AndroidTamer : Future

AndroidTamer started out as a VirtualMachine for Android (Security) Professionals, however we are not the only ones doing this bit, there are many more solutions, most of them offered by companies / corporates who have a paid product around it or have atleast a commercial angle. AndroidTamer at this point remains the only fully non-commercial non-sponsored entity in this space.

However is that all the differentiator that AndroidTamer is bringing, frankly that’s not enough for us. So we cameup with a plan. Today I am going to discuss the plan.

TLDR

We are slowly making Android Tamer a single point of reference for all Android Professionals.

Large/Detailed

We Want to make AndroidTamer a one stop location for Android (Security) Professionals

We will be diversifying our offerings but will be also at the same time trying to automate most of the stuff and easy out any pain point that Android Professionals face on regular basis.

This is the outline of how AndroidTamer will be looking in future. each project will be detailed out in seperate posts in near future.

AndroidTamer Debian based VM (Version 4 Released)

Customized to the core, Debian 8 based virtual machine environment is preloaded with tools for Android Pentesting.
AndroidTamer Virtual Machine has been our main identity and is something we will keep producing, only constraint being that we will do a build (with all latest tools, scripts and exploits) once every 6 month and will publish it out, however anyone using any older version of AndroidTamer should be able to use apt-get to keep themselves up-to-date. Any questions or concerns can be directed to us via various media’s github issues or Twitter or Release page comment

DEB / YUM Repository for Tools / Software Distribution (Available)

This is the heart of our evil-plan, with this repository fully working (right now its apt only) we will have the capability to allow people to directly use tools in their own distribution. and not download the very large vm that we provide.
https://repo.androidtamer.com : Aim is to be the only repository which is actively maintained and support both debian and Redhat distributions and maintain tools specific to android security / development. You can suggest new packages here also Build scripts used to create packages are also public and listed here

Android-Emulator customised for Pentesting (both x86 and arm version) (W.I.P.)

Customized emulator to be used in place of a device in both x86 and arm version which can be coupled with Tamer VM.
Most of the pentesters / developers require a virtual machine to test the tools, apk files, etc., hence we are going to create an android-x86 based VM (not genymotion because of license and cost restrictions) and a custom arm emulator image set which has patches to ensure all things in android pentests work with them. If you have any suggestions or tools which you want to be added you can add an issue here

Extensive Tools Documentation (W.I.P.)

Developing a distro is one thing, ensuring people use it properly is another. A lot of times we write shim / wrappers to ensure people don’t waste time however due to lack of official documentation people do endup wasting time and hence we created https://tools.androidTamer.com : Aim is to host extensive single location documentation for largest array of tools needed for android security and available inside AndroidTamer. Source is available here

Knowledge Base

Tools and how to use it one thing but knowledge about various things android like how does the file system looks like, or details of various security fixes in android core over various versions, for storing such kind of information we are launching https://kb.androidtamer.com : It contains various documentation around android which is useful to many people around the world. It also includes our very famous “Android Security Enhancement” sheet. Source is available here

Android Tools Repository

A large number of Android Tools are useful for various android tasks but are mostly available as source code. This repository will bring them out for everyone to use. This will be F-Droid compatible and will be at the heart of our Tamer-Emulator and will allow us to push latest version of various Open Source security tools like, just trust me, sslcatcher etc. If you have any suggestions or tools which you want to be added you can add an issue here

Question:

Q: Why not also focus on other OS ?

A: OSX support via homebrew is something We am thinking hard but let’s see how the future rolls out. If you want to use tools on any other Distro, our apt/yum repository is working in that direction. If you want to use tools on windows Appie seems to be the best option available.

Q: Why not support iOS, BlackBerry, Windows Phone stuff, make AndroidTamer a mobile tamer ?

A: While it all looks fancy and very interesting, fact of life if you want to do everything on iOS you need a Mac, if you want to work properly on Windows Mobile use Windows. There is no escaping that fact. By putting minimal tools and claiming that we support yet another platform is something that doesn’t sit well with us and hence We don’t claim nor support that.

How can i help

The project needs constant support from volunteers and hence any and all help is welcome. It should be clear that writing code is not the only way you can help the project. I am outlining multiple ways in which androidtamer can benefit from volunteers

  1. Test the Build, suggest changes or improvements / enhancements. Please raise an issue here
  2. Promote the Distribution, via writing blogpost or creating video’s or presenting sessions using this tool.
  3. Help with bringing in new tools in the distribution. Writing Build scripts: Sample apktool build and dex2jar build
  4. Test the repository on other distributions like Kali or Ubuntu or other pentest distributions and report issues : To configure repo on other distro Follow the guide
  5. Help us in solving issues by tracking them and contributing back via patches or fixes or suggestions. One major issue list to keep an eye will be the Tools Repository

Do you like what you read, What to share it

Author: Anant Shrivastava

Anant Shrivastava is a Independent Security Consultant and Trainer. He holds various certifications like SANS GWAPT, CEH and RHCE. He has been Speaker / Trainer at various conferences like Nullcon, C0c0n, Clubhack, G0s, Rootconf. He specialize in Web Application Security, and Mobile Security. He is also developers / maintainer of androidtamer (Live ISO for Android work), WP-Filemanager (Wordpress file manager plugin), SVN-Extractor (pentest tool to extract svn details) and more.

Leave a Reply

Your email address will not be published. Required fields are marked *