Windows Phone App Analyser released
Security Ninja has announced the release of Windows Phone App Analyser. Version 1.0 of the application allows for the evaluation of Windows Phone 7 .xap files and supports the automatic decompilation of the .dll files within them. The tool is inspired by static security analysis tool Agnitio, also from Security Ninja, and presents a tree view of the contents of the .xap file allowing manual review of the files; clicking on .dll files decompiles them to .cs files for viewing or passing to an automated review using CAT.NET or FxCop.
The Windows Phone App Analyser also allows researchers to run Microsoft's own Capabilities Detection tool which works out what capabilities the app uses and allows comparison with the app's manifest declarations. More details about the Windows Phone App Analyser are available in a blog post which also includes download links to the application, examples of usage and example .xap files to decompile and examine. The author says the tool is "a little bit rough around the edges and lacks a few features that I think are important" but hopes to add features such as a keyword editor in the "next couple of releases".
(djwm)