MARA: A Mobile Application Reverse Engineering and Analysis Framework Tool

MARA: A Mobile Application Reverse Engineering And Analysis Framework Tool

MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a tool that puts together commonly used mobile application reverse engineering and analysis tools, to assist in testing mobile applications against the OWASP mobile security threats. Its objective is to make this task easier and friendlier to mobile application developers and security professionals.

Features supported

• Reverse engineer apk files to smali, java jar files, java source code and dalvik bytecode (jadx format)
• Reverse engineer dex, jar and class files into java source code and dalvik bytecode (jadx format)
• Statically Analyze java source code and dalvik bytecode
• Scan for apk vulnerabilities via androbugs
• Scan ssl domains found in the app via the standalone SSL scanner that makes use of pyssltest and testssl

To do list

MARA is still in the very early stages of development. Researchers intend to work on the following features:

• Integrate dynamic mobile application analysis
• Rewrite the MARA Framework in python
• Integrate iOS, Blackberry and Windows phone application analysis
• Develop web panel to display data
• Include additional disassembly and analysis tools

Additional information about the framework, prerequisites and the installation guide is available on the wiki

Download