SlideShare une entreprise Scribd logo
1  sur  37
Télécharger pour lire hors ligne
DECOMPILING
ANDROID
Godfrey Nolan
1DevDay 11/5/11
Intro
• What is a Decompiler?
• Why Android?
• Decompilers
• Protect Yourself
• Raising the Bar
SPAM #1
What is a Decompiler
• Reverse Engineers apps into source code
• Many languages can be decompiled
  • Java, C#, VB.Net., Visual Basic
• Others can only be disassembled
  • C, C++, Objective-C
• Java and .Net particularly at risk
   • Because of JVM and CLR design
• Why use decompilers?
  • Curiosity, Hacking, Learning, Fair Use
Why Java
• Exploits JVM Design
 • Originally interpreted not compiled
 • Lots more symbolic information than binaries
 • Data and method separation
 • Simple classfile structure
 • Very few opcodes
Why Java
Why Java
  Classfile {
                int              magic,
                short            minor_version,
                short            major_version,
                short            constant_pool_count,
                cp_info          constant_pool[constant_pool_count],
                short            access_flags,
                short            this_class,
                short            super_class,
                short            interfaces_count,
                interface_info   interfaces[interfaces_count],
                short            fields_count,
                field_info       fields[field_count],
                short            methods_count,
                method_info      methods[methods_count],
                short            attribute_count,
                attr_info        attributes[attributes_count]
  }
Why Java
Why Android
• Client side code
• Easy access to apk’s
 • Download apk to sd card using Astro File Mgr
 • Download from xdadevelopers forum
 • Download using ‘adb pull’ on jailbroken phone
• Nobody is using obfuscation
   • 1 out of 20 apks downloaded were protected

• Easy to convert apk to Java to decompile
Why Android
Why Android


java –jar dex2jar.jar com.riis.mobile.apk
jd-gui com.riis.mobile.apk.dex2jar
Why Android

• Dex file
 • Different structure
 • Different opcodes
 • Register based not stack based
 • Multiple JVMs on device
Why Android
Why Android
Why not iPhone?
• Objective-C
 • Compiled not interpreted
 • Much less information
 • Fat binaries approach
• Can still be disassembled
 • strings and otool unix commands
 • Other tools like IDA Pro
Why Android
• Jailbreak/Root phone
 • Use Z4Root
 • Uses RageAgainstTheCage Trojan exploit
 • Not available on Android Marketplace ;-)
• Using Android SDK platform tools
 • Turn on USB debugging
 • Find apk using adb shell
 • Download using adb pull
Why Android
Why Android
• Even easier is the apk-tool
• Install APK-tool
 • Download apk
 • Right click
Decompilers
• Jive
• Mocha
• JAD
• SourceAgain
• JD-GUI
Possible Exploits
• Web Service API keys exposed
• Database logins
• Credit Card information
• Fake apps
Possible Exploits
Possible Exploits
Possible Exploits


public static final String USER_NAME = "BC7E9322-0B6B-4C28B4";
public static final String PASSWORD = "waZawuzefrabru96ebeb";
Protect Yourself
• Protect code before releasing
  • Hard to recover once it’s been made available
• Obfuscators
  • ProGuard
  • DashO
• Native Code
  • Use C++ and JNI
  • 99.99% of Android devices run on ARM processor
  • Use digital signature checking to protect lib
Protect Yourself
• ProGuard:
  • Detects and removes unused
    classes, fields, methods, and attributes.
  • Optimizes bytecode and removes unused instructions.
  • Renames remaining classes, fields, and methods using
    short meaningless names.
  • Preverifies the processed code for Java.
• Enable in default.properties files
  • proguard.config=proguard.cfg
Protect Yourself
• DashO (basic):
  • Improvement over ProGuard's naming by using strange
    characters and heavily reusing the same names at
    different scopes.
  • Does much more involved control flow obfuscation than
    ProGuard, reordering code operations to make them
    very difficult to understand and often breaking
    decompilers.
  • Supports string encryption to render important string
    data unreadable to attackers.
Protect Yourself
• DashO (advanced):
  • Supports tamper detection, handling, and reporting to
    prevent users from changing the compiled code, even
    while debugging, and to alert you if it happens.
  • Can automatically inject Preemptive's Runtime
    Intelligence functionality for remote error reporting.
Protect Yourself
• DashO demo
Protect Yourself - Decompiled
Protect Yourself - ProGuard
Protect Yourself – DashO
Protect Yourself – JNI

jstring Java_com_getPassword(JNIEnv* env, jobject thiz)
{
       char *password = “waZawuzefrabru96ebeb”;

       return (*env)->NewStringUTF(env, password);
}
Protect Yourself – JNI
Protect Yourself – JNI
Links
• http://viralpatel.net/blogs/2009/01/tutorial-java-class-file-
  format-revealed.html
• http://code.google.com/p/z4root/
• http://code.google.com/p/android-apktool/
• http://www.dalvikvm.com/
Raising the Bar
• APK’s are available
• Tools are easy to use
• Turn on ProGuard
• Investigate other obfuscators
• Hide keys using JNI
• Don’t put sensitive information unencrypted in APKs
SPAM #2
• RIIS LLC
  • Southfield, MI
• Clients
  • Fandango
  • DTE
  • Comerica
  • BCBSM
• Mobile Development
  • DTE Outage Maps
  • Broadsoft Front Office Assistant
• Contact Information
  • godfrey@riis.com

Contenu connexe

Tendances

hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...Area41
 
[ITAS.VN]CheckMarx-CxSuite-Sample result for webgoat5.3rc1
[ITAS.VN]CheckMarx-CxSuite-Sample result for webgoat5.3rc1[ITAS.VN]CheckMarx-CxSuite-Sample result for webgoat5.3rc1
[ITAS.VN]CheckMarx-CxSuite-Sample result for webgoat5.3rc1ITAS VIETNAM
 
Web security: Securing Untrusted Web Content in Browsers
Web security: Securing Untrusted Web Content in BrowsersWeb security: Securing Untrusted Web Content in Browsers
Web security: Securing Untrusted Web Content in BrowsersPhú Phùng
 
Case Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultCase Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultMohammed ALDOUB
 
XSS Countermeasures in Grails
XSS Countermeasures in GrailsXSS Countermeasures in Grails
XSS Countermeasures in Grailstheratpack
 
A Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility CloakA Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility CloakSoroush Dalili
 
Grails vs XSS: Defending Grails against XSS attacks
Grails vs XSS: Defending Grails against XSS attacksGrails vs XSS: Defending Grails against XSS attacks
Grails vs XSS: Defending Grails against XSS attackstheratpack
 
Looking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad SavitskyLooking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad SavitskyVlad Savitsky
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applicationsjasonhaddix
 
Изучаем миллиард состояний программы на уровне профи. Как разработать быстрый...
Изучаем миллиард состояний программы на уровне профи. Как разработать быстрый...Изучаем миллиард состояний программы на уровне профи. Как разработать быстрый...
Изучаем миллиард состояний программы на уровне профи. Как разработать быстрый...Positive Hack Days
 
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfDefeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfdrewz lin
 
Logical Attacks(Vulnerability Research)
Logical Attacks(Vulnerability Research)Logical Attacks(Vulnerability Research)
Logical Attacks(Vulnerability Research)Ajay Negi
 
Vulnerabilities in data processing levels
Vulnerabilities in data processing levelsVulnerabilities in data processing levels
Vulnerabilities in data processing levelsbeched
 
Phu appsec13
Phu appsec13Phu appsec13
Phu appsec13drewz lin
 

Tendances (16)

hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
 
[ITAS.VN]CheckMarx-CxSuite-Sample result for webgoat5.3rc1
[ITAS.VN]CheckMarx-CxSuite-Sample result for webgoat5.3rc1[ITAS.VN]CheckMarx-CxSuite-Sample result for webgoat5.3rc1
[ITAS.VN]CheckMarx-CxSuite-Sample result for webgoat5.3rc1
 
Web security: Securing Untrusted Web Content in Browsers
Web security: Securing Untrusted Web Content in BrowsersWeb security: Securing Untrusted Web Content in Browsers
Web security: Securing Untrusted Web Content in Browsers
 
Case Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultCase Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by Default
 
XSS Countermeasures in Grails
XSS Countermeasures in GrailsXSS Countermeasures in Grails
XSS Countermeasures in Grails
 
A Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility CloakA Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility Cloak
 
Random numbers
Random numbersRandom numbers
Random numbers
 
Grails vs XSS: Defending Grails against XSS attacks
Grails vs XSS: Defending Grails against XSS attacksGrails vs XSS: Defending Grails against XSS attacks
Grails vs XSS: Defending Grails against XSS attacks
 
Looking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad SavitskyLooking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad Savitsky
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applications
 
Root via XSS
Root via XSSRoot via XSS
Root via XSS
 
Изучаем миллиард состояний программы на уровне профи. Как разработать быстрый...
Изучаем миллиард состояний программы на уровне профи. Как разработать быстрый...Изучаем миллиард состояний программы на уровне профи. Как разработать быстрый...
Изучаем миллиард состояний программы на уровне профи. Как разработать быстрый...
 
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfDefeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
 
Logical Attacks(Vulnerability Research)
Logical Attacks(Vulnerability Research)Logical Attacks(Vulnerability Research)
Logical Attacks(Vulnerability Research)
 
Vulnerabilities in data processing levels
Vulnerabilities in data processing levelsVulnerabilities in data processing levels
Vulnerabilities in data processing levels
 
Phu appsec13
Phu appsec13Phu appsec13
Phu appsec13
 

En vedette

[EMC] Source Code Protection
[EMC] Source Code Protection[EMC] Source Code Protection
[EMC] Source Code ProtectionPerforce
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeMário Almeida
 
How to reverse engineer Android applications—using a popular word game as an ...
How to reverse engineer Android applications—using a popular word game as an ...How to reverse engineer Android applications—using a popular word game as an ...
How to reverse engineer Android applications—using a popular word game as an ...Christoph Matthies
 
Mobile application security and threat modeling
Mobile application security and threat modelingMobile application security and threat modeling
Mobile application security and threat modelingShantanu Mitra
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Dasnullowaspmumbai
 
Understanding the Dalvik bytecode with the Dedexer tool
Understanding the Dalvik bytecode with the Dedexer toolUnderstanding the Dalvik bytecode with the Dedexer tool
Understanding the Dalvik bytecode with the Dedexer toolGabor Paller
 

En vedette (8)

[EMC] Source Code Protection
[EMC] Source Code Protection[EMC] Source Code Protection
[EMC] Source Code Protection
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skype
 
How to reverse engineer Android applications—using a popular word game as an ...
How to reverse engineer Android applications—using a popular word game as an ...How to reverse engineer Android applications—using a popular word game as an ...
How to reverse engineer Android applications—using a popular word game as an ...
 
Mobile application security and threat modeling
Mobile application security and threat modelingMobile application security and threat modeling
Mobile application security and threat modeling
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
 
Understanding the Dalvik bytecode with the Dedexer tool
Understanding the Dalvik bytecode with the Dedexer toolUnderstanding the Dalvik bytecode with the Dedexer tool
Understanding the Dalvik bytecode with the Dedexer tool
 
Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile Apps
 
Practice of Android Reverse Engineering
Practice of Android Reverse EngineeringPractice of Android Reverse Engineering
Practice of Android Reverse Engineering
 

Similaire à Decompiling Android

Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseScott Sutherland
 
Groovy In the Cloud
Groovy In the CloudGroovy In the Cloud
Groovy In the CloudJim Driscoll
 
Droidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensicsDroidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensicsviaForensics
 
android code protection
android code protectionandroid code protection
android code protectionArman Kabiri
 
Typhoon Managed Execution Toolkit
Typhoon Managed Execution ToolkitTyphoon Managed Execution Toolkit
Typhoon Managed Execution ToolkitDimitry Snezhkov
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012 hakersinfo
 
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)TestDevLab
 
cinema_time_new.pdf
cinema_time_new.pdfcinema_time_new.pdf
cinema_time_new.pdfMaxDmitriev
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLiphonepentest
 
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...Apostolos Giannakidis
 
Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Mohammed Adam
 
Introduction to mobile reversing
Introduction to mobile reversingIntroduction to mobile reversing
Introduction to mobile reversingzynamics GmbH
 
Introduction to mobile reversing
Introduction to mobile reversingIntroduction to mobile reversing
Introduction to mobile reversingjduart
 
Zend MVC pattern based Framework – Best for Enterprise web applications
Zend MVC pattern based Framework – Best for Enterprise web applicationsZend MVC pattern based Framework – Best for Enterprise web applications
Zend MVC pattern based Framework – Best for Enterprise web applicationsEtisbew Technology Group
 
Android application security testing
Android application security testingAndroid application security testing
Android application security testingMykhailo Antonishyn
 
2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?APIsecure_ Official
 
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdfBypass_AV-EDR.pdf
Bypass_AV-EDR.pdfFarouk2nd
 
Security research over Windows #defcon china
Security research over Windows #defcon chinaSecurity research over Windows #defcon china
Security research over Windows #defcon chinaPeter Hlavaty
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseNetSPI
 
CNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsCNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsSam Bowne
 

Similaire à Decompiling Android (20)

Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash Course
 
Groovy In the Cloud
Groovy In the CloudGroovy In the Cloud
Groovy In the Cloud
 
Droidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensicsDroidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensics
 
android code protection
android code protectionandroid code protection
android code protection
 
Typhoon Managed Execution Toolkit
Typhoon Managed Execution ToolkitTyphoon Managed Execution Toolkit
Typhoon Managed Execution Toolkit
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012
 
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
 
cinema_time_new.pdf
cinema_time_new.pdfcinema_time_new.pdf
cinema_time_new.pdf
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
 
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
 
Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3
 
Introduction to mobile reversing
Introduction to mobile reversingIntroduction to mobile reversing
Introduction to mobile reversing
 
Introduction to mobile reversing
Introduction to mobile reversingIntroduction to mobile reversing
Introduction to mobile reversing
 
Zend MVC pattern based Framework – Best for Enterprise web applications
Zend MVC pattern based Framework – Best for Enterprise web applicationsZend MVC pattern based Framework – Best for Enterprise web applications
Zend MVC pattern based Framework – Best for Enterprise web applications
 
Android application security testing
Android application security testingAndroid application security testing
Android application security testing
 
2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?
 
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdfBypass_AV-EDR.pdf
Bypass_AV-EDR.pdf
 
Security research over Windows #defcon china
Security research over Windows #defcon chinaSecurity research over Windows #defcon china
Security research over Windows #defcon china
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
 
CNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsCNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android Applications
 

Plus de Godfrey Nolan

Counting Cars with Drones
Counting Cars with DronesCounting Cars with Drones
Counting Cars with DronesGodfrey Nolan
 
Customising QGroundControl
Customising QGroundControlCustomising QGroundControl
Customising QGroundControlGodfrey Nolan
 
Parrot Tutorials in Kotlin
Parrot Tutorials in KotlinParrot Tutorials in Kotlin
Parrot Tutorials in KotlinGodfrey Nolan
 
DJI Mobile SDK Tutorials in kotlin
DJI Mobile SDK Tutorials in kotlinDJI Mobile SDK Tutorials in kotlin
DJI Mobile SDK Tutorials in kotlinGodfrey Nolan
 
Getting started with tensor flow datasets
Getting started with tensor flow datasets Getting started with tensor flow datasets
Getting started with tensor flow datasets Godfrey Nolan
 
Using ML to make your UI tests more robust
Using ML to make your UI tests more robustUsing ML to make your UI tests more robust
Using ML to make your UI tests more robustGodfrey Nolan
 
Counting sheep with Drones and AI
Counting sheep with Drones and AICounting sheep with Drones and AI
Counting sheep with Drones and AIGodfrey Nolan
 
Writing Secure Mobile Apps for Drones
Writing Secure Mobile Apps for DronesWriting Secure Mobile Apps for Drones
Writing Secure Mobile Apps for DronesGodfrey Nolan
 
The Day We Infected Ourselves with Ransomware
The Day We Infected Ourselves with RansomwareThe Day We Infected Ourselves with Ransomware
The Day We Infected Ourselves with RansomwareGodfrey Nolan
 
From Maps to Apps the Future of Drone Technology
From Maps to Apps the Future of Drone TechnologyFrom Maps to Apps the Future of Drone Technology
From Maps to Apps the Future of Drone TechnologyGodfrey Nolan
 
Tableau 10 and quickbooks
Tableau 10 and quickbooksTableau 10 and quickbooks
Tableau 10 and quickbooksGodfrey Nolan
 

Plus de Godfrey Nolan (20)

Counting Cars with Drones
Counting Cars with DronesCounting Cars with Drones
Counting Cars with Drones
 
Customising QGroundControl
Customising QGroundControlCustomising QGroundControl
Customising QGroundControl
 
DJI Payload SDK
DJI Payload SDKDJI Payload SDK
DJI Payload SDK
 
Parrot Tutorials in Kotlin
Parrot Tutorials in KotlinParrot Tutorials in Kotlin
Parrot Tutorials in Kotlin
 
DJI Mobile SDK Tutorials in kotlin
DJI Mobile SDK Tutorials in kotlinDJI Mobile SDK Tutorials in kotlin
DJI Mobile SDK Tutorials in kotlin
 
Drone sdk showdown
Drone sdk showdownDrone sdk showdown
Drone sdk showdown
 
AI/ML in drones
AI/ML in dronesAI/ML in drones
AI/ML in drones
 
Getting started with tensor flow datasets
Getting started with tensor flow datasets Getting started with tensor flow datasets
Getting started with tensor flow datasets
 
Using ML to make your UI tests more robust
Using ML to make your UI tests more robustUsing ML to make your UI tests more robust
Using ML to make your UI tests more robust
 
Java best practices
Java best practicesJava best practices
Java best practices
 
Counting sheep with Drones and AI
Counting sheep with Drones and AICounting sheep with Drones and AI
Counting sheep with Drones and AI
 
Writing Secure Mobile Apps for Drones
Writing Secure Mobile Apps for DronesWriting Secure Mobile Apps for Drones
Writing Secure Mobile Apps for Drones
 
Android Device Labs
Android Device LabsAndroid Device Labs
Android Device Labs
 
The Day We Infected Ourselves with Ransomware
The Day We Infected Ourselves with RansomwareThe Day We Infected Ourselves with Ransomware
The Day We Infected Ourselves with Ransomware
 
Agile Android
Agile AndroidAgile Android
Agile Android
 
Agile Swift
Agile SwiftAgile Swift
Agile Swift
 
Android Refactoring
Android RefactoringAndroid Refactoring
Android Refactoring
 
Agile mobile
Agile mobileAgile mobile
Agile mobile
 
From Maps to Apps the Future of Drone Technology
From Maps to Apps the Future of Drone TechnologyFrom Maps to Apps the Future of Drone Technology
From Maps to Apps the Future of Drone Technology
 
Tableau 10 and quickbooks
Tableau 10 and quickbooksTableau 10 and quickbooks
Tableau 10 and quickbooks
 

Dernier

UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 

Dernier (20)

UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 

Decompiling Android

  • 2. Intro • What is a Decompiler? • Why Android? • Decompilers • Protect Yourself • Raising the Bar
  • 4. What is a Decompiler • Reverse Engineers apps into source code • Many languages can be decompiled • Java, C#, VB.Net., Visual Basic • Others can only be disassembled • C, C++, Objective-C • Java and .Net particularly at risk • Because of JVM and CLR design • Why use decompilers? • Curiosity, Hacking, Learning, Fair Use
  • 5. Why Java • Exploits JVM Design • Originally interpreted not compiled • Lots more symbolic information than binaries • Data and method separation • Simple classfile structure • Very few opcodes
  • 7. Why Java Classfile { int magic, short minor_version, short major_version, short constant_pool_count, cp_info constant_pool[constant_pool_count], short access_flags, short this_class, short super_class, short interfaces_count, interface_info interfaces[interfaces_count], short fields_count, field_info fields[field_count], short methods_count, method_info methods[methods_count], short attribute_count, attr_info attributes[attributes_count] }
  • 9. Why Android • Client side code • Easy access to apk’s • Download apk to sd card using Astro File Mgr • Download from xdadevelopers forum • Download using ‘adb pull’ on jailbroken phone • Nobody is using obfuscation • 1 out of 20 apks downloaded were protected • Easy to convert apk to Java to decompile
  • 11. Why Android java –jar dex2jar.jar com.riis.mobile.apk jd-gui com.riis.mobile.apk.dex2jar
  • 12. Why Android • Dex file • Different structure • Different opcodes • Register based not stack based • Multiple JVMs on device
  • 15. Why not iPhone? • Objective-C • Compiled not interpreted • Much less information • Fat binaries approach • Can still be disassembled • strings and otool unix commands • Other tools like IDA Pro
  • 16. Why Android • Jailbreak/Root phone • Use Z4Root • Uses RageAgainstTheCage Trojan exploit • Not available on Android Marketplace ;-) • Using Android SDK platform tools • Turn on USB debugging • Find apk using adb shell • Download using adb pull
  • 18. Why Android • Even easier is the apk-tool • Install APK-tool • Download apk • Right click
  • 19. Decompilers • Jive • Mocha • JAD • SourceAgain • JD-GUI
  • 20. Possible Exploits • Web Service API keys exposed • Database logins • Credit Card information • Fake apps
  • 23. Possible Exploits public static final String USER_NAME = "BC7E9322-0B6B-4C28B4"; public static final String PASSWORD = "waZawuzefrabru96ebeb";
  • 24. Protect Yourself • Protect code before releasing • Hard to recover once it’s been made available • Obfuscators • ProGuard • DashO • Native Code • Use C++ and JNI • 99.99% of Android devices run on ARM processor • Use digital signature checking to protect lib
  • 25. Protect Yourself • ProGuard: • Detects and removes unused classes, fields, methods, and attributes. • Optimizes bytecode and removes unused instructions. • Renames remaining classes, fields, and methods using short meaningless names. • Preverifies the processed code for Java. • Enable in default.properties files • proguard.config=proguard.cfg
  • 26. Protect Yourself • DashO (basic): • Improvement over ProGuard's naming by using strange characters and heavily reusing the same names at different scopes. • Does much more involved control flow obfuscation than ProGuard, reordering code operations to make them very difficult to understand and often breaking decompilers. • Supports string encryption to render important string data unreadable to attackers.
  • 27. Protect Yourself • DashO (advanced): • Supports tamper detection, handling, and reporting to prevent users from changing the compiled code, even while debugging, and to alert you if it happens. • Can automatically inject Preemptive's Runtime Intelligence functionality for remote error reporting.
  • 29. Protect Yourself - Decompiled
  • 30. Protect Yourself - ProGuard
  • 32. Protect Yourself – JNI jstring Java_com_getPassword(JNIEnv* env, jobject thiz) { char *password = “waZawuzefrabru96ebeb”; return (*env)->NewStringUTF(env, password); }
  • 35. Links • http://viralpatel.net/blogs/2009/01/tutorial-java-class-file- format-revealed.html • http://code.google.com/p/z4root/ • http://code.google.com/p/android-apktool/ • http://www.dalvikvm.com/
  • 36. Raising the Bar • APK’s are available • Tools are easy to use • Turn on ProGuard • Investigate other obfuscators • Hide keys using JNI • Don’t put sensitive information unencrypted in APKs
  • 37. SPAM #2 • RIIS LLC • Southfield, MI • Clients • Fandango • DTE • Comerica • BCBSM • Mobile Development • DTE Outage Maps • Broadsoft Front Office Assistant • Contact Information • godfrey@riis.com

Notes de l'éditeur

  1. Gave similar talk last year – not such a big issueDid it more as a favor for DavidThis year couldn’t be more different
  2. Decompiling Android – coming in the Spring 2012 also from ApressDecompiling Java will also be translated into another languageNot very high selling book, expect DA to do better
  3. Moral issues
  4. Before we can say why Android, have to ask Why Java first
  5. http://commons.apache.org/bcel/manual.html
  6. Java Classfile Structure.
  7. Book didn’t sell because java code is server sideno access => no decompilation
  8. We’ll be showing you how to do this manually a bit later
  9. http://chengalva.com/dnn_site/Home/tabid/41/EntryId/21/What-is-Dalviks-virtual-Machine-Differences-to-a-normal-Java-VMs.aspx
  10. http://www.dalvikvm.com/
  11. Works best on Android 2.2, but you can still load it manuallyAnti-Virus on your PC will probably complain ----- Meeting Notes (11/4/11 16:28) -----Do adb demo
  12. chmod 777 com.riis.mobile.apk
  13. Provides all assetsReverse engineers manifest.xmlGets phonegap and titanium code too----- Meeting Notes (11/4/11 16:28) -----smali and baksmali
  14. Fake apps like recent Netflix app
  15. Web Service API keys
  16. Titanium and PhoneGapjavascript code visible using one click apk-tool
  17. May need to change APIs
  18. Goto considered harmful
  19. Decompiled
  20. ProGuard
  21. DashO