Question 1

How to instrument an Android app for logging with Redexer?

Accepted Answer

Use the 'logging' or 'logging_ui' command with scripts/cmd.rb on an APK, which injects logging code into the DEX file. Pre-built libraries are provided in data/, and you can customize by building from the logging directory with Gradle, as described in the usage section.

Question 2

Redexer vs Apktool for APK analysis?

Accepted Answer

Redexer offers deeper static analysis and binary rewriting for Dalvik bytecode, while Apktool is better for decompiling and repackaging APKs. Redexer is ideal for research and instrumentation, whereas Apktool suits general reverse engineering with less complexity.

Question 3

Can Redexer analyze obfuscated DEX files?

Accepted Answer

The README doesn't specify, but as a static analysis tool, it may struggle with heavily obfuscated code since it relies on parsing DEX structures. Users might need additional deobfuscation steps or tools for effective analysis.

Question 4

What are the system requirements to run Redexer?

Accepted Answer

Requires OCaml 4.09.0+, Ruby 1.8.6+, Android SDK for tools like aapt, and packages like ocamlfind, sha, and Nokogiri. Setup involves configuring environment variables and installing optional graphviz for visual graphs, as detailed in the Requirements section.

Question 5

How does Redexer's permission refinement work?

Accepted Answer

It uses static analysis to infer how permissions are parameterized in the app, part of the RefineDroid feature. This helps identify security risks by analyzing permission usage patterns without runtime execution.

Question 6

Is Redexer suitable for malware analysis on Android?

Accepted Answer

Yes, its static analysis features like intent resolution and call graphs can help identify malicious behavior. However, it requires expertise in Dalvik bytecode and may need complementary dynamic analysis tools for comprehensive malware research.

Question 7

How to generate a control-flow graph with Redexer?

Accepted Answer

Use the 'cfg' command with scripts/cmd.rb, specifying a method with --mtd, which outputs a PDF if graphviz dot is installed. For example, 'ruby scripts/cmd.rb target.apk --cmd cfg --mtd cls.mtd' generates the graph.

Redexer

What is Redexer?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions