Mara Framework: Mobile Application Reverse engineering and Analysis Framework

  • 0

Mara Framework: Mobile Application Reverse engineering and Analysis Framework

Category : Blog

Mara Framework

MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a tool that puts together commonly used mobile application reverse engineering and analysis tools, to assist in testing mobile applications against the OWASP mobile security threats. Its objective is to make this task easier and friendlier to mobile application developers and security professionals.

How it all started

For the past few months by digging into the Android Operating system to understand its inner workings and how different elements are pieced together. It is decided to start of with trying to understand how applications are developed.

The first step was to understand the components of an android application, then later how the operating system executes it, what data is stored, where its stored and who had access to it.

It soon started to become quite frustrating on having to run various tools to get different output. For example, running dex to jar to convert the android application (apk) into a jar file or converting the apk into smali bytecode using baksmali. This process was not only inconvenient and slow, but i could only reverse engineer and study one app at a time. At this point in time my good friend Chrispus was also facing the same challenges on reverse engineering android apps.

After a bit of googling it came across MobSF.  Its an awesome tool that performs both static and dynamic analysis of both Android and iOS applications. After downloading the tool from github and poking around in it, found the strings it was using to perform the static analysis, and that was when we had the light bulb moment.

It has figured, why don’t we use the same strings to perform the static analysis but dumping the identified matches to a text file for review. First thing first, was to ask Ajin, the creator of MobSF for permission to use the detection strings, of which he obliged. What crossed our minds next was the OWASP mobile top 10, which checks are supposed to be performed on an mobile application in accordance to OWASP mobile security threats. then it came across the list of mobile app checklist on the OWASP website for both static and dynamic analysis.
After a few months of bash scripting, the simple reverse engineering script morphed into the MARA framework. A tool that decompiles android application, java classes, dex file and class files into java class files, then proceeds to statically analyze them.  Included androbugs to scan for potential vulnerabilities in the apk, alongside a number of other tools. There is also an integrated SSL scanner for scanning domains extracted from the resulting source code. This was nothing more than a script to make our work easier, faster and more efficient.

OWASP mobile

Features supported:

APK Reverse Engineering

  • Disassembling Dalvik bytecode to smali bytecode via baksmali and apktool
  • Disassembling Dalvik bytecode to java bytecode via enjarify
  • Decompiling APK to Java source code via jadx

APK Deobfuscation

  • APK deobfuscation via

APK Analysis

  • Parsing smali files for analysis via smalisca
  • Dump apk assets,libraries and resources
  • Extracting certificate data via openssl
  • Extract strings and app permissions via aapt
  • Identify methods and classes via ClassyShark
  • Scan for apk vulnerabilities via androbugs
  • Analyze apk for potential malicious behaviour via androwarn
  • Identify compilers, packers and obfuscators via APKiD
  • Extract execution paths, IP addresses, URL, URI, emails via rege

APK Manifest Analysis

  • Extract Intents
  • Extract exported activities
  • Extract receivers
  • Extract exported receivers
  • Extract Services
  • Extract exported services
  • Check if apk is debuggable
  • Check if apk allows backups
  • Check if apk allows sending of secret codes
  • Check if apk can receive binary SMS


Domain Analysis

  • Domain SSL scan via pyssltest and testssl
  • Website fingerprinting via whatweb

Security Analysis

  • Source code static analysis based on OWASP Top Mobile Top 10 and the OWASP Mobile Apps Checklist
  • MARA is capable of performing either single or mass analysis of apk, dex or jar files.

For more information please follow the LINK


A multiple set of test tools will be necessary for a more thorough and comprehensive testing process .I have given an overview of the MARA Framework setup process and how it can expedite your android app reverse engineering and static analysis process.

BriskInfosec holds utmost experience in Mobile App Penetration Test to identify potential vulnerabilities and insure coding practises in android application.


Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training


Leave a Reply

Show Buttons
Hide Buttons