volatility VS Apktool

We were given a quite big 20250312.mem file. Looking at the name of the challenge and the size of the file, it was clear it was required to use volatility.

I need this to create generate a custom symbols table (using dwarf2json), in order to run a memory dump acquired by Ubuntu 22.04, as Ubuntu 22.04 kernel does not work anymore with volatility 2 (Issue here: volatilityfoundation/volatility#828)

Take a look at this link and specifically note how the profiles are named, especially Ubuntu - https://github.com/volatilityfoundation/volatility/wiki/Linux-Command-Reference

I think the typical tool for analyzing OS memory dumps is Volatility but I can't give you a course in how to use it, that is supposedly what your school should be doing.

Analyzing memory dumps can be hard, especially at the beginning. You might want to use comprehensive Frameworks like volatility.

git clone https://github.com/volatilityfoundation/volatility.git whenever i want to run something I get PS C:\Users\czare_000\python-course-for-beginners\bs4\volatility> & C:/Users/czare_000/AppData/Local/Programs/Python/Python310/python.exe c:/Users/czare_000/python-course-for-beginners/bs4/volatility/volatility/debug.py Traceback (most recent call last): File "c:\Users\czare_000\python-course-for-beginners\bs4\volatility\volatility\debug.py", line 27, in import volatility.conf ModuleNotFoundError: No module named 'volatility' or i also get except Exception, e: ^^^^^^^^^^^^ SyntaxError: multiple exception types must be parenthesized

Volatility is python based so you will need to install it and volatility's required dependencies. You can find the install instructions here https://github.com/volatilityfoundation/volatility

volatility - Version 2 Version 3

I'd be curious if anyone has tried this for Android and what kind of stuff it's checking for. Sideloaded APKs can often contain malicious stuff, but it's nearly impossible to know if it's doing anything suspicious unless you open it up with a tool like Apktool [1] or run it on Triage [2] as it supports Android and watch what it's doing. Most antivirus for Android is pretty much a joke, as far as I'm concerned.

[1] https://github.com/iBotPeaches/Apktool?tab=readme-ov-file

[2] https://tria.ge/

App tampering and repackaging can be performed by using reverse engineering or tampering tools, such as Apktool, dex2jar, etc.

Apktool made by iBotPeaches, this uses v2.9.1

Can someone clarify what "PP tools" are, and provide a link to them? I came across this link (https://apktool.org/) but I'm not sure if it's the right tool.

Apktool is all you need most of the time.

But it'll still be editable and we can make something good out of it. One of the famous ones, that I'm planning to use is ApkTool(https://ibotpeaches.github.io/Apktool/).

I did a dissection of twitter apk (got from apk pure) with apktool, and I found permission :

Not sure. I started reverse engineering Java apps very early in my life — initially it was J2ME games. Decompilers of the time sucked but that didn't stop me from modding Gravity Defied :P

I honestly don't know what's a good way of getting started on reverse engineering. There's a bunch of everything about Windows executables in particular, including "crackmes", but native machine code is a level up from JVM bytecode. Java classes and Android dex files can be decompiled back to sensible source with a good chance that you get something that can be compiled again. No such luck for native code — C/C++ compilation is a lossy process by its nature, especially the optimizations. Ghidra does a decent job but still requires a non-zero amount of manual assistance. Flash games also were good to hone one's reverse engineering skills since ActionScript decompilers did a pretty darn good job.

Anyway. To decompile dex to Java source, there's jadx: https://github.com/skylot/jadx

Since decompilation is sometimes lossy, there's apktool for when you want to put the app back together after tinkering with it: https://github.com/iBotPeaches/Apktool

It goes without saying that you also need a JDK and the Android SDK. In particular, you need apksigner form the SDK to sign the unsigned apks generated by apktool. You can also automate things a bit and use adb to deploy them to your device.

What I usually do is get a high-level overview of the app in jadx, and then modify the smali (dalvik bytecode in text form, very assembly-like) files generated by apktool.

I am not game or android app dev, but you might first need to de-compile apk using tools like https://ibotpeaches.github.io/Apktool/