Improving yara match by adding androguard-yara

[eybisi]

Adding androguard-yara plugin and generating report to feed androguard module.

Since androguard already used in project this will be easy to implement. Will it be usefull than current yara module ? That can be discussed.

Features of androguard-yara is here . Most of features can be search via pithus search section.

Adding following links to be used as a reference point.

http://pavelsimecek.cz/custom-matching-of-koodous-yara-rules/ https://github.com/eybisi/hacky-yara-androguard

[evilcel3ri]

That's a good idea. I'll give it some thought around the week end! Thank you for proposing this!

[evilcel3ri]

So I have been trying to set up androguard-yara in the docker and locally. Took a bit more time than expected because stuff weren't installed and the documentation wasn't up to date. When I finally managed to get a compilation without errors, it seems that androguard wasn't taken into account in the compilation. And it seems I'm not the only one there: https://github.com/Koodous/androguard-yara/issues/10 So if anyone managed to run androguard even locally, I'd be interested

[evilcel3ri]

Scratch that, it was the wrong yara I used

[evilcel3ri]

Been there done that, didn't work. I won't give it more thought on this, the yara version is specific and the whole compile chain fails. Sorry.