FirmwareDroid: An analysis framework for Android firmware and Apps.

FirmwareDroid is a research project that aims to develop novel methods to analyse Android firmware. It is mainly made to automate the process of extracting and scanning pre-installed Android apps for security research purposes. In this repository you will find the code for the backend of FMD. The application has a minimal React frontend (see https://github.com/FirmwareDroid/FMD-WebClient), but is mainly an API and database that can be used for research studies.

FMD is made to run in docker and includes several third party analysis tools for security analysis and extraction. Some of the tools and features included are:

• Static-Analyzers for Android apps (APKs):
  • AndroGuard
  • APKiD
  • APKLeaks
  • APKscan
  • Exodus-Core
  • FlowDroid
  • MobSFScan
  • Trueseeing
  • Quark-Engine
  • Qark (deprecated, no updates by the author)
  • Androwarn (deprecated, no updates by the author)
  • SUPER Android Analyzer (deprecated, discontinued by the author)
• APIs:
  • VirusTotal
• Fuzzy-Hashing:
  • SSDeep (deprecated, no updates by the author)
  • TLSH
• Decompilers:
  • Android:
    • Apktool
    • Jadx
  • Java:
    • CFR
    • Procyon
    • Krakatau
• File and Firmware Extraction:
  • Unblob
  • SRLabs extractor
  • Payload-Dumper
  • Payload-Dumper-Go
  • lpunpack
  • imgpatchtools
• Miscellaneous:
  • AndroidManifest Parsing
• Dynamic Analysis:
  • Work in progress

FMD can be used as scanning engine for Android apps (.apk files), but it is mainly made to analyse pre-installed apps extracted from Android firmware. It allows you to extract various types of files from firmware images and creates an inventory of the extracted files. The inventory can be used to scan the files with the included tools and APIs or to analyse the collected data with custom tooling.

Install & Use