apkInspector: The Zip-Compliant APK Analyzer & Extractor
apkInspector
apkInspector is a tool designed to provide detailed insights into the zip structure of APK files, offering the capability to extract the content and decode the AndroidManifest.xml file. What sets APKInspector apart is its adherence to the zip specification during APK parsing, eliminating the need for reliance on external libraries. This independence, allows APKInspector to be highly adaptable, effectively emulating Android’s installation process for APKs that cannot be parsed using standard libraries. The main goal is to enable users to conduct static analysis on APKs that employ evasion techniques, especially when conventional methods prove ineffective.
Library
The library component of apkInspector is designed with extensibility in mind, allowing other tools to seamlessly integrate its functionality. This flexibility empowers developers to leverage the capabilities of apkInspector within their own applications and workflows. To facilitate clear comprehension and ease of use, comprehensive docstrings accompany all primary methods, providing valuable insights into their functionality, expected arguments, and return values. These detailed explanations serve as invaluable guides, ensuring that developers can quickly grasp the inner workings of apkInspector’s core features and smoothly incorporate them into their projects.
Features offered
- Find end of central directory record
- Parse central directory of APK and get details about each entry
- Get details local header for each entry
- Extract single or all files within an APK
- Decode AndroidManifest.xml file
- Identify Tampering Indicators:
- End of Central Directory record defined multiple times
- Unknown compression methods
- Compressed entry with empty filename
- Unexpected starting signature of AndroidManifest.xml
- Tampered StringCount value
- Strings surpassing maximum length
- Invalid data between elements
- Unexpected attribute size
- Unexpected attribute names or values
- Zero size header for namespace end nodes
The command-line interface (CLI) serves as a practical illustration of how the methods provided by the library have been employed.
