Reverse Engineering of the Android File System (YAFFS2)

We published a Technical-Report with id CS-2011-06 (ISSN 2191-5008) named Reverse Engineering of the Android File System (YAFFS2) today. This report originates from parts of the Diploma Thesis of Christian Zimmermann which was published earlier this year.

Abstract — YAFFS2 is a file system which is used in many modern smartphones. Allthough YAFFS2 is an open standard and there exists an open source implementation, the behavior of YAFFS2 is not very well understood. Additionally, several aspects like wear-leveling and garbage-collection are not well-specified in the standard so that their actual behavior has to be reverse engineered from the implementation. Here, we give an introduction to and describe the basic functionality of YAFFS2. We place a particular focus on the detailed analysis of both wear-leveling and garbage-collection mechanisms, since these are important within a forensic analysis of the file system.

Beta-Version of Mobile-Sandbox released

I’m happy to announce the first public version of our Mobile-Sandbox. At the moment the whole system is still in development state but the static analysis of potential malware for Android powered smartphones is working quite good.

The static analysis does a kind of code review to get used permissions, intents and network action of the analysed app. So if you are working in the field of malware-analysis or anti-virus this service gives a good hint if it is worth doing the manual reverse engineering of the app.

The Mobile-Sandbox for Android OS can be found here:
http://www.mobile-sandbox.com

New functionality of ADEL

As ADEL is under continuous development there are some pretty nice new features. The one which we want to mention here is that ADEL can read and analyze the Wifi- and Mobile-Cell-Cache from a connected Android device. In these caches Android stores up to 250 (50 cell and 200 wifi) GPS coordinates with corresponding time stamps. ADEL generates from these data a movement profile and plots it to a google map.

As a future development we will try to gather more location information from apps like facebook, twitter, etc. and plot them to this map, too.

Mobile-Sandbox for Android malware

In the future we will inform you about a new project called Mobile-Sandbox. This project will develop a sandbox in terms of a automated malware analysis software for the Android OS. The first version which will only allow static analysis will be available in a few weeks, the second version with live analysis will follow later on. The Mobile-Sandbox will come with build-in web-interface where you can upload your apps. After analyzing the source-code and structure of the uploaded app you will get a report with all necessary data.

The whole service will be available under the following link in the near future: http://www.mobile-sandbox.com