Merge branch 'master' of github.com:cryptax/androidre

Author: cryptax

Dockerfile.re

@@ -6,8 +6,6 @@ RUN git clone https://github.com/skylot/jadx.git
 
 FROM gradle:8.2 as build
 WORKDIR /opt
-#COPY --from=clone /opt/axmlprinter /opt/axmlprinter
-#RUN cd /opt/axmlprinter && ./gradlew jar
 #COPY --from=clone /opt/simplify /opt/simplify
 #RUN cd /opt/simplify && ./gradlew fatjar
 COPY --from=clone /opt/jadx /opt/jadx
@@ -17,24 +15,24 @@ RUN cd /opt/jadx && ./gradlew dist
 FROM ubuntu:22.04
 
 MAINTAINER Axelle Apvrille
-ENV REFRESHED_AT 2023-12-05
+ENV REFRESHED_AT 2024-01-08
 
 ARG DEBIAN_FRONTEND=noninteractive
 ARG SSH_PASSWORD 
 ARG VNC_PASSWORD
 ENV AXMLPRINTER_VERSION "0.1.7"
-ENV APKTOOL_VERSION "2.9.0"
+ENV APKTOOL_VERSION "2.9.1"
 ENV DEX2JAR_VERSION "2.1-SNAPSHOT"
-ENV FRIDA_VERSION "16.1.3"
+ENV FRIDA_VERSION "16.1.8"
 ENV JD_VERSION "1.6.6"
-ENV PROCYON_VERSION "0.5.30"
 ENV SMALI_VERSION "2.5.2"
 ENV UBERAPK_VERSION "1.3.0"
 
 # For DroidLysis: libxml2-dev libxslt-dev libmagic-dev
 # For SSH: openssh-server ssh
 # For VNC: xvfb x11vnc xfce4 xfce4-terminal
 # For Quark engine: graphviz libbz2-dev
+# For CRC32: libarchive-zip-perl
 
 #RUN apt-get update && apt-get install -yqq default-jdk libpulse0 libxcursor1 adb python3-pip python3-dev python3-venv pkgconf pandoc curl \
 RUN apt-get update && apt-get install -yqq openjdk-8-jre openjdk-11-jre python3-pip python3-dev python3-venv pkgconf pandoc curl  locate \
@@ -43,32 +41,23 @@ RUN apt-get update && apt-get install -yqq openjdk-8-jre openjdk-11-jre python3-
     openssh-server ssh \
     xvfb x11vnc xfce4 xfce4-terminal\
     libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev zlib1g-dev wkhtmltopdf  \
-    graphviz adb libbz2-dev file
+    graphviz adb libbz2-dev file libarchive-zip-perl
 
 RUN python3 -m pip install --upgrade pip && pip3 install wheel
 
 # ----------------------------- RE Tools
 
-# APKdiff
-RUN wget -q -O "/opt/apkdiffy.py" https://raw.githubusercontent.com/daniellockyer/apkdiff/master/apkdiff.py
-
 # Androguard
 #RUN wget -q -O "/opt/andro.zip" https://github.com/androguard/androguard/archive/v${ANDROGUARD_VERSION}.zip && unzip /opt/andro.zip -d /opt && rm -f /opt/andro.zip
 #RUN cd /opt/androguard-${ANDROGUARD_VERSION} && pip3 install .[magic,GUI] && pip3 install --upgrade 'jedi<0.18.0' && rm -r ./docs ./examples ./tests ./lib*
-
-# Apkfile library
-#RUN cd /opt && git clone https://github.com/CalebFenton/apkfile
+RUN pip install androguard==3.4.0a1
 
 # APKiD
 RUN pip3 install apkid
-#RUN pip3 install --no-cache-dir --upgrade pip setuptools wheel && \
-#    pip3 wheel --quiet --no-cache-dir --wheel-dir=/tmp/yara-python --build-option="build" #--build-option="--enable-dex" git+https://github.com/VirusTotal/[email protected] && \
-#    pip3 install --quiet --no-cache-dir --no-index --find-links=/tmp/yara-python yara-python && \
-#    rm -rf /tmp/yara-python && \
-#    cd /opt && git clone https://github.com/rednaga/APKiD/ && \
-#    cd /opt/APKiD && python3 prep-release.py && pip3 install -e . && \
-#    rm -rf tests docker Dockerfile
 
+# Apksigtool
+RUN cd /opt && git clone https://github.com/obfusk/apksigtool
+RUN pip3 install pyasn1-modules && cd /opt/apksigtool && python3 setup.py install
 
 # Apktool
 RUN mkdir -p /opt/apktool
@@ -78,16 +67,7 @@ RUN wget -q -O "/opt/apktool/apktool.jar" https://bitbucket.org/iBotPeaches/apkt
 ENV PATH $PATH:/opt/apktool
 
 # AXMLPrinter
-RUN wget -q -O "/opt/axmlprinter.jar" https://github.com/rednaga/axmlprinter/releases/download/0.1.7/axmlprinter-${AXMLPRINTER_VERSION}.jar
-
-# ByteCode Viewer
-#RUN wget -q -O "/opt/bytecode-viewer.jar" "https://github.com/Konloch/bytecode-viewer/releases/download/v2.9.22/Bytecode-Viewer-${BYTECODEVIEWER_VERSION}.jar"
-
-# CFR
-#RUN wget -q -O "/opt/cfr_${CFR_VERSION}.jar" http://www.benf.org/other/cfr/cfr-${CFR_VERSION}.jar
-
-# ClassyShark
-#RUN wget -q -O "/opt/ClassyShark.jar" https://github.com/google/android-classyshark/releases/download/${CLASSYSHARK_VERSION}/ClassyShark.jar
+RUN wget -q -O "/opt/axmlprinter.jar" https://github.com/rednaga/axmlprinter/releases/download/${AXMLPRINTER_VERSION}/axmlprinter-${AXMLPRINTER_VERSION}.jar
 
 # Dex2Jar
 RUN wget -q -O "/opt/dex2jar.zip" https://github.com/pxb1988/dex2jar/files/1867564/dex-tools-${DEX2JAR_VERSION}.zip \
@@ -104,47 +84,24 @@ RUN cd /opt && git clone https://github.com/cryptax/droidlysis && cd /opt/droidl
 RUN chmod u+x /opt/droidlysis/droidlysis
 RUN sed -i 's#~/softs#/opt#g' /opt/droidlysis/conf/general.conf
 
-# Enjarify
-RUN cd /opt && git clone https://github.com/Storyyeller/enjarify && ln -s /opt/enjarify/enjarify.sh /usr/bin/enjarify
-
 # Frida, Frida Server and Frida-DEXDump
 RUN pip3 install frida frida-tools frida-dexdump
 COPY ./setup/install-frida-server.sh /opt
 RUN cd /opt \
     && wget -q -O "/opt/frida-server.xz" https://github.com/frida/frida/releases/download/${FRIDA_VERSION}/frida-server-${FRIDA_VERSION}-android-arm.xz && unxz /opt/frida-server.xz && mv /opt/frida-server /opt/frida-server-android-arm && chmod u+x /opt/install-frida-server.sh
 
-# Fridump
-RUN cd /opt && git clone https://github.com/Nightbringer21/fridump.git
-
 # JADX
-#RUN wget -q -O "/opt/jadx.zip" https://github.com/skylot/jadx/releases/download/v${JADX_VERSION}/jadx-${JADX_VERSION}.zip \
-#    && mkdir -p /opt/jadx \
-#   && unzip /opt/jadx.zip -d /opt/jadx \
-#    && rm -f /opt/jadx.zip
 COPY --from=build /opt/jadx/build /opt/jadx/
 
 # JD-GUI
 COPY ./setup/extract.sh /opt/extract.sh
 RUN wget -q -O "/opt/jd-gui.jar" "https://github.com/java-decompiler/jd-gui/releases/download/v${JD_VERSION}/jd-gui-${JD_VERSION}.jar" && chmod +x /opt/extract.sh
 
-# JEB Demo - requires JDK 11
-<<<<<<< HEAD
-# RUN wget -q -O "/opt/jeb.zip" https://www.pnfsoftware.com/dl?jebdemo && mkdir -p /opt/jeb && unzip /opt/jeb.zip -d ./opt/jeb && rm /opt/jeb.zip
-=======
-#RUN wget -q -O "/opt/jeb.zip" https://www.pnfsoftware.com/dl?jebdemo && mkdir -p /opt/jeb && unzip /opt/jeb.zip -d ./opt/jeb && rm /opt/jeb.zip
->>>>>>> 2b694cd9427fe0c03c771e9cb27ac4ee5fdf06a3
+# LIEF
+RUN pip install lief
 
 # Kavanoz
-RUN git clone https://github.com/eybisi/kavanoz.git && cd kavanoz && pip install -e . --user
-
-# Oat2Dex
-RUN wget -q -O "/opt/oat2dex.py" https://github.com/jakev/oat2dex-python/blob/master/oat2dex.py
-
-# Objection
-#RUN pip3 install objection
-
-# Procyon (link broken, currently using an archive) - Does not work with Java 11. Works with Java 8
-RUN wget -q -O "/opt/procyon-decompiler.jar" "https://github.com/cryptax/droidlysis/raw/master/external/procyon-decompiler-${PROCYON_VERSION}.jar"
+RUN cd /opt && git clone https://github.com/eybisi/kavanoz && cd kavanoz && python3 -m venv kavanoz-venv && . ./kavanoz-venv/bin/activate && pip install -e . && deactivate
 
 # Quark engine
 RUN pip3 install -U quark-engine

README.md

@@ -1,55 +1,21 @@
 # What's this?
 
-This repository contains 3 _docker_ images for the reverse engineering of _Android_ applications.
+This repository contains 1 docker image for the reverse engineering of _Android_ applications: 
 
-1. Android RE tools: `cryptax/android-re:2023.07` (1.7 GB). This image contains reverse engineering tools.
-2. Dexcalibur: `cryptax/dexcalibur:2023.01`. Contains Dexcalibur. Particularly useful for users whose OS does not support Dexcalibur...
-3. *Obsolete and broken*: Android emulators:  `cryptax/android-emu:2021.01` (3.4 GB). This image contains the Android SDK and emulators. 
+- Android RE tools: `cryptax/android-re:2023.07` (1.7 GB). This image contains reverse engineering tools.
 
+**The other images are obsolete and/or broken**: `cryptax/dexcalibur:2023.01` and `cryptax/android-emu:2021.01`.
 
 **Disclaimer**: Please use responsibly.
 
-# Download / Install
+# Quick Setup
 
 You are expected to download those containers via `docker pull`:
 
-- `docker pull cryptax/android-re:2023.07`
-- `docker pull cryptax/dexcalibur:2023.01`
+1. `docker pull cryptax/android-re:2023.07`
+2. `docker-compose up -d android-retools`
 
-If you wish to *build the images locally*: `docker-compose build`. This will build both images. If you only want to build one, add its name (see `docker-compose.yml`) e.g `docker-compose build android-retools`
-
-# Run the containers
-
-## Running dexcalibur
-
-`docker run --rm --network=host -v /tmp/dexcalibur:/workshop -it cryptax/dexcalibur:2023.01 /bin/bash`
-
-## Running android-re or android-emu
-
-Use `docker-compose`:
-
-- Start Android RE tools container: `docker-compose up -d android-retools`
-- Start Android emulator container: `docker-compose up -d android-emulators`
-- Stop both containers: `docker-compose stop`
-- To stop only one container, same as starting it: add its name at the end of the command.
-
-
-# Using the containers
-
-Note that:
-
-- Each Docker container exports a *SSH* port and a *VNC* port.
-- The Android RE tools container exposes a port for NodeJS in addition.
-- It is useful to share a local directory with `/workshop` in the container to easily read/write files.
-
-Once the containers are up and running, you can **connect using SSH or VNC**. The default credentials are `root/mypass` but you are encouraged to **modify this** (in `docker-compose.yml`).
-
-For SSH:
-
-- Be certain to specify the **port**. For SSH, it is `ssh -p PORT`, for scp `scp -P PORT`.
-- Make sure to use **X11 Forwarding**. This is `-X` option for ssh.
-
-Example:
+Access by SSH:
 
 ```
 $ xhost +
@@ -62,57 +28,72 @@ For VNC, install a *VNC viewer*, then:
 $ vncviewer 127.0.0.1::5900
 ```
 
-# Android emulators image (`android-emu`)
-
-It contains:
+Default password is `mypass`. See `docker_compose.yml` to change it.
 
-- Android SDK
-- Android emulator 5.1 ARM
-- Android emulator 11 x86_64
+# Customization
 
-See `~/.bashrc` for aliases to run those emulators.
-See `Dockerfile.emulators` if you wish to customize.
-
-## Android x86_64 emulator
+If you wish to *build the images locally*: `docker-compose build`. This will build both images. If you only want to build one, add its name (see `docker-compose.yml`) e.g `docker-compose build android-retools`
 
-The "normal" Android emulators emulate ARM architecture. If your host uses Intel x86 and supports hardware virtualization instructions, you can use the Android emulator for x86, which will be **much faster**. The Dockerfile installs the necessary packages, yet, for this option to work, you must:
+Ports for SSH and VNC can be customized.
 
-- Have an Intel x86-64 processor on your host which supports virtualization (e.g Intel VT)
-- Launch the container with the `--privileged` option.
 
 # Android tools image (`android-re`)
 
 - [androguard](https://github.com/androguard/androguard)
-- [apkfile](https://github.com/CalebFenton/apkfile)
 - [apkid](https://github.com/rednaga/APKiD/)
 - [apkleaks](https://github.com/dwisiswant0/apkleaks)
 - [apktool](https://bitbucket.org/iBotPeaches/apktool)
 - [axmlprinter](https://github.com/rednaga/axmlprinter)
 - [baksmali / smali](https://github.com/JesusFreke/smali)
 - [dex2jar](https://github.com/pxb1988/dex2jar)
 - [droidlysis](https://github.com/cryptax/droidlysis)
-- [enjarify](https://github.com/Storyyeller/enjarify)
 - [frida](https://frida.re)
-- [frida-dexdump](https://github.com/hluwa/FRIDA-DEXDump)
 - [jadx](https://github.com/skylot/jadx)
 - [java decompiler](https://github.com/java-decompiler/jd-gui/)
-- [oat2dex](https://github.com/jakev/oat2dex-python)
-- [objection](https://github.com/sensepost/objection)
-- [procyon](https://github.com/mstrobel/procyon)
+- [kavanoz](https://github.com/eybisi/kavanoz)
 - [quark](https://github.com/quark-engine/quark-engine)
 - [radare2](https://radare.org)
 - [simplify](https://github.com/CalebFenton/simplify)
 - [uber apk signer](https://github.com/patrickfav/uber-apk-signer)
 
 Those are open source tools, or free demos. They are installed in `/opt`.
 
+## Interesting tools to install on the host (not in the container)
 
-# Tweaks
+- [medusa](https://github.com/Ch0pin/medusa)
+- [objection](https://github.com/sensepost/objection):  `pip3 install objection`
 
-- Running a container locally (without SSH or VNC): 
+
+## Adding more tools
 
 ```
-$ docker run -it --rm -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix cryptax/android-re:latest /bin/bash
+# APKdiff
+RUN wget -q -O "/opt/apkdiffy.py" https://raw.githubusercontent.com/daniellockyer/apkdiff/master/apkdiff.py
+
+# Apkfile
+RUN cd /opt && git clone https://github.com/CalebFenton/apkfile
+
+# ByteCode Viewer
+RUN wget -q -O "/opt/bytecode-viewer.jar" "https://github.com/Konloch/bytecode-viewer/releases/download/v2.9.22/Bytecode-Viewer-${BYTECODEVIEWER_VERSION}.jar
+
+# CFR
+RUN wget -q -O "/opt/cfr_${CFR_VERSION}.jar" http://www.benf.org/other/cfr/cfr-${CFR_VERSION}.jar
+
+# ClassyShark
+RUN wget -q -O "/opt/ClassyShark.jar" https://github.com/google/android-classyshark/releases/download/${CLASSYSHARK_VERSION}/ClassyShark.jar
+
+# Enjarify
+RUN cd /opt && git clone https://github.com/Storyyeller/enjarify && ln -s /opt/enjarify/enjarify.sh /usr/bin/enjarify
+
+# Fridump
+RUN cd /opt && git clone https://github.com/Nightbringer21/fridump.git
+
+# Oat2Dex
+RUN wget -q -O "/opt/oat2dex.py" https://github.com/jakev/oat2dex-python/blob/master/oat2dex.py
+
+# Procyon (link broken, currently using an archive) - Does not work with Java 11. Works with Java 8
+RUN wget -q -O "/opt/procyon-decompiler.jar" "https://github.com/cryptax/droidlysis/raw/master/external/procyon-decompiler-${PROCYON_VERSION}.jar"
+
 ```
 
 

docker-compose.yml

@@ -1,40 +1,14 @@
 ---
 version: "3"
 services:
-  android-emulators:
-    build:
-      context: .
-      dockerfile: Dockerfile.emulators
-      args:
-        - SSH_PASSWORD=mypass
-        - VNC_PASSWORD=mypass
-    image: cryptax/android-emu:2021.03
-    container_name: android-emulators
-    ports:
-      - "5022:22"
-      - "5037:5037"
-      - "5900:5900"
-      - "5800:8000"
-    privileged: true
-    volumes:
-      - /tmp/emulators:/workshop
-  android-dexcalibur:
-    build:
-      context: .
-      dockerfile: Dockerfile.dexcalibur
-    image: cryptax/dexcalibur:2023.01
-    container_name: android-dexcalibur
-    network_mode: "host"
-    volumes:
-      - /tmp/dexcalibur:/workshop
   android-retools:
     build:
       context: .
       dockerfile: Dockerfile.re
       args:
         - SSH_PASSWORD=mypass
         - VNC_PASSWORD=mypass
-    image: cryptax/android-re:2023.07
+    image: cryptax/android-re:2024.01
     container_name: android-retools
     ports:
       - "6022:22"

Dockerfile.dexcalibur renamed to obsolete/Dockerfile.dexcalibur

@@ -0,0 +1,5 @@
+# Notes on the obsolete Dexcalibur Docker image
+
+## Running dexcalibur
+
+`docker run --rm --network=host -v /tmp/dexcalibur:/workshop -it cryptax/dexcalibur:2023.01 /bin/bash`