SlideShare uma empresa Scribd logo

Code Obfuscation for Android and Windows Phone 7 Apps

Transferir como PPTX, PDF
Jeff Bollinger
Jeff Bollinger

Code Obfuscation slide deck from 9/1/2011 Mobile St. Cloud meeting.

Tecnologia
1 de 31
Code ObfuscationAndroid and Windows Phone 7 Mobile St. Cloud
What is it? Code obfuscation is the process of making code difficult to understand. It helps in discouraging an unauthorized person from reverse engineering an application to get access to its code without the permission of the author.
What it is not? It is not a way to prevent reverse engineering of code
Why should you consider it? It is very easy to view code that is not obfuscated Nothing stands in between attacker and code
Talk layout Android Reverse engineering obfuscation Inspect obfuscated code Windows Phone 7 Reverse engineering obfuscation Inspect obfuscated code
Android app reverse engineering To view code in an Android app .apk-> .dex-> .jar -> code .apk: App package (xml, images… everything) .dex: dalvik executable (code)
Android app reverse engineering cont’d Using Dex2jar + jd-gui Unzip the .apk file to get .dex Use Dex2jar to get .jar from .dexfile Unzip and use in command line dex2jar.bat <.dex file> Use jd-guito view code from .jar file Unzip and run exe
Android app reverse engineering cont’d
Dex2Jar +jd-gui Example
Android Code Obfuscation ProGuard The standard tool recommended by Android Optional but highly recommended Features Shrinks Optimizes Obfuscates You get Smaller size .apk file App difficult to reverse engineer
Android Code Obfuscation cont’d Integrated into Android build system Runs only when the app is built in release mode
ProGuard usage Enable Make an entry for proguard.config file path in default.properties relative/absolute Can move proguard.config and use relative path In project root directoryby default
ProGuard usage cont’d Building Build in release mode Turn off debugging. Set android:debuggable=”false” in AndroidManifest.xml in application tag Export apkfile (Eclipse) File -> Export -> Export Android Application Select the project to be exported Select a keystore All fields required Enter key details First five fields required
ProGuard usage cont’d
ProGuardusage cont’d
ProGuard obfuscation example
Inspect ProGuard obfuscation Verify promised features of ProGuard Size Optimization Obfuscation
ProGuard settings There are some custom settings available If a class is only referenced in the Manifest file, ProGuard will not see it keep public class <YourClassName>
WP7 reverse engineering To view code in a WP7 app xap -> .dll -> code .xap: App package (images… everything) .dll: windows dll
WP7 reverse engineering cont’d Using JustDecompile (telerik) – Free Shows each property and method separately Class only shows method signatures Just fire up and open dll
WP7 reverse engineering cont’d
JustDecompile example
WP7 reverse engineering cont’d Using dotPeek (JetBrains) – Free Was still in beta till recently Just unzip the tool, like Eclipse Opens up entire class, not separate entries for methods and properties
WP7 reverse engineering cont’d
dotPeek example
WP7 reverse engineering cont’d Other tools .Net Reflector (redgate) – Paid Used to be free but not anymore
WP7 Code Obfuscation Dotfuscator (Preemptive Solutions) The standard tool recommended by Microsoft Obfuscation features Renaming Control flow String encryption Not just an obfuscation tool, does instrumentation too Lets you view how your app is being used
Dotfuscator usage Download the installer Requires registration Will ask you to enter unique company name Suggests use your name if you have no company URL http://www.preemptive.com/windowsphone7.html
Dotfuscator usage cont’d Fire up Dotfuscator exe File -> New Project Open .xap file to obfuscate Add new input file (folder icon) Select the .xap to obfuscate Package artifacts will not be obfuscated
Dotfuscator obfuscation example
Thank you Me Osman Syed Meer Linked in Twitter (osmanmeer)

Recomendados

Blink downcast helpers
Blink downcast helpersBlink downcast helpers
Blink downcast helpersAbhijeet Kandalkar
 
Rock Your Code With Code Contracts -2013
Rock Your Code With Code Contracts -2013Rock Your Code With Code Contracts -2013
Rock Your Code With Code Contracts -2013David McCarter
 
Back-2-Basics: Exception & Event Instrumentation in .NET
Back-2-Basics: Exception & Event Instrumentation in .NETBack-2-Basics: Exception & Event Instrumentation in .NET
Back-2-Basics: Exception & Event Instrumentation in .NETDavid McCarter
 
Webinar on Google Android SDK
Webinar on Google Android SDKWebinar on Google Android SDK
Webinar on Google Android SDKSchogini Systems Pvt Ltd
 
Throwing Laravel into your Legacy App™
Throwing Laravel into your Legacy App™Throwing Laravel into your Legacy App™
Throwing Laravel into your Legacy App™Joe Ferguson
 
Automatic Test 2019-07-25
Automatic Test 2019-07-25Automatic Test 2019-07-25
Automatic Test 2019-07-25FedericoGuerinoni
 
I++ unit testing
I++ unit testingI++ unit testing
I++ unit testingGil Zilberfeld
 
Checkstyle wikipedia
Checkstyle wikipediaCheckstyle wikipedia
Checkstyle wikipediaThiago Souto Mendes
 

Recomendados

Blink downcast helpers
Blink downcast helpersBlink downcast helpers
Blink downcast helpersAbhijeet Kandalkar
 
Rock Your Code With Code Contracts -2013
Rock Your Code With Code Contracts -2013Rock Your Code With Code Contracts -2013
Rock Your Code With Code Contracts -2013David McCarter
 
Back-2-Basics: Exception & Event Instrumentation in .NET
Back-2-Basics: Exception & Event Instrumentation in .NETBack-2-Basics: Exception & Event Instrumentation in .NET
Back-2-Basics: Exception & Event Instrumentation in .NETDavid McCarter
 
Webinar on Google Android SDK
Webinar on Google Android SDKWebinar on Google Android SDK
Webinar on Google Android SDKSchogini Systems Pvt Ltd
 
Throwing Laravel into your Legacy App™
Throwing Laravel into your Legacy App™Throwing Laravel into your Legacy App™
Throwing Laravel into your Legacy App™Joe Ferguson
 
Automatic Test 2019-07-25
Automatic Test 2019-07-25Automatic Test 2019-07-25
Automatic Test 2019-07-25FedericoGuerinoni
 
I++ unit testing
I++ unit testingI++ unit testing
I++ unit testingGil Zilberfeld
 
Checkstyle wikipedia
Checkstyle wikipediaCheckstyle wikipedia
Checkstyle wikipediaThiago Souto Mendes
 
Code Clone Detection in Visual Studio 2012
Code Clone Detection in Visual Studio 2012Code Clone Detection in Visual Studio 2012
Code Clone Detection in Visual Studio 2012Suhail Jamaldeen
 
Mocking vtcc3 - en
Mocking vtcc3 - enMocking vtcc3 - en
Mocking vtcc3 - envgrondin
 
FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09Pyxis Technologies
 
New Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning RoslynNew Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning RoslynPVS-Studio
 
Code review best practice
Code review best practiceCode review best practice
Code review best practiceOren Digmi
 
Test Driven Development - Overview and Adoption
Test Driven Development - Overview and AdoptionTest Driven Development - Overview and Adoption
Test Driven Development - Overview and AdoptionPyxis Technologies
 
Tdd in php a brief example
Tdd in php a brief exampleTdd in php a brief example
Tdd in php a brief exampleJeremy Kendall
 
10 Things You Probably Should Have Learned With Your Computer Science Degree....
10 Things You Probably Should Have Learned With Your Computer Science Degree....10 Things You Probably Should Have Learned With Your Computer Science Degree....
10 Things You Probably Should Have Learned With Your Computer Science Degree....New Relic
 
Zero to Zend Framework in 10 minutes
Zero to Zend Framework in 10 minutesZero to Zend Framework in 10 minutes
Zero to Zend Framework in 10 minutesJeremy Kendall
 
TDD in PHP - Memphis PHP 2011-08-25
TDD in PHP - Memphis PHP 2011-08-25TDD in PHP - Memphis PHP 2011-08-25
TDD in PHP - Memphis PHP 2011-08-25Jeremy Kendall
 
Sonarlint
SonarlintSonarlint
Sonarlintpenetration Tester
 
code documentation
code documentationcode documentation
code documentationMADUABUM NNANNA
 
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...Pavneet Singh Kochhar
 
Code Quality Management iOS
Code Quality Management iOSCode Quality Management iOS
Code Quality Management iOSArpit Kulsreshtha
 
Behaviour Driven Development with SpecFlow
Behaviour Driven Development with SpecFlowBehaviour Driven Development with SpecFlow
Behaviour Driven Development with SpecFlowPascal Laurin
 
NET Code Testing
NET Code TestingNET Code Testing
NET Code TestingKirill Miroshnichenko
 
Android Applications Introduction
Android Applications IntroductionAndroid Applications Introduction
Android Applications IntroductionAnjali Rao
 
A Brief Introduction to Zend_Form
A Brief Introduction to Zend_FormA Brief Introduction to Zend_Form
A Brief Introduction to Zend_FormJeremy Kendall
 
Study Jam: Android for Beginners, Summary
Study Jam: Android for Beginners, SummaryStudy Jam: Android for Beginners, Summary
Study Jam: Android for Beginners, SummaryConstantine Mars
 
Binary Studio Academy: .NET Code Testing
Binary Studio Academy: .NET Code TestingBinary Studio Academy: .NET Code Testing
Binary Studio Academy: .NET Code TestingBinary Studio
 
MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsRon Munitz
 
Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Licel
 

Mais conteúdo relacionado

Mais procurados

Code Clone Detection in Visual Studio 2012
Code Clone Detection in Visual Studio 2012Code Clone Detection in Visual Studio 2012
Code Clone Detection in Visual Studio 2012Suhail Jamaldeen
 
Mocking vtcc3 - en
Mocking vtcc3 - enMocking vtcc3 - en
Mocking vtcc3 - envgrondin
 
FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09Pyxis Technologies
 
New Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning RoslynNew Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning RoslynPVS-Studio
 
Code review best practice
Code review best practiceCode review best practice
Code review best practiceOren Digmi
 
Test Driven Development - Overview and Adoption
Test Driven Development - Overview and AdoptionTest Driven Development - Overview and Adoption
Test Driven Development - Overview and AdoptionPyxis Technologies
 
Tdd in php a brief example
Tdd in php a brief exampleTdd in php a brief example
Tdd in php a brief exampleJeremy Kendall
 
10 Things You Probably Should Have Learned With Your Computer Science Degree....
10 Things You Probably Should Have Learned With Your Computer Science Degree....10 Things You Probably Should Have Learned With Your Computer Science Degree....
10 Things You Probably Should Have Learned With Your Computer Science Degree....New Relic
 
Zero to Zend Framework in 10 minutes
Zero to Zend Framework in 10 minutesZero to Zend Framework in 10 minutes
Zero to Zend Framework in 10 minutesJeremy Kendall
 
TDD in PHP - Memphis PHP 2011-08-25
TDD in PHP - Memphis PHP 2011-08-25TDD in PHP - Memphis PHP 2011-08-25
TDD in PHP - Memphis PHP 2011-08-25Jeremy Kendall
 
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...Pavneet Singh Kochhar
 
Behaviour Driven Development with SpecFlow
Behaviour Driven Development with SpecFlowBehaviour Driven Development with SpecFlow
Behaviour Driven Development with SpecFlowPascal Laurin
 
Android Applications Introduction
Android Applications IntroductionAndroid Applications Introduction
Android Applications IntroductionAnjali Rao
 
A Brief Introduction to Zend_Form
A Brief Introduction to Zend_FormA Brief Introduction to Zend_Form
A Brief Introduction to Zend_FormJeremy Kendall
 
Study Jam: Android for Beginners, Summary
Study Jam: Android for Beginners, SummaryStudy Jam: Android for Beginners, Summary
Study Jam: Android for Beginners, SummaryConstantine Mars
 
Binary Studio Academy: .NET Code Testing
Binary Studio Academy: .NET Code TestingBinary Studio Academy: .NET Code Testing
Binary Studio Academy: .NET Code TestingBinary Studio
 

Mais procurados (20)

Code Clone Detection in Visual Studio 2012
Code Clone Detection in Visual Studio 2012Code Clone Detection in Visual Studio 2012
Code Clone Detection in Visual Studio 2012
 
Mocking vtcc3 - en
Mocking vtcc3 - enMocking vtcc3 - en
Mocking vtcc3 - en
 
FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09
 
New Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning RoslynNew Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning Roslyn
 
Code review best practice
Code review best practiceCode review best practice
Code review best practice
 
Test Driven Development - Overview and Adoption
Test Driven Development - Overview and AdoptionTest Driven Development - Overview and Adoption
Test Driven Development - Overview and Adoption
 
Tdd in php a brief example
Tdd in php a brief exampleTdd in php a brief example
Tdd in php a brief example
 
10 Things You Probably Should Have Learned With Your Computer Science Degree....
10 Things You Probably Should Have Learned With Your Computer Science Degree....10 Things You Probably Should Have Learned With Your Computer Science Degree....
10 Things You Probably Should Have Learned With Your Computer Science Degree....
 
Zero to Zend Framework in 10 minutes
Zero to Zend Framework in 10 minutesZero to Zend Framework in 10 minutes
Zero to Zend Framework in 10 minutes
 
TDD in PHP - Memphis PHP 2011-08-25
TDD in PHP - Memphis PHP 2011-08-25TDD in PHP - Memphis PHP 2011-08-25
TDD in PHP - Memphis PHP 2011-08-25
 
Sonarlint
SonarlintSonarlint
Sonarlint
 
code documentation
code documentationcode documentation
code documentation
 
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
 
Code Quality Management iOS
Code Quality Management iOSCode Quality Management iOS
Code Quality Management iOS
 
Behaviour Driven Development with SpecFlow
Behaviour Driven Development with SpecFlowBehaviour Driven Development with SpecFlow
Behaviour Driven Development with SpecFlow
 
NET Code Testing
NET Code TestingNET Code Testing
NET Code Testing
 
Android Applications Introduction
Android Applications IntroductionAndroid Applications Introduction
Android Applications Introduction
 
A Brief Introduction to Zend_Form
A Brief Introduction to Zend_FormA Brief Introduction to Zend_Form
A Brief Introduction to Zend_Form
 
Study Jam: Android for Beginners, Summary
Study Jam: Android for Beginners, SummaryStudy Jam: Android for Beginners, Summary
Study Jam: Android for Beginners, Summary
 
Binary Studio Academy: .NET Code Testing
Binary Studio Academy: .NET Code TestingBinary Studio Academy: .NET Code Testing
Binary Studio Academy: .NET Code Testing
 

Semelhante a Code Obfuscation for Android and Windows Phone 7 Apps

MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsRon Munitz
 
Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Licel
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Dasnullowaspmumbai
 
Creating the first app with android studio
Creating the first app with android studioCreating the first app with android studio
Creating the first app with android studioParinita03
 
Android SDK and PhoneGap
Android SDK and PhoneGapAndroid SDK and PhoneGap
Android SDK and PhoneGapDoncho Minkov
 
AN ANDROID APP FOR BUILDING STUDENT PROFILES
AN ANDROID APP FOR BUILDING STUDENT PROFILESAN ANDROID APP FOR BUILDING STUDENT PROFILES
AN ANDROID APP FOR BUILDING STUDENT PROFILESIRJET Journal
 
Android Programming made easy
Android Programming made easyAndroid Programming made easy
Android Programming made easyLars Vogel
 
1 introduction of android
1 introduction of android1 introduction of android
1 introduction of androidakila_mano
 
Android_Studio_Structure.docx
Android_Studio_Structure.docxAndroid_Studio_Structure.docx
Android_Studio_Structure.docxKNANTHINIMCA
 
Installing eclipse & sdk
Installing eclipse & sdkInstalling eclipse & sdk
Installing eclipse & sdkArun Kumar
 
Android presentation
Android presentationAndroid presentation
Android presentationImam Raza
 
Android tutorial
Android tutorialAndroid tutorial
Android tutorialAbid Khan
 
Seminar on android app development
Seminar on android app developmentSeminar on android app development
Seminar on android app developmentAbhishekKumar4779
 
Questions About Android Application Development
Questions About Android Application DevelopmentQuestions About Android Application Development
Questions About Android Application DevelopmentAdeel Rasheed
 
Mobile Application Development-Lecture 03 & 04.pdf
Mobile Application Development-Lecture 03 & 04.pdfMobile Application Development-Lecture 03 & 04.pdf
Mobile Application Development-Lecture 03 & 04.pdfAbdullahMunir32
 

Semelhante a Code Obfuscation for Android and Windows Phone 7 Apps (20)

MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android Apps
 
Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
 
Creating the first app with android studio
Creating the first app with android studioCreating the first app with android studio
Creating the first app with android studio
 
Android SDK and PhoneGap
Android SDK and PhoneGapAndroid SDK and PhoneGap
Android SDK and PhoneGap
 
AN ANDROID APP FOR BUILDING STUDENT PROFILES
AN ANDROID APP FOR BUILDING STUDENT PROFILESAN ANDROID APP FOR BUILDING STUDENT PROFILES
AN ANDROID APP FOR BUILDING STUDENT PROFILES
 
Android Programming made easy
Android Programming made easyAndroid Programming made easy
Android Programming made easy
 
Android Development
Android DevelopmentAndroid Development
Android Development
 
1 introduction of android
1 introduction of android1 introduction of android
1 introduction of android
 
Android
AndroidAndroid
Android
 
Android_Studio_Structure.docx
Android_Studio_Structure.docxAndroid_Studio_Structure.docx
Android_Studio_Structure.docx
 
Installing eclipse & sdk
Installing eclipse & sdkInstalling eclipse & sdk
Installing eclipse & sdk
 
Android presentation
Android presentationAndroid presentation
Android presentation
 
Intro to Android Programming
Intro to Android ProgrammingIntro to Android Programming
Intro to Android Programming
 
Android
Android Android
Android
 
Android tutorial
Android tutorialAndroid tutorial
Android tutorial
 
Seminar on android app development
Seminar on android app developmentSeminar on android app development
Seminar on android app development
 
Questions About Android Application Development
Questions About Android Application DevelopmentQuestions About Android Application Development
Questions About Android Application Development
 
Mobile Application Development-Lecture 03 & 04.pdf
Mobile Application Development-Lecture 03 & 04.pdfMobile Application Development-Lecture 03 & 04.pdf
Mobile Application Development-Lecture 03 & 04.pdf
 
Bird.pdf
Bird.pdf Bird.pdf
Bird.pdf
 

Mais de Jeff Bollinger

Minnebar 2013 - Scaling with Cassandra
Minnebar 2013 - Scaling with CassandraMinnebar 2013 - Scaling with Cassandra
Minnebar 2013 - Scaling with CassandraJeff Bollinger
 
Mobile News Madness - March 2012
Mobile News Madness - March 2012Mobile News Madness - March 2012
Mobile News Madness - March 2012Jeff Bollinger
 
Android Development with Flash Builder Burrito
Android Development with Flash Builder BurritoAndroid Development with Flash Builder Burrito
Android Development with Flash Builder BurritoJeff Bollinger
 
Objective C for C# Developers
Objective C for C# DevelopersObjective C for C# Developers
Objective C for C# DevelopersJeff Bollinger
 
Agile Development at W3i
Agile Development at W3iAgile Development at W3i
Agile Development at W3iJeff Bollinger
 

Mais de Jeff Bollinger (7)

Minnebar 2013 - Scaling with Cassandra
Minnebar 2013 - Scaling with CassandraMinnebar 2013 - Scaling with Cassandra
Minnebar 2013 - Scaling with Cassandra
 
Mobile News Madness - March 2012
Mobile News Madness - March 2012Mobile News Madness - March 2012
Mobile News Madness - March 2012
 
Agile
AgileAgile
Agile
 
Android Development with Flash Builder Burrito
Android Development with Flash Builder BurritoAndroid Development with Flash Builder Burrito
Android Development with Flash Builder Burrito
 
Objective C for C# Developers
Objective C for C# DevelopersObjective C for C# Developers
Objective C for C# Developers
 
Mobile News Round Up
Mobile News Round UpMobile News Round Up
Mobile News Round Up
 
Agile Development at W3i
Agile Development at W3iAgile Development at W3i
Agile Development at W3i
 

Último

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 

Último (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 

Code Obfuscation for Android and Windows Phone 7 Apps

  • 1. Code ObfuscationAndroid and Windows Phone 7 Mobile St. Cloud
  • 2. What is it? Code obfuscation is the process of making code difficult to understand. It helps in discouraging an unauthorized person from reverse engineering an application to get access to its code without the permission of the author.
  • 3. What it is not? It is not a way to prevent reverse engineering of code
  • 4. Why should you consider it? It is very easy to view code that is not obfuscated Nothing stands in between attacker and code
  • 5. Talk layout Android Reverse engineering obfuscation Inspect obfuscated code Windows Phone 7 Reverse engineering obfuscation Inspect obfuscated code
  • 6. Android app reverse engineering To view code in an Android app .apk-> .dex-> .jar -> code .apk: App package (xml, images… everything) .dex: dalvik executable (code)
  • 7. Android app reverse engineering cont’d Using Dex2jar + jd-gui Unzip the .apk file to get .dex Use Dex2jar to get .jar from .dexfile Unzip and use in command line dex2jar.bat <.dex file> Use jd-guito view code from .jar file Unzip and run exe
  • 8. Android app reverse engineering cont’d
  • 10. Android Code Obfuscation ProGuard The standard tool recommended by Android Optional but highly recommended Features Shrinks Optimizes Obfuscates You get Smaller size .apk file App difficult to reverse engineer
  • 11. Android Code Obfuscation cont’d Integrated into Android build system Runs only when the app is built in release mode
  • 12. ProGuard usage Enable Make an entry for proguard.config file path in default.properties relative/absolute Can move proguard.config and use relative path In project root directoryby default
  • 13. ProGuard usage cont’d Building Build in release mode Turn off debugging. Set android:debuggable=”false” in AndroidManifest.xml in application tag Export apkfile (Eclipse) File -> Export -> Export Android Application Select the project to be exported Select a keystore All fields required Enter key details First five fields required
  • 17. Inspect ProGuard obfuscation Verify promised features of ProGuard Size Optimization Obfuscation
  • 18. ProGuard settings There are some custom settings available If a class is only referenced in the Manifest file, ProGuard will not see it keep public class <YourClassName>
  • 19. WP7 reverse engineering To view code in a WP7 app xap -> .dll -> code .xap: App package (images… everything) .dll: windows dll
  • 20. WP7 reverse engineering cont’d Using JustDecompile (telerik) – Free Shows each property and method separately Class only shows method signatures Just fire up and open dll
  • 23. WP7 reverse engineering cont’d Using dotPeek (JetBrains) – Free Was still in beta till recently Just unzip the tool, like Eclipse Opens up entire class, not separate entries for methods and properties
  • 26. WP7 reverse engineering cont’d Other tools .Net Reflector (redgate) – Paid Used to be free but not anymore
  • 27. WP7 Code Obfuscation Dotfuscator (Preemptive Solutions) The standard tool recommended by Microsoft Obfuscation features Renaming Control flow String encryption Not just an obfuscation tool, does instrumentation too Lets you view how your app is being used
  • 28. Dotfuscator usage Download the installer Requires registration Will ask you to enter unique company name Suggests use your name if you have no company URL http://www.preemptive.com/windowsphone7.html
  • 29. Dotfuscator usage cont’d Fire up Dotfuscator exe File -> New Project Open .xap file to obfuscate Add new input file (folder icon) Select the .xap to obfuscate Package artifacts will not be obfuscated
  • 31. Thank you Me Osman Syed Meer Linked in Twitter (osmanmeer)