SlideShare une entreprise Scribd logo

Code Obfuscation for Android & WP7

Télécharger en tant que PPTX, PDF
Jeff Bollinger
Jeff Bollinger

Code Obfuscation slide deck from 9/1/2011 Mobile St. Cloud meeting.

Technologie
1  sur  31
Code ObfuscationAndroid and Windows Phone 7 Mobile St. Cloud
What is it? Code obfuscation is the process of making code difficult to understand. It helps in discouraging an unauthorized person from reverse engineering an application to get access to its code without the permission of the author.
What it is not? It is not a way to prevent reverse engineering of code
Why should you consider it? It is very easy to view code that is not obfuscated Nothing stands in between attacker and code
Talk layout Android Reverse engineering obfuscation Inspect obfuscated code Windows Phone 7 Reverse engineering obfuscation Inspect obfuscated code
Android app reverse engineering To view code in an Android app .apk-> .dex-> .jar -> code .apk: App package (xml, images… everything) .dex: dalvik executable (code)
Android app reverse engineering cont’d Using Dex2jar + jd-gui Unzip the .apk file to get .dex Use Dex2jar to get .jar from .dexfile Unzip and use in command line dex2jar.bat <.dex file> Use jd-guito view code from .jar file Unzip and run exe
Android app reverse engineering cont’d
Dex2Jar +jd-gui Example
Android Code Obfuscation ProGuard The standard tool recommended by Android Optional but highly recommended Features Shrinks Optimizes Obfuscates You get Smaller size .apk file App difficult to reverse engineer
Android Code Obfuscation cont’d Integrated into Android build system Runs only when the app is built in release mode
ProGuard usage Enable Make an entry for proguard.config file path in default.properties relative/absolute Can move proguard.config and use relative path In project root directoryby default
ProGuard usage cont’d Building Build in release mode Turn off debugging. Set android:debuggable=”false” in AndroidManifest.xml in application tag Export apkfile (Eclipse) File -> Export -> Export Android Application Select the project to be exported Select a keystore All fields required Enter key details First five fields required
ProGuard usage cont’d
ProGuardusage cont’d
ProGuard obfuscation example
Inspect ProGuard obfuscation Verify promised features of ProGuard Size Optimization Obfuscation
ProGuard settings There are some custom settings available If a class is only referenced in the Manifest file, ProGuard will not see it keep public class <YourClassName>
WP7 reverse engineering To view code in a WP7 app xap -> .dll -> code .xap: App package (images… everything) .dll: windows dll
WP7 reverse engineering cont’d Using JustDecompile (telerik) – Free Shows each property and method separately Class only shows method signatures Just fire up and open dll
WP7 reverse engineering cont’d
JustDecompile example
WP7 reverse engineering cont’d Using dotPeek (JetBrains) – Free Was still in beta till recently Just unzip the tool, like Eclipse Opens up entire class, not separate entries for methods and properties
WP7 reverse engineering cont’d
dotPeek example
WP7 reverse engineering cont’d Other tools .Net Reflector (redgate) – Paid Used to be free but not anymore
WP7 Code Obfuscation Dotfuscator (Preemptive Solutions) The standard tool recommended by Microsoft Obfuscation features Renaming Control flow String encryption Not just an obfuscation tool, does instrumentation too Lets you view how your app is being used
Dotfuscator usage Download the installer Requires registration Will ask you to enter unique company name Suggests use your name if you have no company URL http://www.preemptive.com/windowsphone7.html
Dotfuscator usage cont’d Fire up Dotfuscator exe File -> New Project Open .xap file to obfuscate Add new input file (folder icon) Select the .xap to obfuscate Package artifacts will not be obfuscated
Dotfuscator obfuscation example
Thank you Me Osman Syed Meer Linked in Twitter (osmanmeer)

Recommandé

Blink downcast helpers
Blink downcast helpersBlink downcast helpers
Blink downcast helpers
Abhijeet Kandalkar
 
Rock Your Code With Code Contracts -2013
Rock Your Code With Code Contracts -2013Rock Your Code With Code Contracts -2013
Rock Your Code With Code Contracts -2013
David McCarter
 
Back-2-Basics: Exception & Event Instrumentation in .NET
Back-2-Basics: Exception & Event Instrumentation in .NETBack-2-Basics: Exception & Event Instrumentation in .NET
Back-2-Basics: Exception & Event Instrumentation in .NET
David McCarter
 
Webinar on Google Android SDK
Webinar on Google Android SDKWebinar on Google Android SDK
Webinar on Google Android SDK
Schogini Systems Pvt Ltd
 
Throwing Laravel into your Legacy App™
Throwing Laravel into your Legacy App™Throwing Laravel into your Legacy App™
Throwing Laravel into your Legacy App™
Joe Ferguson
 
Automatic Test 2019-07-25
Automatic Test 2019-07-25Automatic Test 2019-07-25
Automatic Test 2019-07-25
FedericoGuerinoni
 
I++ unit testing
I++ unit testingI++ unit testing
I++ unit testing
Gil Zilberfeld
 
Checkstyle wikipedia
Checkstyle wikipediaCheckstyle wikipedia
Checkstyle wikipedia
Thiago Souto Mendes
 

Recommandé

Blink downcast helpers
Blink downcast helpersBlink downcast helpers
Blink downcast helpers
Abhijeet Kandalkar
 
Rock Your Code With Code Contracts -2013
Rock Your Code With Code Contracts -2013Rock Your Code With Code Contracts -2013
Rock Your Code With Code Contracts -2013
David McCarter
 
Back-2-Basics: Exception & Event Instrumentation in .NET
Back-2-Basics: Exception & Event Instrumentation in .NETBack-2-Basics: Exception & Event Instrumentation in .NET
Back-2-Basics: Exception & Event Instrumentation in .NET
David McCarter
 
Webinar on Google Android SDK
Webinar on Google Android SDKWebinar on Google Android SDK
Webinar on Google Android SDK
Schogini Systems Pvt Ltd
 
Throwing Laravel into your Legacy App™
Throwing Laravel into your Legacy App™Throwing Laravel into your Legacy App™
Throwing Laravel into your Legacy App™
Joe Ferguson
 
Automatic Test 2019-07-25
Automatic Test 2019-07-25Automatic Test 2019-07-25
Automatic Test 2019-07-25
FedericoGuerinoni
 
I++ unit testing
I++ unit testingI++ unit testing
I++ unit testing
Gil Zilberfeld
 
Checkstyle wikipedia
Checkstyle wikipediaCheckstyle wikipedia
Checkstyle wikipedia
Thiago Souto Mendes
 
Code Clone Detection in Visual Studio 2012
Code Clone Detection in Visual Studio 2012Code Clone Detection in Visual Studio 2012
Code Clone Detection in Visual Studio 2012
Suhail Jamaldeen
 
Mocking vtcc3 - en
Mocking vtcc3 - enMocking vtcc3 - en
Mocking vtcc3 - en
vgrondin
 
FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09
Pyxis Technologies
 
New Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning RoslynNew Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning Roslyn
PVS-Studio
 
Code review best practice
Code review best practiceCode review best practice
Code review best practice
Oren Digmi
 
Test Driven Development - Overview and Adoption
Test Driven Development - Overview and AdoptionTest Driven Development - Overview and Adoption
Test Driven Development - Overview and Adoption
Pyxis Technologies
 
Tdd in php a brief example
Tdd in php a brief exampleTdd in php a brief example
Tdd in php a brief example
Jeremy Kendall
 
10 Things You Probably Should Have Learned With Your Computer Science Degree....
10 Things You Probably Should Have Learned With Your Computer Science Degree....10 Things You Probably Should Have Learned With Your Computer Science Degree....
10 Things You Probably Should Have Learned With Your Computer Science Degree....
New Relic
 
Zero to Zend Framework in 10 minutes
Zero to Zend Framework in 10 minutesZero to Zend Framework in 10 minutes
Zero to Zend Framework in 10 minutes
Jeremy Kendall
 
TDD in PHP - Memphis PHP 2011-08-25
TDD in PHP - Memphis PHP 2011-08-25TDD in PHP - Memphis PHP 2011-08-25
TDD in PHP - Memphis PHP 2011-08-25
Jeremy Kendall
 
Sonarlint
SonarlintSonarlint
Sonarlint
penetration Tester
 
code documentation
code documentationcode documentation
code documentation
MADUABUM NNANNA
 
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Pavneet Singh Kochhar
 
Code Quality Management iOS
Code Quality Management iOSCode Quality Management iOS
Code Quality Management iOS
Arpit Kulsreshtha
 
Behaviour Driven Development with SpecFlow
Behaviour Driven Development with SpecFlowBehaviour Driven Development with SpecFlow
Behaviour Driven Development with SpecFlow
Pascal Laurin
 
NET Code Testing
NET Code TestingNET Code Testing
NET Code Testing
Kirill Miroshnichenko
 
Android Applications Introduction
Android Applications IntroductionAndroid Applications Introduction
Android Applications Introduction
Anjali Rao
 
A Brief Introduction to Zend_Form
A Brief Introduction to Zend_FormA Brief Introduction to Zend_Form
A Brief Introduction to Zend_Form
Jeremy Kendall
 
Study Jam: Android for Beginners, Summary
Study Jam: Android for Beginners, SummaryStudy Jam: Android for Beginners, Summary
Study Jam: Android for Beginners, Summary
Constantine Mars
 
Binary Studio Academy: .NET Code Testing
Binary Studio Academy: .NET Code TestingBinary Studio Academy: .NET Code Testing
Binary Studio Academy: .NET Code Testing
Binary Studio
 
MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android Apps
Ron Munitz
 
Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015
Licel
 

Contenu connexe

Tendances

Tdd in php a brief example
Tdd in php a brief exampleTdd in php a brief example
Tdd in php a brief example
Jeremy Kendall
 
Zero to Zend Framework in 10 minutes
Zero to Zend Framework in 10 minutesZero to Zend Framework in 10 minutes
Zero to Zend Framework in 10 minutes
Jeremy Kendall
 
TDD in PHP - Memphis PHP 2011-08-25
TDD in PHP - Memphis PHP 2011-08-25TDD in PHP - Memphis PHP 2011-08-25
TDD in PHP - Memphis PHP 2011-08-25
Jeremy Kendall
 

Tendances (20)

Code Clone Detection in Visual Studio 2012
Code Clone Detection in Visual Studio 2012Code Clone Detection in Visual Studio 2012
Code Clone Detection in Visual Studio 2012
 
Mocking vtcc3 - en
Mocking vtcc3 - enMocking vtcc3 - en
Mocking vtcc3 - en
 
FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09
 
New Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning RoslynNew Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning Roslyn
 
Code review best practice
Code review best practiceCode review best practice
Code review best practice
 
Test Driven Development - Overview and Adoption
Test Driven Development - Overview and AdoptionTest Driven Development - Overview and Adoption
Test Driven Development - Overview and Adoption
 
Tdd in php a brief example
Tdd in php a brief exampleTdd in php a brief example
Tdd in php a brief example
 
10 Things You Probably Should Have Learned With Your Computer Science Degree....
10 Things You Probably Should Have Learned With Your Computer Science Degree....10 Things You Probably Should Have Learned With Your Computer Science Degree....
10 Things You Probably Should Have Learned With Your Computer Science Degree....
 
Zero to Zend Framework in 10 minutes
Zero to Zend Framework in 10 minutesZero to Zend Framework in 10 minutes
Zero to Zend Framework in 10 minutes
 
TDD in PHP - Memphis PHP 2011-08-25
TDD in PHP - Memphis PHP 2011-08-25TDD in PHP - Memphis PHP 2011-08-25
TDD in PHP - Memphis PHP 2011-08-25
 
Sonarlint
SonarlintSonarlint
Sonarlint
 
code documentation
code documentationcode documentation
code documentation
 
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
 
Code Quality Management iOS
Code Quality Management iOSCode Quality Management iOS
Code Quality Management iOS
 
Behaviour Driven Development with SpecFlow
Behaviour Driven Development with SpecFlowBehaviour Driven Development with SpecFlow
Behaviour Driven Development with SpecFlow
 
NET Code Testing
NET Code TestingNET Code Testing
NET Code Testing
 
Android Applications Introduction
Android Applications IntroductionAndroid Applications Introduction
Android Applications Introduction
 
A Brief Introduction to Zend_Form
A Brief Introduction to Zend_FormA Brief Introduction to Zend_Form
A Brief Introduction to Zend_Form
 
Study Jam: Android for Beginners, Summary
Study Jam: Android for Beginners, SummaryStudy Jam: Android for Beginners, Summary
Study Jam: Android for Beginners, Summary
 
Binary Studio Academy: .NET Code Testing
Binary Studio Academy: .NET Code TestingBinary Studio Academy: .NET Code Testing
Binary Studio Academy: .NET Code Testing
 

Similaire à Code Obfuscation for Android & WP7

Android SDK and PhoneGap
Android SDK and PhoneGapAndroid SDK and PhoneGap
Android SDK and PhoneGap
Doncho Minkov
 
Installing eclipse & sdk
Installing eclipse & sdkInstalling eclipse & sdk
Installing eclipse & sdk
Arun Kumar
 
Android presentation
Android presentationAndroid presentation
Android presentation
Imam Raza
 
Mobile Application Development-Lecture 03 & 04.pdf
Mobile Application Development-Lecture 03 & 04.pdfMobile Application Development-Lecture 03 & 04.pdf
Mobile Application Development-Lecture 03 & 04.pdf
AbdullahMunir32
 

Similaire à Code Obfuscation for Android & WP7 (20)

MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android Apps
 
Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
 
Creating the first app with android studio
Creating the first app with android studioCreating the first app with android studio
Creating the first app with android studio
 
Android SDK and PhoneGap
Android SDK and PhoneGapAndroid SDK and PhoneGap
Android SDK and PhoneGap
 
AN ANDROID APP FOR BUILDING STUDENT PROFILES
AN ANDROID APP FOR BUILDING STUDENT PROFILESAN ANDROID APP FOR BUILDING STUDENT PROFILES
AN ANDROID APP FOR BUILDING STUDENT PROFILES
 
Android Programming made easy
Android Programming made easyAndroid Programming made easy
Android Programming made easy
 
Android Development
Android DevelopmentAndroid Development
Android Development
 
1 introduction of android
1 introduction of android1 introduction of android
1 introduction of android
 
Android
AndroidAndroid
Android
 
Android_Studio_Structure.docx
Android_Studio_Structure.docxAndroid_Studio_Structure.docx
Android_Studio_Structure.docx
 
Installing eclipse & sdk
Installing eclipse & sdkInstalling eclipse & sdk
Installing eclipse & sdk
 
Android presentation
Android presentationAndroid presentation
Android presentation
 
Intro to Android Programming
Intro to Android ProgrammingIntro to Android Programming
Intro to Android Programming
 
Android
Android Android
Android
 
Android tutorial
Android tutorialAndroid tutorial
Android tutorial
 
Seminar on android app development
Seminar on android app developmentSeminar on android app development
Seminar on android app development
 
Questions About Android Application Development
Questions About Android Application DevelopmentQuestions About Android Application Development
Questions About Android Application Development
 
Mobile Application Development-Lecture 03 & 04.pdf
Mobile Application Development-Lecture 03 & 04.pdfMobile Application Development-Lecture 03 & 04.pdf
Mobile Application Development-Lecture 03 & 04.pdf
 
Bird.pdf
Bird.pdf Bird.pdf
Bird.pdf
 

Plus de Jeff Bollinger

Android Development with Flash Builder Burrito
Android Development with Flash Builder BurritoAndroid Development with Flash Builder Burrito
Android Development with Flash Builder Burrito
Jeff Bollinger
 
Agile Development at W3i
Agile Development at W3iAgile Development at W3i
Agile Development at W3i
Jeff Bollinger
 

Plus de Jeff Bollinger (7)

Minnebar 2013 - Scaling with Cassandra
Minnebar 2013 - Scaling with CassandraMinnebar 2013 - Scaling with Cassandra
Minnebar 2013 - Scaling with Cassandra
 
Mobile News Madness - March 2012
Mobile News Madness - March 2012Mobile News Madness - March 2012
Mobile News Madness - March 2012
 
Agile
AgileAgile
Agile
 
Android Development with Flash Builder Burrito
Android Development with Flash Builder BurritoAndroid Development with Flash Builder Burrito
Android Development with Flash Builder Burrito
 
Objective C for C# Developers
Objective C for C# DevelopersObjective C for C# Developers
Objective C for C# Developers
 
Mobile News Round Up
Mobile News Round UpMobile News Round Up
Mobile News Round Up
 
Agile Development at W3i
Agile Development at W3iAgile Development at W3i
Agile Development at W3i
 

Dernier

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Dernier (20)

Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Code Obfuscation for Android & WP7

  • 1. Code ObfuscationAndroid and Windows Phone 7 Mobile St. Cloud
  • 2. What is it? Code obfuscation is the process of making code difficult to understand. It helps in discouraging an unauthorized person from reverse engineering an application to get access to its code without the permission of the author.
  • 3. What it is not? It is not a way to prevent reverse engineering of code
  • 4. Why should you consider it? It is very easy to view code that is not obfuscated Nothing stands in between attacker and code
  • 5. Talk layout Android Reverse engineering obfuscation Inspect obfuscated code Windows Phone 7 Reverse engineering obfuscation Inspect obfuscated code
  • 6. Android app reverse engineering To view code in an Android app .apk-> .dex-> .jar -> code .apk: App package (xml, images… everything) .dex: dalvik executable (code)
  • 7. Android app reverse engineering cont’d Using Dex2jar + jd-gui Unzip the .apk file to get .dex Use Dex2jar to get .jar from .dexfile Unzip and use in command line dex2jar.bat <.dex file> Use jd-guito view code from .jar file Unzip and run exe
  • 8. Android app reverse engineering cont’d
  • 10. Android Code Obfuscation ProGuard The standard tool recommended by Android Optional but highly recommended Features Shrinks Optimizes Obfuscates You get Smaller size .apk file App difficult to reverse engineer
  • 11. Android Code Obfuscation cont’d Integrated into Android build system Runs only when the app is built in release mode
  • 12. ProGuard usage Enable Make an entry for proguard.config file path in default.properties relative/absolute Can move proguard.config and use relative path In project root directoryby default
  • 13. ProGuard usage cont’d Building Build in release mode Turn off debugging. Set android:debuggable=”false” in AndroidManifest.xml in application tag Export apkfile (Eclipse) File -> Export -> Export Android Application Select the project to be exported Select a keystore All fields required Enter key details First five fields required
  • 17. Inspect ProGuard obfuscation Verify promised features of ProGuard Size Optimization Obfuscation
  • 18. ProGuard settings There are some custom settings available If a class is only referenced in the Manifest file, ProGuard will not see it keep public class <YourClassName>
  • 19. WP7 reverse engineering To view code in a WP7 app xap -> .dll -> code .xap: App package (images… everything) .dll: windows dll
  • 20. WP7 reverse engineering cont’d Using JustDecompile (telerik) – Free Shows each property and method separately Class only shows method signatures Just fire up and open dll
  • 23. WP7 reverse engineering cont’d Using dotPeek (JetBrains) – Free Was still in beta till recently Just unzip the tool, like Eclipse Opens up entire class, not separate entries for methods and properties
  • 26. WP7 reverse engineering cont’d Other tools .Net Reflector (redgate) – Paid Used to be free but not anymore
  • 27. WP7 Code Obfuscation Dotfuscator (Preemptive Solutions) The standard tool recommended by Microsoft Obfuscation features Renaming Control flow String encryption Not just an obfuscation tool, does instrumentation too Lets you view how your app is being used
  • 28. Dotfuscator usage Download the installer Requires registration Will ask you to enter unique company name Suggests use your name if you have no company URL http://www.preemptive.com/windowsphone7.html
  • 29. Dotfuscator usage cont’d Fire up Dotfuscator exe File -> New Project Open .xap file to obfuscate Add new input file (folder icon) Select the .xap to obfuscate Package artifacts will not be obfuscated
  • 31. Thank you Me Osman Syed Meer Linked in Twitter (osmanmeer)