General Questions

Who are you?

Four guys with a background in computer science. We love to hack on challenging projects in our free time!

Why did you create this project?

Basically we felt that the existing analysis tools were either not good enough, contained too many bugs or just didn’t suit our needs when looking into Android applications.

In the recent years the Android platform has gained a lot of momentum and this popularity lead to a wide range of applications and also a high amount of malware being produced.

When trying to figure out problems of applications and functionality of malware it is essential to have a good toolchain at hand that assists with the analysis. There were quite a variety of tools available and even the famous IDA Pro supports analyzing Dalvik bytecode by now (Dalvik is the interpreter that Android applications run in). However when using either of these tools we often experienced shortcomings and thought about improvements / extensions that often were difficult to accomplish even though mostly looking at open source software.

Thus we decided to start our own full blown solution which suits our needs, has more features and is more efficient than all these existing tools.

For what purposes do you advise using Dexter?

Two example use cases we focused on during the development are malware analysis and code auditing. This is why Dexter provides high-level software architecture information like package- or class dependencies while at the same time being capable of showing the raw bytecode as a control-flow graph.

I need feature X/Y. Can you implement it?

Please contact us. Since Dexter shall serve information as comfortably as possible, any feature related requests/discussions are welcome!

Which extraction/export interfaces does Dexter offer?

None yet. However we want to implement a SDK which can run on the user’s client computer for further analysis. If you contact us about that, it might help to schedule our priorities ;)

Which analysis methods are used by Dexter in the backend?

We only perform static analysis techniques. Dynamic analysis might be a future feature if needed. If you contact us about that, it might help to schedule our priorities ;)

How can I support you?

We are very limited in resources, especially time and money. If you increase one of them, we are likely to commit more code :)

How did you make your choices of libraries / frameworks / UI when developing Dexter?

The team consists of researchers developers from all kinds of areas and basically our own experience and knowledge led to the chosen architecture of Dexter.

We knew we wanted to support all platforms and with the current power of browsers went for a web-based front-end interface. The backend is implemented in Django but most of our actual analysis and the initial processing is done by components written in C, C++ and Python.

Is my analysis data safe and retained through upgrades?

We will do everything possible to keep all comments / tags / modifications safe by doing backups and migrating database schema versions to newer versions when updating the software. However we can’t guarantee consistency a 100% as we are not a company and have limited resources for Dexter.

You can trust Dexter and the team that we know what we’re doing but occasionally something might go wrong. We are currently also working on a import / export feature for user-created data so that you could even make backups yourself.

Troubleshooting

I tried to do X/Y and it did not work / crashed.

Even though we are developing Dexter for quite a while now we are sure that we did not handle all cases and inputs correctly. This is why we host Dexter as a free public web-service - we want to improve our code and error handling by making all you guys work with the tool in ways that we might not have thought of.

It does not work in Browser X/Y.

The team does not have any “web developers” who know the quirks and incompatibilities of all browsers from the top of their heads. By using certain popular libraries and testing things in different browsers we tried our best to make it work for everyone. However once in a while we might break compatibility and we also did not take older browser versions into account.

Please understand that we will only support the major and most recent browsers out there with our small available manpower.

Availability

Is there a standalone version of Dexter for internal use?

In principle yes. Please contact us for further information.

Will there be an iOS version?

We have no codebase or expertise for iOS analysis yet. However we already shared some thoughts about that in our team meetings. If you contact us about that, it might help to schedule our priorities ;)