Oh yes there is no more root detection for your android app!
http://appsecusa2015.sched.org/event/129aa2ed31755697723b8f2855ab76b9#.VgWt_tNVjDU Android is the leading Operating system. It is used not just in Smartphones / Tablet but also is used as base for interactive Television, gaming console and lot more systems. The obvious resultant is that there is a large focus towards developing applications for this platform and to maintain its security. This is one hour crash course on “By passing root detection” on android based dummy internet banking app, This dummy internet banking application has features such as adding a beneficiary account, fund transfer, view statements, OTP, Pin sign-in, etc. to provide attendees a real world application scenario. Android APK file architecture and Setting up the emulator. Reversing the APK file package Understanding, patching smali code (JAVA – Class – Dex – smali – APK) Bypass the business logic for the root detection Who Should Attend - Security Professionals - Mobile Application Developers - People interested to start into Android security - Web Application Pentesters - Beginners mobile app malware auditor What to expect : - Getting started with Android Security - Reversing and Auditing of Android applications - Hands-on on Finding vulnerabilities and patching the binary
Recommandé
Contenu connexe
En vedette
Dernier
Dernier (20)
Oh yes there is no more root detection for your android app!
- 1. Oh Yes, There is no more root detection for your Android App! Reversing and smali patching – Banking Android App Abhinav Sejpal Accenture Digital – IDC OWASP APP SEC USA 2015 Copyright © 2015 Accenture. All rights reserved.
- 2. Abhinav Sejpal Who am I ? Tweet at Abhinav_Sejpal Abhinav.Sejpal@owasp.org Security Researcher at Accenture Digital Mobility Certified Ethical Hacker Next Generation Problem Solver Speaker at @null0x00 @OWASPBangalore @Weekendtesting Chapter Reported Security Vulnerabilities for 50+ unique giants all over the world including Apple, Yahoo, VK, Twitter, Microsoft, Adobe & etc. Love to develop nasty code & Hack it J Enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing & fuzzing. Blog at bugwrangler.in Copyright © 2015 Accenture. All rights reserved.
- 11. Are you able to understand the Smali code? Step 3 Copyright © 2015 Accenture. All rights reserved.
- 20. Android App Package Uploading the logic at smali code Build the binary .java Core code .class complied files .dx Dex File .smali Code Sign the APK Copyright © 2015 Accenture. All rights reserved.
- 21. • Reversing APK and get the Smali • Reversing APK and get the Java • Weak Binary controls • Identify the attacks the surface in binary code • Patch the smali code • Rebuild the APK • Android Package signing • Finally bypass the root detection Summary Copyright © 2015 Accenture. All rights reserved.
- 23. Disclaimer • This Presentation is intended for educational purposes only and I cannot be held liable for any kind of damages done whatsoever to your machine, or other damages. • Please - Don't try this attack on any others system without having context knowledge or permission, this may harm to someone directly or indirectly. • Feel free to use this presentation for practice or education purpose. • It's no way related to our Customer – its’ my own research and ideas. Copyright © 2015 Accenture. All rights reserved.
- 24. About Accenture Accenture is a global management consulting, technology services and outsourcing company, with more than 319,000 people serving clients in more than 120 countries. Combining unparalleled experience, comprehensive capabilities across all industries and business functions, and extensive research on the world’s most successful companies, Accenture collaborates with clients to help them become high-performance businesses and governments. The company generated net revenues of US$30.0 billion for the fiscal year ended Aug. 31, 2014. Its home page is www.accenture.com. Accenture Digital, comprised of Accenture Analytics, Accenture Interactive and Accenture Mobility, offers a comprehensive portfolio of business and technology services across digital marketing, mobility and analytics. From developing digital strategies to implementing digital technologies and running digital processes on their behalf, Accenture Digital helps clients leverage connected and mobile devices; extract insights from data using analytics; and enrich end-customer experiences and interactions, delivering tangible results from the virtual world and driving growth. Learn more about Accenture Digital at www.accenture.com/digital. This document makes descriptive reference to trademarks that may be owned by others. The use of such trademarks herein is not an assertion of ownership of such trademarks by Accenture and is not intended to represent or imply the existence of an association between Accenture and the lawful owners of such trademarks. Copyright © 2015 Accenture. All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. This document is produced by consultants at Accenture as general guidance. It is not intended to provide specific advice on your circumstances. If you require advice or further details on any matters referred to, please contact your Accenture representative. Copyright © 2015 Accenture. All rights reserved.