SlideShare a Scribd company logo

IEEE Day 2013 - Reverse Engineering an Android Application

Download as PPT, PDF
Rufatet Babakishiyev
Rufatet Babakishiyev
Technology
1 of 23
IEEE Day 2013 Rufat BABAKISHIYEV Software Engineer Komtec LTD mr.rufatet@yahoo.com 01 October 2013, Qafqaz University Reverse Engineering an Android Application
Plan October 2, 20132  Reverse Engineering & Forensic research  Review of Android OS Architecture  Yahoo Email Client Application  Research questions  Decompiling the Application  File System  Database and files of Yahoo Email Android Client  Attachment files of Email Application  Compare App Info  Uninstall Yahoo Email Android Client  Security Warnings  Acronyms  Bibliography (references)
Reverse Engineering & Forensic research October 2, 20133 Reverse engineering, in computer programming, is a technique used to analyze software in order to identify and understand the parts it is composed of. The usual reasons for reverse engineering a piece of software are to recreate the program, to build something similar to it, to exploit its weaknesses or strengthen its defenses. Forensic Science - The word forensic comes from the Latin word forensis: public; to the forum or public discussion; argumentative, rhetorical, belonging to debate or discussion.
Review of Android OS Architecture October 2, 20134  Android relies on Linux Kernel version 2.6 for core system services such as security, memory management, process management, network stack, and driver model. It does not include full set of standard Linux utilities.  Android provides a number of system libraries in C/C++ which are made accessible through the Application Framework. It must be noted that . Android does not provide the complete functionality required of the standard GNU C libraries in Linux. Followings are libraries provided by Android; Surface Manager, Mefia Framework, SQLite , WebKit, OpenGL and etc.  The Dalvik Virtual Machine (VM) is the core runtime component of Android. It is a process-based virtual machine which uses the register architecture and is optimized for low memory footprint and better performance efficiency. The VM runs classes compiled by a Java language compiler that have been transformed into the Dalvik Executable (.dex) format by the included “dx” tool  An Android application can be composed of 4 types of components namely: Activity, Service, Content Provider and Broadcast Receiver.  In Applications layer we have applications that developers create and users use.
Review of Android OS Architecture October 2, 20135
Yahoo Email Client Application October 2, 20136 Why Yahoo ? Yahoo Email is most widely used email application and number of app download is between 50,000,000 – 100,000,000 which is way much big number. The application is compatible with all Android devices as it can be installed on any device having Android 2.2 or above version.
Research questions October 2, 20137  What files are created after installation?  What files are deleted after uninstallation?  What data are synchronized in the app?  What data are available for offline use?  How SQLite database is used?  How cache and memory is managed?
Decompiling the Application October 2, 20138 Firstly the app (Yahoo) is downloaded from the market and install it. For our research we need .apk file of the app therefore we download and use ES File Explorer. After launching the app, we choose “Tools” from Sliding Menu and then select “Manager”. We see all the applications of the user in a grid view. Then we long press Yahoo Email and select it and a tab bar appears below where we click “Backup” menu and then in the SD Card .apk file is created in backups folder.
Decompiling the Application October 2, 20139  Apktool - reverses .apk file to an android project (unfortunately not .class files, these are .smali files).  Dex2jar - reverses .apk file to .jar file.  JD-Compiler – with this tool can decompile .jar file and get java source codes. Reverse .apk file to Android Project
Decompiling the Application October 2, 201310 With JD-Gui we can look source codes of Yahoo Email Android Client. After decompilation we get obfuscated source codes therefore we won’t understand anything from source codes.
File System October 2, 201311 With Eclipse’s Android tools we can look at device’s data which when installed every application system creates data under data/data folder (as Windows Program Files). install Yahoo Email Android Client on AVD
File System October 2, 201312 With Eclipse’s Android tools we can look at device’s data which when installed every application system creates data under data/data folder (as Windows Program Files).
Database and file of Yahoo Email Client October 2, 201313 In order to make a forensic research about DB and artifacts we need to create some email accounts for testing in yahoo. We have created 2 different Yahoo Email accounts because with Yahoo Email Android Client user can manage more than one Yahoo email account. Email 1 : rufatf123. Email 2 : rufatf124. Then we sign in with first email and add second email.
Database and file of Yahoo Email Client October 2, 201314 Sent some test email from both email accounts, some text and media emails (attached doc, mp3 files). Then we start to look at DB. From Eclipse File Explorer we look at datadatabases files and try to pull them with this tool. (For pulling, we select file then click right top disket icon, and then select folder for save)
Database and file of Yahoo Email Client October 2, 201315 Every table were created for both account
Attachment files of Yahoo Email Client October 2, 201316 When we want to look at attachment file the system offers us two options. One of them is View another is Save. So we choose Save for to explorer artifacts. When we try to save it the system shows us to which directory it will save the application.
Compare App Info October 2, 201317 Installed Used
Uninstall Yahoo Email Android Client October 2, 201318 At the end we uninstall Yahoo Email Android Client (from Application Manager) and explore datadata and folders. Let’s find out which folders and files removed by system, and which ones remained. After the uninstallation we see that system removed Yahoo Email Andorid Application package under datadata directory. So it removed cache and database files. Now look at files, see that it removed Yahoo directory from sdcard. So the system removes all artifacts when the application is uninstalled.
Security Warnings October 2, 201319  Do not “root” your device !  Do not install applications from unknown sources !  Read permissions when install application !
Acronyms October 2, 201320 APK Android Application Package JVM Java Virtual Machine Java SE Java Standard Edition Java ME Java Mobile Edition SD Card Secure Digital Card OS Operating System AVD Android Virtual Device DEX Dalvik Executable SDK Software Development Kit
Bibliography October 2, 201321 References [1] Android OS - is a Linux-based operating system designed primarily for touchscreen mobile devices such as smartphones and tablet computers. http://en.wikipedia.org/wiki/Android_(operating_system) Official web site : http://www.android.com/ and most used sub site http://developer.android.com/index.html [2] Android Architecture – The Key Concepts http://www.android-app-market.com/android-architecture.html [3] Reverse Engineering http://searchcio-midmarket.techtarget.com/definition/reverse-engineering [4] android apk tool https://code.google.com/p/android-apktool/ [5] dex2jar https://code.google.com/p/dex2jar/ [6] DJ-GUI https://code.google.com/p/innlab/downloads/detail?name=jd-gui- 0.3.3.windows.zip&can=2&q= [7] Google Play For downloads applications. Yahoo and ES File Explorer https://play.google.com/store
Bibliography October 2, 201322 References [8] Techopedia.com http://www.techopedia.com/definition/3868/reverse-engineering [9] ES File Explorer https://play.google.com/store/apps/details?id=com.estrongs.android.pop
Thanks for attention … October 2, 201323 QUESTIONS ?

Recommended

Reverse Engineering Android Application
Reverse Engineering Android ApplicationReverse Engineering Android Application
Reverse Engineering Android Applicationn|u - The Open Security Community
 
Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Internet Security Auditors
 
Steelcon 2015 Reverse-Engineering Obfuscated Android Applications
Steelcon 2015 Reverse-Engineering Obfuscated Android ApplicationsSteelcon 2015 Reverse-Engineering Obfuscated Android Applications
Steelcon 2015 Reverse-Engineering Obfuscated Android ApplicationsTom Keetch
 
Reverse engineering android apps
Reverse engineering android appsReverse engineering android apps
Reverse engineering android appsPranay Airan
 
How to reverse engineer Android applications
How to reverse engineer Android applicationsHow to reverse engineer Android applications
How to reverse engineer Android applicationshubx
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeMário Almeida
 
Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and Tools
Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and ToolsDroidcon Greece '15 - Reverse Engineering in Android: Countermeasures and Tools
Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and ToolsDario Incalza
 
Practice of Android Reverse Engineering
Practice of Android Reverse EngineeringPractice of Android Reverse Engineering
Practice of Android Reverse EngineeringNational Cheng Kung University
 

Recommended

Reverse Engineering Android Application
Reverse Engineering Android ApplicationReverse Engineering Android Application
Reverse Engineering Android Applicationn|u - The Open Security Community
 
Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Internet Security Auditors
 
Steelcon 2015 Reverse-Engineering Obfuscated Android Applications
Steelcon 2015 Reverse-Engineering Obfuscated Android ApplicationsSteelcon 2015 Reverse-Engineering Obfuscated Android Applications
Steelcon 2015 Reverse-Engineering Obfuscated Android ApplicationsTom Keetch
 
Reverse engineering android apps
Reverse engineering android appsReverse engineering android apps
Reverse engineering android appsPranay Airan
 
How to reverse engineer Android applications
How to reverse engineer Android applicationsHow to reverse engineer Android applications
How to reverse engineer Android applicationshubx
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeMário Almeida
 
Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and Tools
Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and ToolsDroidcon Greece '15 - Reverse Engineering in Android: Countermeasures and Tools
Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and ToolsDario Incalza
 
Practice of Android Reverse Engineering
Practice of Android Reverse EngineeringPractice of Android Reverse Engineering
Practice of Android Reverse EngineeringNational Cheng Kung University
 
Toward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malwareToward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malwareZongXian Shen
 
Writing Android Libraries
Writing Android LibrariesWriting Android Libraries
Writing Android Librariesemanuelez
 
Introduction to the Android NDK
Introduction to the Android NDKIntroduction to the Android NDK
Introduction to the Android NDKSebastian Mauer
 
Android Native Development Kit
Android Native Development KitAndroid Native Development Kit
Android Native Development KitPeter R. Egli
 
Android developer's toolbox
Android developer's toolboxAndroid developer's toolbox
Android developer's toolboxAlex Verdyan
 
Native development kit (ndk) introduction
Native development kit (ndk) introductionNative development kit (ndk) introduction
Native development kit (ndk) introductionRakesh Jha
 
NDK Programming in Android
NDK Programming in AndroidNDK Programming in Android
NDK Programming in AndroidArvind Devaraj
 
Breaking iOS Apps using Cycript
Breaking iOS Apps using CycriptBreaking iOS Apps using Cycript
Breaking iOS Apps using Cycriptn|u - The Open Security Community
 
[DOC] Java - Code Analysis using SonarQube
[DOC] Java - Code Analysis using SonarQube[DOC] Java - Code Analysis using SonarQube
[DOC] Java - Code Analysis using SonarQubeAngelin R
 
Introduction to Android platform
Introduction to Android platformIntroduction to Android platform
Introduction to Android platformmaamir farooq
 
Sonarqube
SonarqubeSonarqube
SonarqubeKalkey
 
Hello, Android Studio 3.2 & Android App Bundle @ I/O Extended Bangkok 2018
Hello, Android Studio 3.2 & Android App Bundle @ I/O Extended Bangkok 2018Hello, Android Studio 3.2 & Android App Bundle @ I/O Extended Bangkok 2018
Hello, Android Studio 3.2 & Android App Bundle @ I/O Extended Bangkok 2018Somkiat Khitwongwattana
 
Common primitives in Docker environments
Common primitives in Docker environmentsCommon primitives in Docker environments
Common primitives in Docker environmentsalexandru giurgiu
 
Why the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID ArchitectureWhy the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID ArchitectureJorge Ortiz
 
Android NDK
Android NDKAndroid NDK
Android NDKSentinel Solutions Ltd
 
Yaml as Pipeline GSoC 218 Phase 2 evaluation
Yaml as Pipeline GSoC 218 Phase 2 evaluationYaml as Pipeline GSoC 218 Phase 2 evaluation
Yaml as Pipeline GSoC 218 Phase 2 evaluationAbhishek Gautam
 
CDI 2.0 is coming
CDI 2.0 is comingCDI 2.0 is coming
CDI 2.0 is comingAntoine Sabot-Durand
 
NDK Introduction
NDK IntroductionNDK Introduction
NDK IntroductionRAHUL TRIPATHI
 
Extending Java EE with CDI and JBoss Forge
Extending Java EE with CDI and JBoss ForgeExtending Java EE with CDI and JBoss Forge
Extending Java EE with CDI and JBoss ForgeAntoine Sabot-Durand
 
DevSecCon Singapore 2018 - System call auditing made effective with machine l...
DevSecCon Singapore 2018 - System call auditing made effective with machine l...DevSecCon Singapore 2018 - System call auditing made effective with machine l...
DevSecCon Singapore 2018 - System call auditing made effective with machine l...DevSecCon
 
Reverse Engineering .NET and Java
Reverse Engineering .NET and JavaReverse Engineering .NET and Java
Reverse Engineering .NET and JavaJoe Kuemerle
 
reverse engineering
reverse engineeringreverse engineering
reverse engineeringayush_nitt
 

More Related Content

What's hot

Toward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malwareToward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malwareZongXian Shen
 
Writing Android Libraries
Writing Android LibrariesWriting Android Libraries
Writing Android Librariesemanuelez
 
Introduction to the Android NDK
Introduction to the Android NDKIntroduction to the Android NDK
Introduction to the Android NDKSebastian Mauer
 
Android Native Development Kit
Android Native Development KitAndroid Native Development Kit
Android Native Development KitPeter R. Egli
 
Android developer's toolbox
Android developer's toolboxAndroid developer's toolbox
Android developer's toolboxAlex Verdyan
 
Native development kit (ndk) introduction
Native development kit (ndk) introductionNative development kit (ndk) introduction
Native development kit (ndk) introductionRakesh Jha
 
NDK Programming in Android
NDK Programming in AndroidNDK Programming in Android
NDK Programming in AndroidArvind Devaraj
 
[DOC] Java - Code Analysis using SonarQube
[DOC] Java - Code Analysis using SonarQube[DOC] Java - Code Analysis using SonarQube
[DOC] Java - Code Analysis using SonarQubeAngelin R
 
Introduction to Android platform
Introduction to Android platformIntroduction to Android platform
Introduction to Android platformmaamir farooq
 
Sonarqube
SonarqubeSonarqube
SonarqubeKalkey
 
Hello, Android Studio 3.2 & Android App Bundle @ I/O Extended Bangkok 2018
Hello, Android Studio 3.2 & Android App Bundle @ I/O Extended Bangkok 2018Hello, Android Studio 3.2 & Android App Bundle @ I/O Extended Bangkok 2018
Hello, Android Studio 3.2 & Android App Bundle @ I/O Extended Bangkok 2018Somkiat Khitwongwattana
 
Common primitives in Docker environments
Common primitives in Docker environmentsCommon primitives in Docker environments
Common primitives in Docker environmentsalexandru giurgiu
 
Why the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID ArchitectureWhy the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID ArchitectureJorge Ortiz
 
Yaml as Pipeline GSoC 218 Phase 2 evaluation
Yaml as Pipeline GSoC 218 Phase 2 evaluationYaml as Pipeline GSoC 218 Phase 2 evaluation
Yaml as Pipeline GSoC 218 Phase 2 evaluationAbhishek Gautam
 
Extending Java EE with CDI and JBoss Forge
Extending Java EE with CDI and JBoss ForgeExtending Java EE with CDI and JBoss Forge
Extending Java EE with CDI and JBoss ForgeAntoine Sabot-Durand
 
DevSecCon Singapore 2018 - System call auditing made effective with machine l...
DevSecCon Singapore 2018 - System call auditing made effective with machine l...DevSecCon Singapore 2018 - System call auditing made effective with machine l...
DevSecCon Singapore 2018 - System call auditing made effective with machine l...DevSecCon
 

What's hot (20)

Toward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malwareToward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malware
 
Writing Android Libraries
Writing Android LibrariesWriting Android Libraries
Writing Android Libraries
 
Introduction to the Android NDK
Introduction to the Android NDKIntroduction to the Android NDK
Introduction to the Android NDK
 
Android Native Development Kit
Android Native Development KitAndroid Native Development Kit
Android Native Development Kit
 
Android developer's toolbox
Android developer's toolboxAndroid developer's toolbox
Android developer's toolbox
 
Native development kit (ndk) introduction
Native development kit (ndk) introductionNative development kit (ndk) introduction
Native development kit (ndk) introduction
 
NDK Programming in Android
NDK Programming in AndroidNDK Programming in Android
NDK Programming in Android
 
Breaking iOS Apps using Cycript
Breaking iOS Apps using CycriptBreaking iOS Apps using Cycript
Breaking iOS Apps using Cycript
 
[DOC] Java - Code Analysis using SonarQube
[DOC] Java - Code Analysis using SonarQube[DOC] Java - Code Analysis using SonarQube
[DOC] Java - Code Analysis using SonarQube
 
Introduction to Android platform
Introduction to Android platformIntroduction to Android platform
Introduction to Android platform
 
Sonarqube
SonarqubeSonarqube
Sonarqube
 
Hello, Android Studio 3.2 & Android App Bundle @ I/O Extended Bangkok 2018
Hello, Android Studio 3.2 & Android App Bundle @ I/O Extended Bangkok 2018Hello, Android Studio 3.2 & Android App Bundle @ I/O Extended Bangkok 2018
Hello, Android Studio 3.2 & Android App Bundle @ I/O Extended Bangkok 2018
 
Common primitives in Docker environments
Common primitives in Docker environmentsCommon primitives in Docker environments
Common primitives in Docker environments
 
Why the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID ArchitectureWhy the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID Architecture
 
Android NDK
Android NDKAndroid NDK
Android NDK
 
Yaml as Pipeline GSoC 218 Phase 2 evaluation
Yaml as Pipeline GSoC 218 Phase 2 evaluationYaml as Pipeline GSoC 218 Phase 2 evaluation
Yaml as Pipeline GSoC 218 Phase 2 evaluation
 
CDI 2.0 is coming
CDI 2.0 is comingCDI 2.0 is coming
CDI 2.0 is coming
 
NDK Introduction
NDK IntroductionNDK Introduction
NDK Introduction
 
Extending Java EE with CDI and JBoss Forge
Extending Java EE with CDI and JBoss ForgeExtending Java EE with CDI and JBoss Forge
Extending Java EE with CDI and JBoss Forge
 
DevSecCon Singapore 2018 - System call auditing made effective with machine l...
DevSecCon Singapore 2018 - System call auditing made effective with machine l...DevSecCon Singapore 2018 - System call auditing made effective with machine l...
DevSecCon Singapore 2018 - System call auditing made effective with machine l...
 

Viewers also liked

Reverse Engineering .NET and Java
Reverse Engineering .NET and JavaReverse Engineering .NET and Java
Reverse Engineering .NET and JavaJoe Kuemerle
 
reverse engineering
reverse engineeringreverse engineering
reverse engineeringayush_nitt
 
Software reverse engineering
Software reverse engineeringSoftware reverse engineering
Software reverse engineeringParminder Singh
 
Reverse engineering & its application
Reverse engineering & its applicationReverse engineering & its application
Reverse engineering & its applicationmapqrs
 
Reverse Engineering Techniques: from Web Applications to Rich Internet Applic...
Reverse Engineering Techniques: from Web Applications to Rich Internet Applic...Reverse Engineering Techniques: from Web Applications to Rich Internet Applic...
Reverse Engineering Techniques: from Web Applications to Rich Internet Applic...Porfirio Tramontana
 
Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)ClubHack
 
Reverse engineering20151112
Reverse engineering20151112Reverse engineering20151112
Reverse engineering20151112Bordeaux I
 
LinkedIn - Disassembling Dalvik Bytecode
LinkedIn - Disassembling Dalvik BytecodeLinkedIn - Disassembling Dalvik Bytecode
LinkedIn - Disassembling Dalvik BytecodeAlain Leon
 
Let's talk about jni
Let's talk about jniLet's talk about jni
Let's talk about jniYongqiang Li
 
Reverse Engineering Web Applications
Reverse Engineering Web ApplicationsReverse Engineering Web Applications
Reverse Engineering Web ApplicationsPorfirio Tramontana
 
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ZongXian Shen
 
How to reverse engineer Android applications—using a popular word game as an ...
How to reverse engineer Android applications—using a popular word game as an ...How to reverse engineer Android applications—using a popular word game as an ...
How to reverse engineer Android applications—using a popular word game as an ...Christoph Matthies
 
Android internals 05 - Dalvik VM (rev_1.1)
Android internals 05 - Dalvik VM (rev_1.1)Android internals 05 - Dalvik VM (rev_1.1)
Android internals 05 - Dalvik VM (rev_1.1)Egor Elizarov
 
Understanding the Dalvik bytecode with the Dedexer tool
Understanding the Dalvik bytecode with the Dedexer toolUnderstanding the Dalvik bytecode with the Dedexer tool
Understanding the Dalvik bytecode with the Dedexer toolGabor Paller
 
ravi reverseengineeringitsapplication01 121101044845-phpapp02
ravi reverseengineeringitsapplication01 121101044845-phpapp02ravi reverseengineeringitsapplication01 121101044845-phpapp02
ravi reverseengineeringitsapplication01 121101044845-phpapp02Akash Maurya
 
Learning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorialLearning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorialLandice Fu
 

Viewers also liked (20)

Reverse Engineering .NET and Java
Reverse Engineering .NET and JavaReverse Engineering .NET and Java
Reverse Engineering .NET and Java
 
reverse engineering
reverse engineeringreverse engineering
reverse engineering
 
Toward Reverse Engineering of VBA Based Excel Spreadsheets Applications
Toward Reverse Engineering of VBA Based Excel Spreadsheets ApplicationsToward Reverse Engineering of VBA Based Excel Spreadsheets Applications
Toward Reverse Engineering of VBA Based Excel Spreadsheets Applications
 
Application of Reverse Engineering and CAD/CAM in Field of Prosthetics-A Make...
Application of Reverse Engineering and CAD/CAM in Field of Prosthetics-A Make...Application of Reverse Engineering and CAD/CAM in Field of Prosthetics-A Make...
Application of Reverse Engineering and CAD/CAM in Field of Prosthetics-A Make...
 
Software reverse engineering
Software reverse engineeringSoftware reverse engineering
Software reverse engineering
 
Reverse engineering & its application
Reverse engineering & its applicationReverse engineering & its application
Reverse engineering & its application
 
Reverse Engineering Techniques: from Web Applications to Rich Internet Applic...
Reverse Engineering Techniques: from Web Applications to Rich Internet Applic...Reverse Engineering Techniques: from Web Applications to Rich Internet Applic...
Reverse Engineering Techniques: from Web Applications to Rich Internet Applic...
 
Music video directors
Music video directorsMusic video directors
Music video directors
 
Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)
 
Smali语法
Smali语法Smali语法
Smali语法
 
Reverse engineering20151112
Reverse engineering20151112Reverse engineering20151112
Reverse engineering20151112
 
LinkedIn - Disassembling Dalvik Bytecode
LinkedIn - Disassembling Dalvik BytecodeLinkedIn - Disassembling Dalvik Bytecode
LinkedIn - Disassembling Dalvik Bytecode
 
Let's talk about jni
Let's talk about jniLet's talk about jni
Let's talk about jni
 
Reverse Engineering Web Applications
Reverse Engineering Web ApplicationsReverse Engineering Web Applications
Reverse Engineering Web Applications
 
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
 
How to reverse engineer Android applications—using a popular word game as an ...
How to reverse engineer Android applications—using a popular word game as an ...How to reverse engineer Android applications—using a popular word game as an ...
How to reverse engineer Android applications—using a popular word game as an ...
 
Android internals 05 - Dalvik VM (rev_1.1)
Android internals 05 - Dalvik VM (rev_1.1)Android internals 05 - Dalvik VM (rev_1.1)
Android internals 05 - Dalvik VM (rev_1.1)
 
Understanding the Dalvik bytecode with the Dedexer tool
Understanding the Dalvik bytecode with the Dedexer toolUnderstanding the Dalvik bytecode with the Dedexer tool
Understanding the Dalvik bytecode with the Dedexer tool
 
ravi reverseengineeringitsapplication01 121101044845-phpapp02
ravi reverseengineeringitsapplication01 121101044845-phpapp02ravi reverseengineeringitsapplication01 121101044845-phpapp02
ravi reverseengineeringitsapplication01 121101044845-phpapp02
 
Learning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorialLearning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorial
 

Similar to IEEE Day 2013 - Reverse Engineering an Android Application

Google android white paper
Google android white paperGoogle android white paper
Google android white paperSravan Reddy
 
Android development-tutorial
Android development-tutorialAndroid development-tutorial
Android development-tutorialnirajsimulanis
 
Mediating Applications on the Android System
Mediating Applications on the Android SystemMediating Applications on the Android System
Mediating Applications on the Android SystemNizar Maan
 
Introduction to Android Development Part 1
Introduction to Android Development Part 1Introduction to Android Development Part 1
Introduction to Android Development Part 1Kainda Kiniel Daka
 
Android Overview
Android OverviewAndroid Overview
Android OverviewRaju Kadam
 
Remote Exploitation of the Dropbox SDK for Android
Remote Exploitation of the Dropbox SDK for AndroidRemote Exploitation of the Dropbox SDK for Android
Remote Exploitation of the Dropbox SDK for AndroidIBM Security
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Dasnullowaspmumbai
 
Android application structure
Android application structureAndroid application structure
Android application structureAlexey Ustenko
 
Android application fundamentals
Android application fundamentalsAndroid application fundamentals
Android application fundamentalsSteve Smith
 
Introduction to android
Introduction to androidIntroduction to android
Introduction to androidjavalabsf
 
Lecture 2(b) Android Internals A Quick Overview
Lecture 2(b) Android Internals A Quick OverviewLecture 2(b) Android Internals A Quick Overview
Lecture 2(b) Android Internals A Quick OverviewAhsanul Karim
 
Android development training programme Day 1
Android development training programme Day 1Android development training programme Day 1
Android development training programme Day 1DHIRAJ PRAVIN
 
01 what is android
01 what is android01 what is android
01 what is androidC.o. Nieto
 
Android development-tutorial
Android development-tutorialAndroid development-tutorial
Android development-tutorialilias ahmed
 
Hello android world
Hello android worldHello android world
Hello android worldeleksdev
 
Introduction to Android Development Latest
Introduction to Android Development LatestIntroduction to Android Development Latest
Introduction to Android Development LatestProf. Erwin Globio
 

Similar to IEEE Day 2013 - Reverse Engineering an Android Application (20)

Google android white paper
Google android white paperGoogle android white paper
Google android white paper
 
Android Basic- CMC
Android Basic- CMCAndroid Basic- CMC
Android Basic- CMC
 
Android development-tutorial
Android development-tutorialAndroid development-tutorial
Android development-tutorial
 
Mediating Applications on the Android System
Mediating Applications on the Android SystemMediating Applications on the Android System
Mediating Applications on the Android System
 
Android beginners David
Android beginners DavidAndroid beginners David
Android beginners David
 
Introduction to Android Development Part 1
Introduction to Android Development Part 1Introduction to Android Development Part 1
Introduction to Android Development Part 1
 
Aptech Apps
Aptech Apps Aptech Apps
Aptech Apps
 
Android Overview
Android OverviewAndroid Overview
Android Overview
 
Remote Exploitation of the Dropbox SDK for Android
Remote Exploitation of the Dropbox SDK for AndroidRemote Exploitation of the Dropbox SDK for Android
Remote Exploitation of the Dropbox SDK for Android
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
 
Android application structure
Android application structureAndroid application structure
Android application structure
 
Android application fundamentals
Android application fundamentalsAndroid application fundamentals
Android application fundamentals
 
Introduction to android
Introduction to androidIntroduction to android
Introduction to android
 
Android dev o_auth
Android dev o_authAndroid dev o_auth
Android dev o_auth
 
Lecture 2(b) Android Internals A Quick Overview
Lecture 2(b) Android Internals A Quick OverviewLecture 2(b) Android Internals A Quick Overview
Lecture 2(b) Android Internals A Quick Overview
 
Android development training programme Day 1
Android development training programme Day 1Android development training programme Day 1
Android development training programme Day 1
 
01 what is android
01 what is android01 what is android
01 what is android
 
Android development-tutorial
Android development-tutorialAndroid development-tutorial
Android development-tutorial
 
Hello android world
Hello android worldHello android world
Hello android world
 
Introduction to Android Development Latest
Introduction to Android Development LatestIntroduction to Android Development Latest
Introduction to Android Development Latest
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 

IEEE Day 2013 - Reverse Engineering an Android Application

  • 1. IEEE Day 2013 Rufat BABAKISHIYEV Software Engineer Komtec LTD mr.rufatet@yahoo.com 01 October 2013, Qafqaz University Reverse Engineering an Android Application
  • 2. Plan October 2, 20132  Reverse Engineering & Forensic research  Review of Android OS Architecture  Yahoo Email Client Application  Research questions  Decompiling the Application  File System  Database and files of Yahoo Email Android Client  Attachment files of Email Application  Compare App Info  Uninstall Yahoo Email Android Client  Security Warnings  Acronyms  Bibliography (references)
  • 3. Reverse Engineering & Forensic research October 2, 20133 Reverse engineering, in computer programming, is a technique used to analyze software in order to identify and understand the parts it is composed of. The usual reasons for reverse engineering a piece of software are to recreate the program, to build something similar to it, to exploit its weaknesses or strengthen its defenses. Forensic Science - The word forensic comes from the Latin word forensis: public; to the forum or public discussion; argumentative, rhetorical, belonging to debate or discussion.
  • 4. Review of Android OS Architecture October 2, 20134  Android relies on Linux Kernel version 2.6 for core system services such as security, memory management, process management, network stack, and driver model. It does not include full set of standard Linux utilities.  Android provides a number of system libraries in C/C++ which are made accessible through the Application Framework. It must be noted that . Android does not provide the complete functionality required of the standard GNU C libraries in Linux. Followings are libraries provided by Android; Surface Manager, Mefia Framework, SQLite , WebKit, OpenGL and etc.  The Dalvik Virtual Machine (VM) is the core runtime component of Android. It is a process-based virtual machine which uses the register architecture and is optimized for low memory footprint and better performance efficiency. The VM runs classes compiled by a Java language compiler that have been transformed into the Dalvik Executable (.dex) format by the included “dx” tool  An Android application can be composed of 4 types of components namely: Activity, Service, Content Provider and Broadcast Receiver.  In Applications layer we have applications that developers create and users use.
  • 5. Review of Android OS Architecture October 2, 20135
  • 6. Yahoo Email Client Application October 2, 20136 Why Yahoo ? Yahoo Email is most widely used email application and number of app download is between 50,000,000 – 100,000,000 which is way much big number. The application is compatible with all Android devices as it can be installed on any device having Android 2.2 or above version.
  • 7. Research questions October 2, 20137  What files are created after installation?  What files are deleted after uninstallation?  What data are synchronized in the app?  What data are available for offline use?  How SQLite database is used?  How cache and memory is managed?
  • 8. Decompiling the Application October 2, 20138 Firstly the app (Yahoo) is downloaded from the market and install it. For our research we need .apk file of the app therefore we download and use ES File Explorer. After launching the app, we choose “Tools” from Sliding Menu and then select “Manager”. We see all the applications of the user in a grid view. Then we long press Yahoo Email and select it and a tab bar appears below where we click “Backup” menu and then in the SD Card .apk file is created in backups folder.
  • 9. Decompiling the Application October 2, 20139  Apktool - reverses .apk file to an android project (unfortunately not .class files, these are .smali files).  Dex2jar - reverses .apk file to .jar file.  JD-Compiler – with this tool can decompile .jar file and get java source codes. Reverse .apk file to Android Project
  • 10. Decompiling the Application October 2, 201310 With JD-Gui we can look source codes of Yahoo Email Android Client. After decompilation we get obfuscated source codes therefore we won’t understand anything from source codes.
  • 11. File System October 2, 201311 With Eclipse’s Android tools we can look at device’s data which when installed every application system creates data under data/data folder (as Windows Program Files). install Yahoo Email Android Client on AVD
  • 12. File System October 2, 201312 With Eclipse’s Android tools we can look at device’s data which when installed every application system creates data under data/data folder (as Windows Program Files).
  • 13. Database and file of Yahoo Email Client October 2, 201313 In order to make a forensic research about DB and artifacts we need to create some email accounts for testing in yahoo. We have created 2 different Yahoo Email accounts because with Yahoo Email Android Client user can manage more than one Yahoo email account. Email 1 : rufatf123. Email 2 : rufatf124. Then we sign in with first email and add second email.
  • 14. Database and file of Yahoo Email Client October 2, 201314 Sent some test email from both email accounts, some text and media emails (attached doc, mp3 files). Then we start to look at DB. From Eclipse File Explorer we look at datadatabases files and try to pull them with this tool. (For pulling, we select file then click right top disket icon, and then select folder for save)
  • 15. Database and file of Yahoo Email Client October 2, 201315 Every table were created for both account
  • 16. Attachment files of Yahoo Email Client October 2, 201316 When we want to look at attachment file the system offers us two options. One of them is View another is Save. So we choose Save for to explorer artifacts. When we try to save it the system shows us to which directory it will save the application.
  • 17. Compare App Info October 2, 201317 Installed Used
  • 18. Uninstall Yahoo Email Android Client October 2, 201318 At the end we uninstall Yahoo Email Android Client (from Application Manager) and explore datadata and folders. Let’s find out which folders and files removed by system, and which ones remained. After the uninstallation we see that system removed Yahoo Email Andorid Application package under datadata directory. So it removed cache and database files. Now look at files, see that it removed Yahoo directory from sdcard. So the system removes all artifacts when the application is uninstalled.
  • 19. Security Warnings October 2, 201319  Do not “root” your device !  Do not install applications from unknown sources !  Read permissions when install application !
  • 20. Acronyms October 2, 201320 APK Android Application Package JVM Java Virtual Machine Java SE Java Standard Edition Java ME Java Mobile Edition SD Card Secure Digital Card OS Operating System AVD Android Virtual Device DEX Dalvik Executable SDK Software Development Kit
  • 21. Bibliography October 2, 201321 References [1] Android OS - is a Linux-based operating system designed primarily for touchscreen mobile devices such as smartphones and tablet computers. http://en.wikipedia.org/wiki/Android_(operating_system) Official web site : http://www.android.com/ and most used sub site http://developer.android.com/index.html [2] Android Architecture – The Key Concepts http://www.android-app-market.com/android-architecture.html [3] Reverse Engineering http://searchcio-midmarket.techtarget.com/definition/reverse-engineering [4] android apk tool https://code.google.com/p/android-apktool/ [5] dex2jar https://code.google.com/p/dex2jar/ [6] DJ-GUI https://code.google.com/p/innlab/downloads/detail?name=jd-gui- 0.3.3.windows.zip&can=2&q= [7] Google Play For downloads applications. Yahoo and ES File Explorer https://play.google.com/store
  • 22. Bibliography October 2, 201322 References [8] Techopedia.com http://www.techopedia.com/definition/3868/reverse-engineering [9] ES File Explorer https://play.google.com/store/apps/details?id=com.estrongs.android.pop
  • 23. Thanks for attention … October 2, 201323 QUESTIONS ?