Garner is a mobile application repository that gathers application packages from the Apple App Store and Google Play Store and extracts useful information about them. Users can use Garner’s web interface to
search for apps in the App Store & Play Store and download IPAs/APKs;
monitor for & automatically download new versions of apps of interest;
view permissions requested by downloaded apps;
view files contained in downloaded apps;
compare changes in permissions and files across downloaded versions; and
look up contained files across the repository by name or hash.
Garner provides forensicators (digital forensics analysts) and malware analysts a handy centralised repository for mobile applications that they can use whilst analysing cases. Examples of workflows involving Garner include:
Determining which version of an app introduced a maliciously used permission or a malicious file.
Determining which apps in the repository include a malicious file, as determined by hash.
Extracting a list of files that are included in a legitimate version of an application package, which the forensicator can safely exclude while analysing a (potentially) compromised mobile device.
Installing two versions of an app and comparing their runtime behaviour.
Installing a specific version of an app on a test device that is compatible with databases gathered during evidence collection.
Garner is a containerised web service written in Swift using the Vapor framework. It runs on Ubuntu and macOS.
Goal
The goal of this project is to improve the Garner framework For example:
Before Garner can download an app or any of its updates from the App Store, a Garner operator needs to purchase or download that app using the App Store account assigned to Garner. Garner should support downloading all free apps without this manual intervention.
Garner can only download applications from the App Store when the fetching service runs on a Mac. It should support downloading iOS apps on Ubuntu.
Garner does not analyse executables; it merely dissects a package’s contents. It should extract classes (Objective-C, Swift, and/or Java). It should also compute hashes for methods and functions to enable comparing code changes.
Expected outcome
source code on our GitLab server
1 blog post
1 poster
a project report
Conditions
Applicant’s country of origin must be a member of EU or NATO
Required skills
To start this project you should have some knowledge of: