Rapid Android Parser for Investigating DEX files (RAPID)

back to overview

Reference

Zhang, X., Breitinger, F., & Baggili, I. (2016). Rapid Android Parser for Investigating DEX files (RAPID). Digital Investigation, 17, 28 - 39.

Publication type

Article in Scientific Journal

Abstract

Android malware is a well-known challenging problem and many researchers/vendors/practitioners have tried to address this issue through application analysis techniques. In order to analyze Android applications, tools decompress APK files and extract relevant data from the Dalvik EXecutable (DEX) files. To acquire the data, investigators either use decompiled intermediate code generated by existing tools, e.g., Baksmali or Dex2jar or write their own parsers/dissemblers. Thus, they either need additional time because of decompiling the application into an intermediate representation and then parsing text files, or they reinvent the wheel by implementing their own parsers. In this article, we present Rapid Android Parser for Investigating DEX files (RAPID) which is an open source and easy-to-use JAVA library for parsing DEX files. RAPID comes with well-documented APIs which allow users to query data directly from the DEX binary files. Our experiments reveal that RAPID outperforms existing approaches in terms of runtime efficiency, provides better reliability (does not crash) and can support dynamic analysis by finding critical offsets. Notably, the processing time for our sample set of 22.35 GB was only 1.5 h with RAPID while the traditional approaches needed about 23 h (parsing and querying).

Persons

Organizational Units

  • Institute of Information Systems
  • Hilti Chair for Data and Application Security

DOI

http://dx.doi.org/10.1016/j.diin.2016.03.002