SlideShare uma empresa Scribd logo

Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and Tools

D
Dario Incalza

Reverse Engineering (RE) is the art of taking an application apart and try to understand the internal mechanisms. There’s a positive side and a negative side to this approach. The positive side is the fact that RE gives us a means to research and understand malware. The negative side is that distributed binaries can be torn apart to look at intellectual property or to inject it with malicious code. The talk will guide you through the Android app build process and learn some countermeasures to make it harder for hackers to reverse engineer your Android code. Further more the talk will cover opensource tools that you can use to reverse engineer Android applications to inspect it for malware.

Software
1 de 58
Baixar para ler offline
10-12 September 2015 droidcon Greece Thessaloniki
Reverse Engineering in Android Countermeasures and Tools
> Dario Incalza (@h4oxer) > Application Security Engineering Analyst > Android Developer $ whoami
CONTENTS > Motivation > Android App Anatomy and Building Process > Reverse Engineering > Tools with Use Case > Countermeasures
> Good Guys: > Understand Malware > Security Research > Bad Guys: > Piracy > Steal Intellectual Property > Introduce backdoors MOTIVATION
> Law is a gray area! > Depends on country > Depends on purpose (i.e. achieve interoperability) > End User License Agreement (EULA) > Takes away all doubt > Almost always illegal > For educational purposes ;-) IS IT LEGAL?
CONTENTS > Motivation > Android App Anatomy and Building Process > Reverse Engineering > Tools with Use Case > Countermeasures
Android Application Anatomy .zip file Android Package (.apk) classes.dex resources. arsc Compiled resources Dalvik byte code AndroidManifest.xml Binary version of AndroidManifest.xml uncompiled resources Native Libraries Third-party .so libraries
Android Build Process
> classes.dex is executed > Dalvik <-> ART (since Android 4.4) > Optimize code for execution > Dalvik: Just-in-Time (JIT) > ART : Ahead-of-Time (AOT) Application Execution
Application Execution JIT AOT
CONTENTS > Motivation > Android App Anatomy and Building Process > Reverse Engineering > Tools with Use Case > Countermeasures
Reverse Engineering APK RE Tools Dalvik ByteCode Java Code Smali/Jasmin Native Code
Reverse Engineering – Dalvik ByteCode RE Tools Dalvik ByteCode Java Code Smali/Jasmin
Reverse Engineering – Smali RE Tools Dalvik ByteCode Java Code Smali/Jasmin
Reverse Engineering RE Tools Smali/Jasmin Native Code To which format do I RE the .APK? > Depends on what you want to achieve > Understanding internal mechanisms => Java Code > Instrumenting apps => Dalvik/Smali Bytecode/Jasmin > Native libraries => RE the .so library to native code Usually a combination of all
Reverse Engineering RE Tools Smali/Jasmin Native Code RE Java Code Information < Original Java Code Information Reason: Information loss when building classes.dex from .class Consequence: Impossible to rebuild RE Java Code, use Dalvik Byte Code format instead
Reverse Engineering RE Tools Smali/Jasmin Native Code How does a regular RE process looks like?
Reverse Engineering – First Step: Objectives RE Tools Smali/Jasmin Native Code Who wrote the app? What permissions does it use and why does it need them? Is it using crypto, if so, what is it encrypting? Is it using reflection, if so, why is it using reflection? Is it using dynamic bytecode loading, if so why is it using it? Is it using obfuscation? Is it malware?
Reverse Engineering – Second Step: Info gathering RE Tools Smali/Jasmin Native Code > Don’t jump to looking at code in the wild! > app name, icon, activities, receivers, services, permissions, intents (AndroidManifest.xml) > strings.xml > native .so libraries > signature of the app
Reverse Engineering – Third Step: Hacking Time RE Tools Smali/Jasmin Native Code Now experience comes into play > decompile classes.dex or .so libraries > Find entry-points > Search for dynamic bytecode loading, permission usage, reflection, crypto code
CONTENTS > Motivation > Android App Anatomy and Building Process > Reverse Engineering > Tools with Use Case > Countermeasures
Use Case RE Tools Smali/Jasmin Native Code AnserverBot Trojan (August 2011 - Yajin Zhou, Xuxian Jiang )
Use Case - AnserverBot Trojan RE Tools Smali/Jasmin Native Code Dynamic Bytecode Loading Reflection C&C ServerAggressive Obfuscation
Use Case - AnserverBot Trojan RE Tools Smali/Jasmin Native Code Background Service Dynamically Loaded
Use Case - AnserverBot Trojan $ unzip anserverbot_sample.apk $ cd assets Payload A Payload B
Use Case - APKTool $ apktool d anserverbot_sample.apk
Use Case - AnserverBot Trojan - AndroidManifest SUSPICIOUS
Use Case - AnserverBot Trojan - AndroidManifest SUSPICIOUS
Use Case - AnserverBot Trojan - Payloads Anservera.db and Anserverb.db are not database files. Zip archives? => Android apps
Use Case - AnserverBot Trojan - Payloads $ apktool d anservera.db
Use Case - AnserverBot Trojan – Dynamic Bytecode Loading Payloads == Android code => Dynamic Bytecode loading! Use ARES (Android Reverse Engineering Suite) or Androguard!
Use Case - AnserverBot Trojan - ARES Payload A uses Dynamic Bytecode Loading AND Reflection
Use Case - AnserverBot Trojan - ARES Lcom/sec/android/providers/ drm/Style -> a() Lcom/sec/android/providers/ drm/Style -> b() Lcom/sec/android/providers/ drm/Style -> c()
Use Case - AnserverBot Trojan Next steps: > Look at the methods a(), b() and c() > You’ll see obfuscation and encryption > Use symbolic execution to get rid off encryption > I.e. Simplify
Use Case – Simplify “ If an app's strings are encrypted, Simplify will interpret the app in its own virtual machine to determine semantics. Then, it uses the apps own code to decrypt the strings and replaces the encrypted strings and the decryption method calls with the decrypted versions.” https://github.com/CalebFenton/simplify
Use Case – Anserverbot Trojan – C&C Command & Control (Phone Home) Goal: Keep control, update payloads and push back info Server addresses are hardcoded but encrypted > Custom Base64 encryption What to do?
Use Case – Decompile with Simplify Smali from APK Simplify Smali Files Classes.dex JAR dex2jar JAD Eliminates useless code, encryption, makes code more readable
Summary Tools Androguard: Reverse Engineering API written in Python, comes with a shell ARES: Android Reverse Engineering Suite, build on Androguard Simplify: Symbolic code executioner, rewrites code to simplify and eliminate encryption, dead/useless code. DEX2JAR/DEX2JASMIN/DEX2SMALI: Transform classes.dex to intermediate code
Summary Tools JEB: Android Reverse Engineering Suite (Commercial) Radare: Reverse Engineering Tool, Android support APKTool: Automate decompilation of resources and classes.dex to smali APKStudio: An IDE for decompiling/editing & then recompiling of android application binaries.
CONTENTS > Motivation > Android App Anatomy and Building Process > Reverse Engineering > Tools with Use Case > Countermeasures
COUNTERMEASURES How to protect your code once it is distributed? No silver bullet =(
COUNTERMEASURES > Tamper detection > Dynamic Bytecode Loading > Obfuscation > Anti-debugging > Code/String Encryption > Code Guards
COUNTERMEASURES – TAMPER DETECTION > Detect app modification/repacking > APKTool makes it easy to repack > What if we could detect rebuild/recompilation/repackaging? Source: BlueBox Security
COUNTERMEASURES – TAMPER DETECTION Idea: Use the AndroidManifest.xml > Purpose: provide metadata: permissions, activities, services, etc. > Compiled to binary format in APK > During build: text => binary (aapt) > What about binary to text? (apktool)
COUNTERMEASURES – TAMPER DETECTION > When parsed by Android, attributes are identified according to an id: <public type="attr" name="name" id="0x01010003" /> > Inject a “name” attribute into <application> with an unknown id, Android will not recognize it as a name attribute.
COUNTERMEASURES – TAMPER DETECTION > Result: Android will parse manifest just fine, APKTool will include a proper “name” attribute when rebuilding APK > Executing a rebuild APK with APKTool will execute the injected name (i.e. detect.class) and thus trigger an alarm
COUNTERMEASURES – TAMPER DETECTION <application> <activity android:name= "com.example.manifestexample.MainActivity"> <intent−filter> <action android:name= "android.intent.action.MAIN" / > </intent−filter > </activity> </application> < application android.name=“detect.class”>
COUNTERMEASURES – Dynamic Bytecode Loading > Code that is not statically available cannot be RE > Use Dynamic Bytecode Loading for critical code > Ship code as encrypted asset > Attack: dump code from memory > Tool: DABiB – Dynamic Android Binary Debugger
COUNTERMEASURES – Obfuscation > Idea: transform source or byte code to human unreadable but semantically equivalent code > Inject useless code > Disrupt call graph flow by using reflection and dynamic bytecode loading > Encrypt assets and libraries > Class/String Encryption
COUNTERMEASURES – Obfuscation > Tools: ProGuard/DexGuard, Arxan, DashO, Allatori, Stringer > Attack: Decompile code and start with entry-point, refactor through code, use Simplify
COUNTERMEASURES – ANTI-DEBUGGING > Idea: detect debugging environment > Different behavior than in non-debugging environment > Only works if you know the execution environment (we do) > Tools: DexGuard Enterprise, Arxan
COUNTERMEASURES – Code/String Encryption
COUNTERMEASURES – Code/String Encryption Packers Stub Application Hidden Encrypted Code Stub Application Decrypted Code Static Dynamic Execution
COUNTERMEASURES – Code/String Encryption Packers (Bangcle, Pangxie) > Static analysis is hard > Code can still be dumped from memory after unpacking on runtime > Slows attacker down > Tools: DexGuard, Arxan, Stringer, Allatori
COUNTERMEASURES – Code Guards > Inject guards in bytecode > Protect and check program flow > Re-initialize critical values > Detect hooks > Check signature > Check app checksum > Tool: Arxan
COUNTERMEASURES – Conclusion > Security should be a requirement in SDLC > Work towards thin Android apps > Business critical code on server > Deploy countermeasures to slow down RE
YOUR AVATAR or YOUR PHOTO Dario Incalza Application Security Engineering Analyst LSEC – Leaders in Security @h4oxer Thank you! droidcon Greece Thessaloniki

Recomendados

Reverse engineering android apps
Reverse engineering android appsReverse engineering android apps
Reverse engineering android appsPranay Airan
 
Steelcon 2015 Reverse-Engineering Obfuscated Android Applications
Steelcon 2015 Reverse-Engineering Obfuscated Android ApplicationsSteelcon 2015 Reverse-Engineering Obfuscated Android Applications
Steelcon 2015 Reverse-Engineering Obfuscated Android ApplicationsTom Keetch
 
Practice of Android Reverse Engineering
Practice of Android Reverse EngineeringPractice of Android Reverse Engineering
Practice of Android Reverse EngineeringNational Cheng Kung University
 
Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Internet Security Auditors
 
Reverse Engineering Android Application
Reverse Engineering Android ApplicationReverse Engineering Android Application
Reverse Engineering Android Applicationn|u - The Open Security Community
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeMário Almeida
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Dasnullowaspmumbai
 
How to reverse engineer Android applications
How to reverse engineer Android applicationsHow to reverse engineer Android applications
How to reverse engineer Android applicationshubx
 

Recomendados

Reverse engineering android apps
Reverse engineering android appsReverse engineering android apps
Reverse engineering android appsPranay Airan
 
Steelcon 2015 Reverse-Engineering Obfuscated Android Applications
Steelcon 2015 Reverse-Engineering Obfuscated Android ApplicationsSteelcon 2015 Reverse-Engineering Obfuscated Android Applications
Steelcon 2015 Reverse-Engineering Obfuscated Android ApplicationsTom Keetch
 
Practice of Android Reverse Engineering
Practice of Android Reverse EngineeringPractice of Android Reverse Engineering
Practice of Android Reverse EngineeringNational Cheng Kung University
 
Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Internet Security Auditors
 
Reverse Engineering Android Application
Reverse Engineering Android ApplicationReverse Engineering Android Application
Reverse Engineering Android Applicationn|u - The Open Security Community
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeMário Almeida
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Dasnullowaspmumbai
 
How to reverse engineer Android applications
How to reverse engineer Android applicationsHow to reverse engineer Android applications
How to reverse engineer Android applicationshubx
 
Improving DroidBox
Improving DroidBoxImproving DroidBox
Improving DroidBoxKelwin Yang
 
IEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationIEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationRufatet Babakishiyev
 
Introduction to Dynamic Analysis of Android Application
Introduction to Dynamic Analysis of Android ApplicationIntroduction to Dynamic Analysis of Android Application
Introduction to Dynamic Analysis of Android ApplicationKelwin Yang
 
Toward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malwareToward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malwareZongXian Shen
 
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ZongXian Shen
 
Core Android
Core AndroidCore Android
Core AndroidDominik Helleberg
 
Inside Android's Dalvik VM - NEJUG Nov 2011
Inside Android's Dalvik VM - NEJUG Nov 2011Inside Android's Dalvik VM - NEJUG Nov 2011
Inside Android's Dalvik VM - NEJUG Nov 2011Doug Hawkins
 
Pjproject su Android: uno scontro su più livelli
Pjproject su Android: uno scontro su più livelliPjproject su Android: uno scontro su più livelli
Pjproject su Android: uno scontro su più livelliGiacomo Bergami
 
How to implement a simple dalvik virtual machine
How to implement a simple dalvik virtual machineHow to implement a simple dalvik virtual machine
How to implement a simple dalvik virtual machineChun-Yu Wang
 
Writing Android Libraries
Writing Android LibrariesWriting Android Libraries
Writing Android Librariesemanuelez
 
Breaking iOS Apps using Cycript
Breaking iOS Apps using CycriptBreaking iOS Apps using Cycript
Breaking iOS Apps using Cycriptn|u - The Open Security Community
 
Applied Computer Science Concepts in Android
Applied Computer Science Concepts in AndroidApplied Computer Science Concepts in Android
Applied Computer Science Concepts in AndroidNational Cheng Kung University
 
(CISC 2013) Real-Time Record and Replay on Android for Malware Analysis
(CISC 2013) Real-Time Record and Replay on Android for Malware Analysis(CISC 2013) Real-Time Record and Replay on Android for Malware Analysis
(CISC 2013) Real-Time Record and Replay on Android for Malware AnalysisZongXian Shen
 
Antelink Project, OW2con11, Nov 24-25, Paris
Antelink Project, OW2con11, Nov 24-25, ParisAntelink Project, OW2con11, Nov 24-25, Paris
Antelink Project, OW2con11, Nov 24-25, ParisOW2
 
Testes de aceitação com o Concordion
Testes de aceitação com o ConcordionTestes de aceitação com o Concordion
Testes de aceitação com o ConcordionAlabê Duarte
 
Android Developer Meetup
Android Developer MeetupAndroid Developer Meetup
Android Developer MeetupMedialets
 
Android Native Development Kit
Android Native Development KitAndroid Native Development Kit
Android Native Development KitPeter R. Egli
 
[DOC] Java - Code Analysis using SonarQube
[DOC] Java - Code Analysis using SonarQube[DOC] Java - Code Analysis using SonarQube
[DOC] Java - Code Analysis using SonarQubeAngelin R
 
Prior programming experience track
Prior programming experience trackPrior programming experience track
Prior programming experience trackAshwinRaj57
 
LinkedIn - Disassembling Dalvik Bytecode
LinkedIn - Disassembling Dalvik BytecodeLinkedIn - Disassembling Dalvik Bytecode
LinkedIn - Disassembling Dalvik BytecodeAlain Leon
 
Como ser um Hacker Ético Profissional
Como ser um Hacker Ético ProfissionalComo ser um Hacker Ético Profissional
Como ser um Hacker Ético ProfissionalStrong Security Brasil
 
Oracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesOracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesBrian Huff
 

Mais conteúdo relacionado

Mais procurados

Improving DroidBox
Improving DroidBoxImproving DroidBox
Improving DroidBoxKelwin Yang
 
IEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationIEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationRufatet Babakishiyev
 
Introduction to Dynamic Analysis of Android Application
Introduction to Dynamic Analysis of Android ApplicationIntroduction to Dynamic Analysis of Android Application
Introduction to Dynamic Analysis of Android ApplicationKelwin Yang
 
Toward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malwareToward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malwareZongXian Shen
 
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ZongXian Shen
 
Inside Android's Dalvik VM - NEJUG Nov 2011
Inside Android's Dalvik VM - NEJUG Nov 2011Inside Android's Dalvik VM - NEJUG Nov 2011
Inside Android's Dalvik VM - NEJUG Nov 2011Doug Hawkins
 
Pjproject su Android: uno scontro su più livelli
Pjproject su Android: uno scontro su più livelliPjproject su Android: uno scontro su più livelli
Pjproject su Android: uno scontro su più livelliGiacomo Bergami
 
How to implement a simple dalvik virtual machine
How to implement a simple dalvik virtual machineHow to implement a simple dalvik virtual machine
How to implement a simple dalvik virtual machineChun-Yu Wang
 
Writing Android Libraries
Writing Android LibrariesWriting Android Libraries
Writing Android Librariesemanuelez
 
(CISC 2013) Real-Time Record and Replay on Android for Malware Analysis
(CISC 2013) Real-Time Record and Replay on Android for Malware Analysis(CISC 2013) Real-Time Record and Replay on Android for Malware Analysis
(CISC 2013) Real-Time Record and Replay on Android for Malware AnalysisZongXian Shen
 
Antelink Project, OW2con11, Nov 24-25, Paris
Antelink Project, OW2con11, Nov 24-25, ParisAntelink Project, OW2con11, Nov 24-25, Paris
Antelink Project, OW2con11, Nov 24-25, ParisOW2
 
Testes de aceitação com o Concordion
Testes de aceitação com o ConcordionTestes de aceitação com o Concordion
Testes de aceitação com o ConcordionAlabê Duarte
 
Android Developer Meetup
Android Developer MeetupAndroid Developer Meetup
Android Developer MeetupMedialets
 
Android Native Development Kit
Android Native Development KitAndroid Native Development Kit
Android Native Development KitPeter R. Egli
 
[DOC] Java - Code Analysis using SonarQube
[DOC] Java - Code Analysis using SonarQube[DOC] Java - Code Analysis using SonarQube
[DOC] Java - Code Analysis using SonarQubeAngelin R
 
Prior programming experience track
Prior programming experience trackPrior programming experience track
Prior programming experience trackAshwinRaj57
 
LinkedIn - Disassembling Dalvik Bytecode
LinkedIn - Disassembling Dalvik BytecodeLinkedIn - Disassembling Dalvik Bytecode
LinkedIn - Disassembling Dalvik BytecodeAlain Leon
 

Mais procurados (20)

Improving DroidBox
Improving DroidBoxImproving DroidBox
Improving DroidBox
 
IEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationIEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android Application
 
Introduction to Dynamic Analysis of Android Application
Introduction to Dynamic Analysis of Android ApplicationIntroduction to Dynamic Analysis of Android Application
Introduction to Dynamic Analysis of Android Application
 
Toward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malwareToward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malware
 
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
 
Core Android
Core AndroidCore Android
Core Android
 
Inside Android's Dalvik VM - NEJUG Nov 2011
Inside Android's Dalvik VM - NEJUG Nov 2011Inside Android's Dalvik VM - NEJUG Nov 2011
Inside Android's Dalvik VM - NEJUG Nov 2011
 
Pjproject su Android: uno scontro su più livelli
Pjproject su Android: uno scontro su più livelliPjproject su Android: uno scontro su più livelli
Pjproject su Android: uno scontro su più livelli
 
How to implement a simple dalvik virtual machine
How to implement a simple dalvik virtual machineHow to implement a simple dalvik virtual machine
How to implement a simple dalvik virtual machine
 
Writing Android Libraries
Writing Android LibrariesWriting Android Libraries
Writing Android Libraries
 
Breaking iOS Apps using Cycript
Breaking iOS Apps using CycriptBreaking iOS Apps using Cycript
Breaking iOS Apps using Cycript
 
Applied Computer Science Concepts in Android
Applied Computer Science Concepts in AndroidApplied Computer Science Concepts in Android
Applied Computer Science Concepts in Android
 
(CISC 2013) Real-Time Record and Replay on Android for Malware Analysis
(CISC 2013) Real-Time Record and Replay on Android for Malware Analysis(CISC 2013) Real-Time Record and Replay on Android for Malware Analysis
(CISC 2013) Real-Time Record and Replay on Android for Malware Analysis
 
Antelink Project, OW2con11, Nov 24-25, Paris
Antelink Project, OW2con11, Nov 24-25, ParisAntelink Project, OW2con11, Nov 24-25, Paris
Antelink Project, OW2con11, Nov 24-25, Paris
 
Testes de aceitação com o Concordion
Testes de aceitação com o ConcordionTestes de aceitação com o Concordion
Testes de aceitação com o Concordion
 
Android Developer Meetup
Android Developer MeetupAndroid Developer Meetup
Android Developer Meetup
 
Android Native Development Kit
Android Native Development KitAndroid Native Development Kit
Android Native Development Kit
 
[DOC] Java - Code Analysis using SonarQube
[DOC] Java - Code Analysis using SonarQube[DOC] Java - Code Analysis using SonarQube
[DOC] Java - Code Analysis using SonarQube
 
Prior programming experience track
Prior programming experience trackPrior programming experience track
Prior programming experience track
 
LinkedIn - Disassembling Dalvik Bytecode
LinkedIn - Disassembling Dalvik BytecodeLinkedIn - Disassembling Dalvik Bytecode
LinkedIn - Disassembling Dalvik Bytecode
 

Destaque

Como ser um Hacker Ético Profissional
Como ser um Hacker Ético ProfissionalComo ser um Hacker Ético Profissional
Como ser um Hacker Ético ProfissionalStrong Security Brasil
 
Oracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesOracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesBrian Huff
 
Patent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction DesignPatent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction DesignYosuke Sakai
 
Brigadeiro Engº VenâNcio Alvarenga Gomes
Brigadeiro Engº VenâNcio Alvarenga GomesBrigadeiro Engº VenâNcio Alvarenga Gomes
Brigadeiro Engº VenâNcio Alvarenga GomesLuis Nassif
 
Apresentação Cyberpunk
Apresentação CyberpunkApresentação Cyberpunk
Apresentação CyberpunkOrlando Simões
 
Brigadeiro Engº VenâNcio Alvarenga Gomes
Brigadeiro Engº VenâNcio Alvarenga GomesBrigadeiro Engº VenâNcio Alvarenga Gomes
Brigadeiro Engº VenâNcio Alvarenga GomesLuis Nassif
 
Antivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and CountermeasuresAntivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and Countermeasuressecurityxploded
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresAirTight Networks
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Dstl Medical Countermeasures for Dangerous Pathogens
Dstl Medical Countermeasures for Dangerous PathogensDstl Medical Countermeasures for Dangerous Pathogens
Dstl Medical Countermeasures for Dangerous Pathogenswarwick_amr
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Jeremiah Grossman
 
VoIP: Attacks & Countermeasures in the Corporate World
VoIP: Attacks & Countermeasures in the Corporate WorldVoIP: Attacks & Countermeasures in the Corporate World
VoIP: Attacks & Countermeasures in the Corporate WorldJason Edelstein
 
Bone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
Bone Loss in Long-Duration Spaceflight: Measurements and CountermeasuresBone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
Bone Loss in Long-Duration Spaceflight: Measurements and CountermeasuresAmerican Astronautical Society
 
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011International Atomic Energy Agency
 
Cehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hackingCehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hackingpolichen
 
Penetration Test (Teste de invasão) – Saiba como ser um Hacker ético na pratica
Penetration Test (Teste de invasão) – Saiba como ser um Hacker ético na praticaPenetration Test (Teste de invasão) – Saiba como ser um Hacker ético na pratica
Penetration Test (Teste de invasão) – Saiba como ser um Hacker ético na praticaCampus Party Brasil
 

Destaque (20)

Como ser um Hacker Ético Profissional
Como ser um Hacker Ético ProfissionalComo ser um Hacker Ético Profissional
Como ser um Hacker Ético Profissional
 
Oracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesOracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best Practices
 
Patent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction DesignPatent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction Design
 
Apresenta cyber (2)
Apresenta cyber (2)Apresenta cyber (2)
Apresenta cyber (2)
 
Formulario 3C
Formulario 3CFormulario 3C
Formulario 3C
 
Brigadeiro Engº VenâNcio Alvarenga Gomes
Brigadeiro Engº VenâNcio Alvarenga GomesBrigadeiro Engº VenâNcio Alvarenga Gomes
Brigadeiro Engº VenâNcio Alvarenga Gomes
 
Apresentação Cyberpunk
Apresentação CyberpunkApresentação Cyberpunk
Apresentação Cyberpunk
 
Brigadeiro Engº VenâNcio Alvarenga Gomes
Brigadeiro Engº VenâNcio Alvarenga GomesBrigadeiro Engº VenâNcio Alvarenga Gomes
Brigadeiro Engº VenâNcio Alvarenga Gomes
 
Antivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and CountermeasuresAntivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and Countermeasures
 
Formulario 3C
Formulario 3CFormulario 3C
Formulario 3C
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Dstl Medical Countermeasures for Dangerous Pathogens
Dstl Medical Countermeasures for Dangerous PathogensDstl Medical Countermeasures for Dangerous Pathogens
Dstl Medical Countermeasures for Dangerous Pathogens
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
 
VoIP: Attacks & Countermeasures in the Corporate World
VoIP: Attacks & Countermeasures in the Corporate WorldVoIP: Attacks & Countermeasures in the Corporate World
VoIP: Attacks & Countermeasures in the Corporate World
 
Seminar Presentation
Seminar PresentationSeminar Presentation
Seminar Presentation
 
Bone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
Bone Loss in Long-Duration Spaceflight: Measurements and CountermeasuresBone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
Bone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
 
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
 
Cehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hackingCehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hacking
 
Penetration Test (Teste de invasão) – Saiba como ser um Hacker ético na pratica
Penetration Test (Teste de invasão) – Saiba como ser um Hacker ético na praticaPenetration Test (Teste de invasão) – Saiba como ser um Hacker ético na pratica
Penetration Test (Teste de invasão) – Saiba como ser um Hacker ético na pratica
 

Semelhante a Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and Tools

MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsRon Munitz
 
From Reversing to Exploitation
From Reversing to ExploitationFrom Reversing to Exploitation
From Reversing to ExploitationSatria Ady Pradana
 
From Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceFrom Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceSatria Ady Pradana
 
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingNull Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingRomansh Yadav
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration TestingStephan Chenette
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Stephan Chenette
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentestingMinali Arora
 
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014viaForensics
 
Getting started with android
Getting started with androidGetting started with android
Getting started with androidVandana Verma
 
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...Hafez Kamal
 
михаил дударев
михаил дударевмихаил дударев
михаил дударевapps4allru
 
Manish Chasta - Securing Android Applications
Manish Chasta - Securing Android ApplicationsManish Chasta - Securing Android Applications
Manish Chasta - Securing Android ApplicationsPositive Hack Days
 
Android security by ravi-rai
Android security by ravi-raiAndroid security by ravi-rai
Android security by ravi-raiRavi Rai
 
Fabrizio Cornelli - Securing Android Apps by Reversing - Codemotion Milan 2018
Fabrizio Cornelli - Securing Android Apps by Reversing - Codemotion Milan 2018Fabrizio Cornelli - Securing Android Apps by Reversing - Codemotion Milan 2018
Fabrizio Cornelli - Securing Android Apps by Reversing - Codemotion Milan 2018Codemotion
 
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...Area41
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Androidsecurityxploded
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022lior mazor
 
Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)ClubHack
 
Null mumbai-Android-Insecure-Data-Storage-Exploitation
Null mumbai-Android-Insecure-Data-Storage-ExploitationNull mumbai-Android-Insecure-Data-Storage-Exploitation
Null mumbai-Android-Insecure-Data-Storage-ExploitationNitesh Malviya
 

Semelhante a Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and Tools (20)

MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android Apps
 
From Reversing to Exploitation
From Reversing to ExploitationFrom Reversing to Exploitation
From Reversing to Exploitation
 
Dissecting Android APK
Dissecting Android APKDissecting Android APK
Dissecting Android APK
 
From Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceFrom Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in Essence
 
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingNull Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentesting
 
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
 
Getting started with android
Getting started with androidGetting started with android
Getting started with android
 
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
 
михаил дударев
михаил дударевмихаил дударев
михаил дударев
 
Manish Chasta - Securing Android Applications
Manish Chasta - Securing Android ApplicationsManish Chasta - Securing Android Applications
Manish Chasta - Securing Android Applications
 
Android security by ravi-rai
Android security by ravi-raiAndroid security by ravi-rai
Android security by ravi-rai
 
Fabrizio Cornelli - Securing Android Apps by Reversing - Codemotion Milan 2018
Fabrizio Cornelli - Securing Android Apps by Reversing - Codemotion Milan 2018Fabrizio Cornelli - Securing Android Apps by Reversing - Codemotion Milan 2018
Fabrizio Cornelli - Securing Android Apps by Reversing - Codemotion Milan 2018
 
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Android
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
 
Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)
 
Null mumbai-Android-Insecure-Data-Storage-Exploitation
Null mumbai-Android-Insecure-Data-Storage-ExploitationNull mumbai-Android-Insecure-Data-Storage-Exploitation
Null mumbai-Android-Insecure-Data-Storage-Exploitation
 

Último

Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 

Último (20)

Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 

Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and Tools

  • 1. 10-12 September 2015 droidcon Greece Thessaloniki
  • 2. Reverse Engineering in Android Countermeasures and Tools
  • 3. > Dario Incalza (@h4oxer) > Application Security Engineering Analyst > Android Developer $ whoami
  • 4. CONTENTS > Motivation > Android App Anatomy and Building Process > Reverse Engineering > Tools with Use Case > Countermeasures
  • 5. > Good Guys: > Understand Malware > Security Research > Bad Guys: > Piracy > Steal Intellectual Property > Introduce backdoors MOTIVATION
  • 6. > Law is a gray area! > Depends on country > Depends on purpose (i.e. achieve interoperability) > End User License Agreement (EULA) > Takes away all doubt > Almost always illegal > For educational purposes ;-) IS IT LEGAL?
  • 7. CONTENTS > Motivation > Android App Anatomy and Building Process > Reverse Engineering > Tools with Use Case > Countermeasures
  • 8. Android Application Anatomy .zip file Android Package (.apk) classes.dex resources. arsc Compiled resources Dalvik byte code AndroidManifest.xml Binary version of AndroidManifest.xml uncompiled resources Native Libraries Third-party .so libraries
  • 10. > classes.dex is executed > Dalvik <-> ART (since Android 4.4) > Optimize code for execution > Dalvik: Just-in-Time (JIT) > ART : Ahead-of-Time (AOT) Application Execution
  • 12. CONTENTS > Motivation > Android App Anatomy and Building Process > Reverse Engineering > Tools with Use Case > Countermeasures
  • 14. Reverse Engineering – Dalvik ByteCode RE Tools Dalvik ByteCode Java Code Smali/Jasmin
  • 15. Reverse Engineering – Smali RE Tools Dalvik ByteCode Java Code Smali/Jasmin
  • 16. Reverse Engineering RE Tools Smali/Jasmin Native Code To which format do I RE the .APK? > Depends on what you want to achieve > Understanding internal mechanisms => Java Code > Instrumenting apps => Dalvik/Smali Bytecode/Jasmin > Native libraries => RE the .so library to native code Usually a combination of all
  • 17. Reverse Engineering RE Tools Smali/Jasmin Native Code RE Java Code Information < Original Java Code Information Reason: Information loss when building classes.dex from .class Consequence: Impossible to rebuild RE Java Code, use Dalvik Byte Code format instead
  • 18. Reverse Engineering RE Tools Smali/Jasmin Native Code How does a regular RE process looks like?
  • 19. Reverse Engineering – First Step: Objectives RE Tools Smali/Jasmin Native Code Who wrote the app? What permissions does it use and why does it need them? Is it using crypto, if so, what is it encrypting? Is it using reflection, if so, why is it using reflection? Is it using dynamic bytecode loading, if so why is it using it? Is it using obfuscation? Is it malware?
  • 20. Reverse Engineering – Second Step: Info gathering RE Tools Smali/Jasmin Native Code > Don’t jump to looking at code in the wild! > app name, icon, activities, receivers, services, permissions, intents (AndroidManifest.xml) > strings.xml > native .so libraries > signature of the app
  • 21. Reverse Engineering – Third Step: Hacking Time RE Tools Smali/Jasmin Native Code Now experience comes into play > decompile classes.dex or .so libraries > Find entry-points > Search for dynamic bytecode loading, permission usage, reflection, crypto code
  • 22. CONTENTS > Motivation > Android App Anatomy and Building Process > Reverse Engineering > Tools with Use Case > Countermeasures
  • 23. Use Case RE Tools Smali/Jasmin Native Code AnserverBot Trojan (August 2011 - Yajin Zhou, Xuxian Jiang )
  • 24. Use Case - AnserverBot Trojan RE Tools Smali/Jasmin Native Code Dynamic Bytecode Loading Reflection C&C ServerAggressive Obfuscation
  • 25. Use Case - AnserverBot Trojan RE Tools Smali/Jasmin Native Code Background Service Dynamically Loaded
  • 26. Use Case - AnserverBot Trojan $ unzip anserverbot_sample.apk $ cd assets Payload A Payload B
  • 27. Use Case - APKTool $ apktool d anserverbot_sample.apk
  • 28. Use Case - AnserverBot Trojan - AndroidManifest SUSPICIOUS
  • 29. Use Case - AnserverBot Trojan - AndroidManifest SUSPICIOUS
  • 30. Use Case - AnserverBot Trojan - Payloads Anservera.db and Anserverb.db are not database files. Zip archives? => Android apps
  • 31. Use Case - AnserverBot Trojan - Payloads $ apktool d anservera.db
  • 32. Use Case - AnserverBot Trojan – Dynamic Bytecode Loading Payloads == Android code => Dynamic Bytecode loading! Use ARES (Android Reverse Engineering Suite) or Androguard!
  • 33. Use Case - AnserverBot Trojan - ARES Payload A uses Dynamic Bytecode Loading AND Reflection
  • 34. Use Case - AnserverBot Trojan - ARES Lcom/sec/android/providers/ drm/Style -> a() Lcom/sec/android/providers/ drm/Style -> b() Lcom/sec/android/providers/ drm/Style -> c()
  • 35. Use Case - AnserverBot Trojan Next steps: > Look at the methods a(), b() and c() > You’ll see obfuscation and encryption > Use symbolic execution to get rid off encryption > I.e. Simplify
  • 36. Use Case – Simplify “ If an app's strings are encrypted, Simplify will interpret the app in its own virtual machine to determine semantics. Then, it uses the apps own code to decrypt the strings and replaces the encrypted strings and the decryption method calls with the decrypted versions.” https://github.com/CalebFenton/simplify
  • 37. Use Case – Anserverbot Trojan – C&C Command & Control (Phone Home) Goal: Keep control, update payloads and push back info Server addresses are hardcoded but encrypted > Custom Base64 encryption What to do?
  • 38. Use Case – Decompile with Simplify Smali from APK Simplify Smali Files Classes.dex JAR dex2jar JAD Eliminates useless code, encryption, makes code more readable
  • 39. Summary Tools Androguard: Reverse Engineering API written in Python, comes with a shell ARES: Android Reverse Engineering Suite, build on Androguard Simplify: Symbolic code executioner, rewrites code to simplify and eliminate encryption, dead/useless code. DEX2JAR/DEX2JASMIN/DEX2SMALI: Transform classes.dex to intermediate code
  • 40. Summary Tools JEB: Android Reverse Engineering Suite (Commercial) Radare: Reverse Engineering Tool, Android support APKTool: Automate decompilation of resources and classes.dex to smali APKStudio: An IDE for decompiling/editing & then recompiling of android application binaries.
  • 41. CONTENTS > Motivation > Android App Anatomy and Building Process > Reverse Engineering > Tools with Use Case > Countermeasures
  • 42. COUNTERMEASURES How to protect your code once it is distributed? No silver bullet =(
  • 43. COUNTERMEASURES > Tamper detection > Dynamic Bytecode Loading > Obfuscation > Anti-debugging > Code/String Encryption > Code Guards
  • 44. COUNTERMEASURES – TAMPER DETECTION > Detect app modification/repacking > APKTool makes it easy to repack > What if we could detect rebuild/recompilation/repackaging? Source: BlueBox Security
  • 45. COUNTERMEASURES – TAMPER DETECTION Idea: Use the AndroidManifest.xml > Purpose: provide metadata: permissions, activities, services, etc. > Compiled to binary format in APK > During build: text => binary (aapt) > What about binary to text? (apktool)
  • 46. COUNTERMEASURES – TAMPER DETECTION > When parsed by Android, attributes are identified according to an id: <public type="attr" name="name" id="0x01010003" /> > Inject a “name” attribute into <application> with an unknown id, Android will not recognize it as a name attribute.
  • 47. COUNTERMEASURES – TAMPER DETECTION > Result: Android will parse manifest just fine, APKTool will include a proper “name” attribute when rebuilding APK > Executing a rebuild APK with APKTool will execute the injected name (i.e. detect.class) and thus trigger an alarm
  • 48. COUNTERMEASURES – TAMPER DETECTION <application> <activity android:name= "com.example.manifestexample.MainActivity"> <intent−filter> <action android:name= "android.intent.action.MAIN" / > </intent−filter > </activity> </application> < application android.name=“detect.class”>
  • 49. COUNTERMEASURES – Dynamic Bytecode Loading > Code that is not statically available cannot be RE > Use Dynamic Bytecode Loading for critical code > Ship code as encrypted asset > Attack: dump code from memory > Tool: DABiB – Dynamic Android Binary Debugger
  • 50. COUNTERMEASURES – Obfuscation > Idea: transform source or byte code to human unreadable but semantically equivalent code > Inject useless code > Disrupt call graph flow by using reflection and dynamic bytecode loading > Encrypt assets and libraries > Class/String Encryption
  • 51. COUNTERMEASURES – Obfuscation > Tools: ProGuard/DexGuard, Arxan, DashO, Allatori, Stringer > Attack: Decompile code and start with entry-point, refactor through code, use Simplify
  • 52. COUNTERMEASURES – ANTI-DEBUGGING > Idea: detect debugging environment > Different behavior than in non-debugging environment > Only works if you know the execution environment (we do) > Tools: DexGuard Enterprise, Arxan
  • 54. COUNTERMEASURES – Code/String Encryption Packers Stub Application Hidden Encrypted Code Stub Application Decrypted Code Static Dynamic Execution
  • 55. COUNTERMEASURES – Code/String Encryption Packers (Bangcle, Pangxie) > Static analysis is hard > Code can still be dumped from memory after unpacking on runtime > Slows attacker down > Tools: DexGuard, Arxan, Stringer, Allatori
  • 56. COUNTERMEASURES – Code Guards > Inject guards in bytecode > Protect and check program flow > Re-initialize critical values > Detect hooks > Check signature > Check app checksum > Tool: Arxan
  • 57. COUNTERMEASURES – Conclusion > Security should be a requirement in SDLC > Work towards thin Android apps > Business critical code on server > Deploy countermeasures to slow down RE
  • 58. YOUR AVATAR or YOUR PHOTO Dario Incalza Application Security Engineering Analyst LSEC – Leaders in Security @h4oxer Thank you! droidcon Greece Thessaloniki