
v0.02: May 12, 2012: Initial public release at BSides Rochester.

AppTroller

Install / Use

README

Related Skills