FirmwareDroid (FMD)

FirmwareDroid is a research project that aims to develop novel methods to analyse Android firmware. It is mainly made to automate the process of extracting and scanning pre-installed Android apps for security research purposes. In this repository you will find the code for the backend of FMD. The application has a minimal React frontend (see https://github.com/FirmwareDroid/FMD-WebClient), but is mainly an API and database that can be used for research studies.

Usage documentation can be found at: https://firmwaredroid.github.io/

FMD is made to run in docker and includes several third party analysis tools for security analysis and extraction. Some of the tools and features included are:

• Static-Analyzers for Android apps (APKs):
  • AndroGuard
  • APKiD
  • APKLeaks
  • APKscan
  • Exodus-Core
  • FlowDroid
  • MobSFScan
  • Trueseeing
  • Quark-Engine
  • Qark (deprecated, no updates by the author)
  • Androwarn (deprecated, no updates by the author)
  • SUPER Android Analyzer (deprecated, discontinued by the author)
• APIs:
  • VirusTotal
• Fuzzy-Hashing:
  • SSDeep (deprecated, no updates by the author)
  • TLSH
• Decompilers:
  • Android:
    • Apktool
    • Jadx
  • Java:
    • CFR
    • Procyon
    • Krakatau
• File and Firmware Extraction:
  • Unblob
  • SRLabs extractor
  • Payload-Dumper
  • Payload-Dumper-Go
  • lpunpack
  • imgpatchtools
• Miscellaneous:
  • AndroidManifest Parsing
• Dynamic Analysis:
  • Work in progress

FMD can be used as scanning engine for Android apps (.apk files), but it is mainly made to analyse pre-installed apps extracted from Android firmware. It allows you to extract various types of files from firmware images and creates an inventory of the extracted files. The inventory can be used to scan the files with the included tools and APIs or to analyse the collected data with custom tooling.

Contributing

We are happy to accept contributions to the software and documentation. Feel free to open a pull request with your enhancements or an issue with your suggestions.

Security

FMD has only a minimal set of security features and is not a production ready software. Use at your own risk.

Publications

FirmwareDroid: Towards Automated Static Analysis of Pre-Installed Android Apps

@INPROCEEDINGS{FirmwareDroid,
  author={Sutter, Thomas and Tellenbach, Bernhard},
  booktitle={2023 IEEE/ACM 10th International Conference on Mobile Software Engineering and Systems (MOBILESoft)}, 
  title={FirmwareDroid: Towards Automated Static Analysis of Pre-Installed Android Apps}, 
  year={2023},
  month={May},
  pages={12-22},
  doi={10.1109/MOBILSoft59058.2023.00009}
}

License:

FirmwareDroid is a non-profit research project licenced under the GNU General Public License v3.0 (see our licence).