Through the years of assessing and reverse engineering Android applications, I consistently found a number of manual tasks overwhelmingly tedious and, at times, in desperate need of automation. I repeatedly found efficiency issues while working through my methodology for assessing Android applications, having to bounce from tool to tool in order to accomplish a specific goal. However, an idea that had been festering in the back of my mind for a while finally found its way into code, thus, Lobotomy was created.

Lobotomy, a new Android security toolkit, was developed to serve multiple purposes. The first objective was to build a framework that could easily be used to add in new features or functionality that would solve certain tasks when hacking up and reverse engineering Android applications. This was created on the notion that you will load once and work forever, meaning you can load your target Android application and work on the innards of that application through different modules without having to switch to other tools to perform operations on the same application. Another purpose of the framework was to become a wrapper for other well-known tools and their features sets.

Some of the tools Lobotomy provides wrappers for include:

• apktool
• bowser
• Dex2Jar
• Androguard
• Frida
• Adb

Perhaps the most important aspect of Lobotomy is its ability to find the important functionality and vulnerabilities within any target application quickly. There are many features that help motivate someone to look at the material that really matters. Whether that is an exported Broadcast Receiver, or the instrumentation of the Activity lifecycle, Lobotomy also helps minimize the amount of time spent looking at unnecessary components as well.

Features

Here are some of Lobotomy’s current features:

• APK loader
• APK Decompilation with apktool
• Conversion magic with Dex2Jar
• Attack surface enumeration
• Component enumeration
• Permission enumeration
• Permission to API mappings (BETA)
• Convert any APK into a debuggable APK
• APK Profiler
• Bowser | parseUri, loadUrl, addJavascriptInterface search and destroy
• Web services and frontend UI
• Logcat wrapper
• Frida implementation (BETA)
• SurgicalAPI | Find API usage for common vulnerabilities in targeted methods

Lobotomy is evolving as it continues to be developed by GuidePoint Security. We would love your help and input with the new features.

You can check out Lobotomy here:

https://github.com/guidepointsecurity/lobotomy

We will also be adding a Wiki to document all of the features and how to use them, as well as a list of new and upcoming features in the works for the tool.

About GuidePoint Security
GuidePoint Security, LLC provides customized, innovative and valuable information security solutions and proven cyber security expertise that enable commercial and federal organizations to successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.