CYBER SCAPE AFRICA | Q2
2019
THE
MARA
FRAMEWORK
An African Cybersecurity Innovation
MARA is a Mobile Application Reverse
engineering and Analysis Framework. It is
basically a tool that puts together commonly
used mobile application reverse engineering
and analysis tools, so as to assist in testing
mobile applications against the OWASP
mobile security threats.
The tool worked quite well, and we decided
to open source it to the cyber security
community, so that other pentesters and
researchers could have a much easier time
reverse engineering and analyzing mobile
applications.
Its objective is to make the task easier and
friendlier to mobile application developers
and security professionals. MARA is
developed and maintained by Christian and
Chrispus. Mobile application reverse
engineering can seem like quite a daunting
task. This is mostly due to the fact that a
number of tools are required to get the job
done, where you convert a mobile
application from one form to another. For
example disassembling an android APK into a
java class file (JAR) or even to smali, which is
more or less a human readable version of
assembly.
MARA was developed out of necessity.
Chrispus and I were reverse engineering and
analyzing tons of mobile applications, and
the process was quite repetitive and soon it
became tiresome and boring. Mostly because
of running the same decompilation tools,
with the same commands over and over
again, across different apps. That’s when we
figured, it was about time to sit down and
automate the whole process. So we started
out the process of writing a couple of bash
scripts and after a few months, we came up
with MARA framework.
40
At the heart of MARA, is simply a number of
bash scripts that tie together really
awesome, reliable and well known mobile
application reverse engineering tools,
scanners and an excellent deobfuscator. This
is so that they can all be used in a systematic
way. The tools themselves can also be used
independently, in the event a specific use for
the tools is required and the capability is not
included in the bash scripts. Up until this
date, MARA has gone through a few script
updates, bug fixes and tool updates. In all
honesty, MARA is still in its very early stages
of development and there is a lot more to
come, in line with our roadmap. The tool by
far is neither the best in the market, nor
contains the cleanest code. However, what
we are happy about is that it works, and
sometimes that’s just what someone needs
to get the job done. If you would like to try
out MARA Framework, you can download it
here and try it out for yourself. Any
contributions and suggestions for the tool
will be highly appreciated.
Christian Kisutsa
Information Security Analyst