Dexter is a static android application analysis tool. Click here to create an account.
Please use the feedback form or drop us a mail directly to firstname.lastname@example.org to do so.
See below for a small tour and explanation of the features we currently implement in Dexter.
Some of us have a background in malware analysis as well and with binaries it is very important to "improve" the quality of the disassembly by renaming functions and stack offsets (variables) so that it is more readable. Also this and being able to add comments helps remember certain aspects after working on something else for a while.
Because of this we knew that we had to support user created content such as comments, tags, renamings in Dexter to be able to work with the tool in an efficient way. Thus you can now rename almost everything in an application and add comments and tags at a lot of different places. Also it is possible to color the nodes of graph views!
In the Dexter UI we created graph views that allow you to get a better overview of relations between application elements. This includes a package dependency graph that shows which packages use each other's functionality. Class diagrams are a UML-like representation of class hierarchies and interface implementations. And last but not least, BBL (basic block) graphs show a control flow view of function bytecode (similar to IDA Pro).
It is possible to move graph nodes around and save its positions and you can give individual nodes colors to assign a visual feedback to certain functionality subsets.
The Dexter Query Language, DXQL, is a way to resolve complex relations between objects.
It is integrated into the search functionality within Dexter and allows you to interact with the analysis contents in a flexible way. DXQL is comparable to SQL for databases, but works on the analysis objects of an application, like methods, classes and packages.
Further details on this, as well as examples, can be found in Dexter's documentation!
Analyses can be grouped into projects and projects can be shared within a group of people. This way your own work like comments and tags can be viewed and amended by your colleagues.
One of the popular ways of looking at Android application interals is decompiling their bytecode. The resulting source-like represantation is a lot more readable than the bytecode mnemonics. In most cases this is achieved by converting the dalvik bytecode to Java class files and then employing a Java decompiler tool to get back to a source-like level.
We integrated the same process into Dexter so that you are able to do the same thing without installing anything. You can just hit the "decompile" button within class diagrams and the output will be shown in the interface.
Of course we still support looking at the Dalvik bytecode itself and offer a nice control flow graph representation to do so.
As Dexter needs to extract the APK files in order to analyze its contents, it features a view that allows you to browse the APK like a directory structure. You can download individual files and do further processing on your local machine if needed.
Of course it is not only possible to merely view the contents of an application. Dexter does quite a bit of automated analysis on the application code. It resolves cross-references of methods to strings and methods to each other and let's you follow the references in the interface. Additionally if certain Android framework related functionality is found Dexter annotates it with comments and links to the SDK documentation for further information.