118
android Malware and analysis
lters. Android has ve levels of logging: ERROR, WARN, INFO,
DEBUG, and VERBOSE. e ability to change this is located on
the right-hand side of the LogCat screen. Additionally, you can apply
lters to the output allowing ltering for such things as PID and
Application Name. To create a lter, click the green plus (+) sign on
the left-hand side of the LogCat view.
Application Tracing
Now that you have been introduced to most of the tools, let’s put
together an example to show you how all of them come together for a
complete analysis. We are going to look at a very simple application to
test systems for DOS attacks. e application called AnDOSid can
be found at https://github.com/Scott-Herbert/AnDOSid.
• Using the ADB tool we install the application into our test
environment as described earlier.
• Next we start a packet capture from our upstream machine to
capture any network trac.
• Next from our lab machine we execute the application so it
shows up as a running process under our device in Eclipse.
• Next we select the running process and click the Start
Method Proling button to trace the object and method calls
of the application.
• Next we capture a screenshot. As seen in the following screen-
shot we have set up a target and left the other settings at their
defaults (Image 7.18).
• Next we select the Network Statistics tab on the left side of
the screen and select Start.
• Next we exercise the application by pressing Go, in this case,
for a period of time before selecting Stop.
• Last, we stop all of our captures to begin the analysis of results.
Analysis of Results
• Starting with the Network Statistics you can easily see there
was network trac, additionally you can see the frequency
interval of the trac.