Mobile application security developers and specialists, who use the Inspeckage analysis tool, might have noticed a new “sponsored by Tempest” stamp on Github or on the Inspeckage Twitter page. This stamp represents the partnership between Tempest and Antonio Martins, developer of the tool and mobile application anaylsis specialist.
Inspiration behind Inspeckage
Inspeckage began as a component of the Xposed framework, which carries out a dynamic analyses of Android applications — it is used in pentests and malware analysis, and was created because of the necessity to understand how an app functions during runtime: “a developer can, with the source code, debug or find where data is within the code, but if you only have the app downloaded in Google Play, it will be more difficult,” Antonio explains.
When looking for tools that allowed for this kind of analysis, he stumbled upon a project called Instrospy-Analyzer, (an extension of Cydia), and although it is a hybrid tool, with iOS and Android versions, the Android one have not been updated for a long time.
Another problem that led to the development of Inspeckage is related to hooks — a technique that lets the programmer to inject their own code before and after activity, allowing for a change in system and application behaviour. Hooks for Android that Antonio found on the internet were very outdated and did not meet his analytical needs.
Main functionalities of Inspeckage
Inspeckage has more than 20 features, among these: information collection, hooks, configuration, actions against targeted apps and logcat visualization. However, in order to actually understand what the app does, one needs to understand that one of the main motivations for its creation was for security analysis of mobile apps.
“A mobile app has various functions, but you might not be able to tell if, internally, the software reads specific data about you; Inspeckage has hook templates that show what the app does during runtime,” for example: one gives us an insight into how and what information is stored into a “preferences” folder (Shared Preferences), a very useful function for security analysis.
Antonio gives us another example of the platforms uses: “imagine you create an app and would like to see how it behaves; there are things that go beyond the developers reach, for example: if you are using another company’s closed library and you would like to see how that library behaves.”
Inspeckage has yet another function called +hooks, which are configurable hooks, useful in malware analysis. In one of the latest versions it became possible to alter information as it is being executed.
It is also possible to get around certificate pinning (Certificate or Public Key Pinning) with the objective of analysing apps that make server requests.
The challenges of creating and maintaining a tool like Inspeckage
Time and community involvement are among the main challenges for the development of Inspeckage, Antonio says. Since the beginning the tool was made as an open source project in order to “give free software back to the community”, and is known for producing and sharing tools useful to technicians, developers and other specialists. With this idea in mind, Antonio hoped to be able to count on the collaboration of the community that was yet to happen: “I get tips and requests for new features, but it is difficult to find anyone who would like to collaborate on development.”
For this reason, and believing that the tool must be constantly updated, he has been forced to manage the little time he has, dividing it between Tempest as a colaborator and Inspeckage as a developer.
Knowing the interest Tempest has in supporting innovative projects that have the potential generate a return for the comunity, Antonio presented Inspeckage to them and suggested that it should “sponsored by” the company, who understanding the challenge of innovation, have decided to support the initiative.
“This is not the first time we have given this kind of support”, says Cristiano Lincoln, CEO of Tempest, “in the past we have backed projects like the GR Security project, a tool developed by Linux specialist Brad Spengler — which we used here at Tempest — but giving our support to Antonio, who is a colleague and Tempest collaborator makes it even more special.” For Lincoln, it is about a committment that is part of the company’s DNA: “we have every interest in investing in the production and dissemination of research and tools for security, we understand the difficulties in developing a project from zero and gaining community support. To ally our brand with Inspeckage, is a way of helping Antonio with this job.”
What to expect in the next versions
Among the foreseen features in upcoming versions of the tool are: the possibility of defining the location of the device, bypassing mock location protection and ignoring information generated by GPS. As well as, the possibility of altering the devices fingerprint, an implementation that Antonio justifies by that fact that these days “it is very common for softwares to use information like telephone model, version of kernel and others that identify the device.”