01 Dec. 2012: DEXTER RELEASE
Dexter has finally been released to the public. You can register an account right now at http://dexter.dexlabs.org and start analyzing applications. If you have any questions, don't hestitate to contact us.

Have fun!
<read more >
Pleed from our team gave a lightning talk about similarity between android applications. Slides attached.
<read more >
The Android system comes with dexopt an application verifier and optimizer. Dexopt is used when new applications get installed and when the Android system boots up.

A post compilation prepared Android application can trigger bugs in dexopt which will end up in an endless loop preventing your Android device from booting.
<read more >
In february Google started to protect the Android market using the google bouncer. This tool is used to detect malicious behavior of new applications prior to publishing them in the Android market. It is mainly based on dynamic analysis. This means it executes the analysis target in an instrumented emulator environment, in this case based on Qemu. As Jon Oberheide already pointed out the Google bouncer is detectable and can therefor be circumvented by malware. This writeup explains a new method to detect dynamic Android analysis environments. A Proof-of-Concept that is capable of detecting the Android emulator is released.
<read more >
03 Aug. 2012: Dexlabs DEFCON review
Pleed and Mark from our team headed to Las Vegas for DEFCON last week. This is the way to say 'Thank You' to all people who contributed to our amazing trip.

This time we have no technical content for you ;)
<read more >
When doing Reverse Engineering, it is often comfortable to be provided
with information about the code one is currently looking at. If
documented API functionality is called for example, it is nice to see
parameter types and semantics. Often this information essentially
speeds up the process of understanding what a certain code snippet
actually does.

This writeup presents the Dexter autotagging feature which is built to provide the analyst with the just described information.
<read more >
Android applications and their bytecode can be obfuscated in order to make our reverse engineering job hard. Besides more common techniques which e.g. are introduced by ProGuard there is also a wide range of possibilities to obfuscate the Dalvik bytecode directly. Most analysis tools make strong assumptions on the bytecode and so they fail while processing such applications where bytecode obfuscation techniques have been used. Finally, this results in crashes and meaningless output of these reverse engineering tools.

In the following we present a simple but powerful bytecode obfuscation technique and an evaluation of  most common reverse engineering tools for Android. We also attached a crackme so you can test it on your own.
<read more >
We gave our first public talk about dexter at SIGINT2012. We presented the concepts and key features of our Android Analysis Framework.

Lots of interesting conversations inspired us for future work. .... 

Slides are attached.

<read more >
    There are several static reverse engineering and analysis tools out there.
    They provide analysts with the capability to understand how a certain
    program works without the need of having access to the actual sourcecode.
    Therefor the main goal of such a software is to help the analyst do his
    job faster - and thus lower cost.

    Since non-trivial programs include a number of objects which are impossible
    to keep in mind for humans, most of such analysis software implements a
    search functionality.

    This document deals with the question how to design search functionality
    in such a context. Our solution to this problem is presented.
<read more >