126
android Malware and analysis
Once complete you will have a backup of that partition in a tar format
from which you can extract and review the les contained within. As
pointed out earlier, the tar le will be located in your home directory
under the Cygwin installation unless you change it in the aforemen-
tioned command.
Other Items of Interest
In analysis of Android malware you may have to perform nonstan-
dard operations to get what you are looking for. e following sec-
tions cover a few of those nonstandard operations that you may have
to perform.
Using Google Services Accounts
Some of the operations will require you to work with a Google
account in order to complete tasks. Two are recommended since you
can use one to interact with the other. It can be benecial to create
the accounts in such a way they are easily identiable such as using
test1000 and test2000.
Sending SMS Messages
SMS Messaging with the Emulator e emulators open port 5554 by
default. Each new emulator spawned simultaneously increments by
2 (e.g., 5556, 5558). You can spawn up to 16 simultaneous emulators.
e full number is 1-555-521-5554, 1-555-521-5556, and so on.
To send SMS messages you can open the messaging application on
two running instances of the emulator. Note, they must be running
on the same host and using the full phone number of the emulated
device to send and receive messages through it. An example of this
type of transaction is shown in Image 7.24.
SMS Messaging with a Device Sending SMS messages with a device is
a little more complicated but can be done. You will need two devices
with active Google accounts to do this. en from the play store
download and install a texting software such as Google Messaging.
Note with this method you are working with a third-party SMS