Android Tamer is a Virtual/Live Platform for Android Security professionals. This reduces the needs to configure your own environment and professional can focus on exploitation. This Environment allows people to work on large array of android security related taskβs ranging from Malware Analysis, Penetration Testing and Reverse Engineering. Large number of tweaks and automations are build inside the Virtual Machine to make life easy for the User. Link here
AI Generated Content Disclaimer
Note: This summary is AI-generated and may contain inaccuracies, errors, or omissions. If you spot any issues, please contact the site owner for corrections. Errors or omissions are unintended.
This presentation is an Arsenal demo of Android Tamer at BlackHat ASIA 2016, showcasing a purpose-built virtual machine designed for Android security professionals. Android Tamer bundles a comprehensive suite of pre-configured tools for application analysis, reverse engineering, forensics, and automated assessment β all managed through a unified platform that supports VirtualBox, VMWare, and Vagrant/Ansible provisioning. The demo walks through key features including one-liner convenience commands, multi-device management, automated security checks, and the project’s community resources.
What is Android Tamer: A virtual machine environment purpose-built for Android security professionals. It provides a single, ready-to-use workspace that eliminates the overhead of individually finding, installing, configuring, and maintaining dozens of Android security tools. It supports deployment on VirtualBox, VMWare, and automated provisioning via Vagrant and Ansible.
Included Tools: The VM ships with a wide array of tools organized by function:
Custom Features and Convenience: Android Tamer provides custom one-liner commands (apk2java, drozer_start, etc.) that simplify complex multi-step operations into single commands. It includes easy management of multiple connected Android devices, scripts for automated analysis workflows, all tools pre-configured in PATH, and software updates managed through a dedicated apt-get repository at repo.androidtamer.com.
Demo: apk2java: A demonstration of the apk2java command that automates the full APK-to-Java-source decompilation pipeline β extracting, converting DEX to JAR, and decompiling to readable Java code in a single step.
Demo: drozer_checks: Automated security assessment using drozer to run predefined security checks against Android applications, streamlining the manual assessment process.
Demo: adb list β Multi-Device Management: A custom device management feature using ~/.adb_list to maintain named references to multiple connected devices. Entries are added in "NAME;SERIALNO" format, enabling quick switching and identification across test devices.
Demo: MobSF: Mobile Security Framework integration for automated static and dynamic analysis of Android applications directly within the VM environment.
Build Your Own Distribution: The presentation covers how users can build and customize their own Android Tamer distribution using the Debian-compatible package repository system, allowing teams to create tailored security testing environments.
Community and Learning Resources: Android Tamer provides curated learning materials for Android security at androidtamer.com/learn_android_security, maintains active social media presence on Twitter (@AndroidTamer) and Facebook for Android security news, and publishes security enhancement documentation.
apk2java one-liner for rapid APK reverse engineering workflows instead of manually chaining dex2jar, apktool, and decompiler commands.drozer_checks for automated baseline security assessments of Android applications before diving into manual analysis.~/.adb_list configuration for multi-device management when testing across multiple physical or emulated Android devices simultaneously.repo.androidtamer.com) to keep all security tools updated through standard apt-get workflows rather than manually tracking individual tool releases.