SlideShare une entreprise Scribd logo

Reverse engineering and instrumentation of android apps

Gaurav Lochan
Gaurav Lochan

The document discusses different approaches for instrumenting Android apps to add network monitoring capabilities. It describes choosing to modify the app's dex file by disassembling it to Smali code, inserting instrumentation code, and reassembling it. This allows intercepting HTTP calls without requiring access to the app's source code or build process. The key benefits are that it works on any app and Android version without the app's code needing changes.

Technologie
1  sur  20
Télécharger pour lire hors ligne
Reverse engineering and instrumenting android apps Gaurav Lochan Little Eye Labs Friday 13 December 13
Outline Motivation? Instrumentation Guts of an android app Instrumentation approaches Chosen approach Friday 13 December 13
Motivation? Little Eye Measures, Analyzes and helps optimize app resource usage on Android. But network stats are aggregates only Friday 13 December 13
Motivation (2) Needed granular network stats - each endpoint/URL, Latency, Data transferred Considered different approaches Implement a VPN client app Use a proxy Looked at OS stats - didn’t find anything Java debug wire protocol (JDWP) Instrumentation Friday 13 December 13
Instrumentation ie, Rewriting parts of a binary (in this case, android app) Allows us to intercept HTTP calls, with code-level context (parameters, errors) for each call Works on any app Works on practically any android version/device Opens up a lot of exciting possibilities... Friday 13 December 13
Instrumentation (2) Can be: Static or Runtime Examples Android Traceview (startMethodTracing) Android test automation framework iOS instruments Purify (Rational / IBM) JVM -javaagent option AspectJ Friday 13 December 13
Guts of an app Friday 13 December 13
classes.dx Dalvik is the custom android VM (different from JVM) Dex = Dalvik EXecutable format. It’s a custom bytecode format designed for android Build process: compile .java code into .class files dx converts each .class file into .dx representation, and stores them in the single classes.dx all ref’d library code also goes into classes.dex Friday 13 December 13
Reverse engineering tools Smali (by JesusFreke) - dex disassembler ApkTool - decodes resources, repackage app dex2jar - disassembles dex to .class format JD-GUI - Decompiles .class into .java Androguard - Tool for deep analysis of android app ApkAnalyzer - Tool for analysis of app, also supports instrumentation of the app. Friday 13 December 13
Smali: Before Friday 13 December 13
Smali: After Friday 13 December 13
Androguard Friday 13 December 13
ApkAnalyzer Friday 13 December 13
Instrumentation Approaches Explored the following approaches on android Runtime Instrument .class files during build process Instrument .dex file Friday 13 December 13
Runtime instrumentation A JVM allows this - pass in a java.lang.instrumentation (using the -javaagent flag) which can transform class at class-load time Dalvik doesn’t support this It supports passing in a android.app.instrumentation, but that has a limited set of methods, mostly for automated testing Friday 13 December 13
Instrumenting .class files Considered modifying .class files, in two ways: Using the JavaAssist tool/library AspectJ Both are well understood tools, but need to be done at build time Requires a process change, plus not all of our users have access to the build (e.g. 3rd party QA team) Friday 13 December 13
Instrumenting .dex file Found some tools - none of these looked solid enough dexpler - research project redexer - research project apkil - google summer of code project Tried dex2jar to convert .dx into .class - but this is not a reliable method. Fine for reading code (skip the failed conversions), but not for this use case. Friday 13 December 13
Instrumenting .dex file (2) Smali A simple tool that decompiles the .dx into an intermediate format (also known as smali) This is well-used (e.g. ApkTool, ApkAnalyzer, and apkil use it) Active project, well supported by JesusFreke I disassemble an app, modified the smali code, and reassembled and repackaged, and it just worked! Friday 13 December 13
Automating instrumentation Challenges: Need a way to find all the appropriate calls in the app to replace Need to do it without side-effects. Tried many approaches, JesusFreke pointed me to MutableMethod which did what i needed Called my approach Umbreyta (icelandic for transform). https://github.com/LittleEyeLabs/smali Friday 13 December 13
Voila! Friday 13 December 13

Recommandé

Reverse engineering android apps
Reverse engineering android appsReverse engineering android apps
Reverse engineering android apps
Pranay Airan
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skype
Mário Almeida
 
Reverse Engineering Android Application
Reverse Engineering Android ApplicationReverse Engineering Android Application
Reverse Engineering Android Application
n|u - The Open Security Community
 
Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...
Internet Security Auditors
 
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ZongXian Shen
 
IEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationIEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android Application
Rufatet Babakishiyev
 
JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...
JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...
JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...
Jorge Hidalgo
 
Interpreter RPG to Java
Interpreter RPG to JavaInterpreter RPG to Java
Interpreter RPG to Java
farerobe
 

Recommandé

Reverse engineering android apps
Reverse engineering android appsReverse engineering android apps
Reverse engineering android apps
Pranay Airan
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skype
Mário Almeida
 
Reverse Engineering Android Application
Reverse Engineering Android ApplicationReverse Engineering Android Application
Reverse Engineering Android Application
n|u - The Open Security Community
 
Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...
Internet Security Auditors
 
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ZongXian Shen
 
IEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationIEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android Application
Rufatet Babakishiyev
 
JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...
JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...
JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...
Jorge Hidalgo
 
Interpreter RPG to Java
Interpreter RPG to JavaInterpreter RPG to Java
Interpreter RPG to Java
farerobe
 
Extract source code from an Android apk file
Extract source code from an Android apk fileExtract source code from an Android apk file
Extract source code from an Android apk file
Biwin John
 
Gwt and JSR 269's Pluggable Annotation Processing API
Gwt and JSR 269's Pluggable Annotation Processing APIGwt and JSR 269's Pluggable Annotation Processing API
Gwt and JSR 269's Pluggable Annotation Processing API
Arnaud Tournier
 
Why the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID ArchitectureWhy the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID Architecture
Jorge Ortiz
 
[ApacheCon 2016] Advanced Apache Cordova
[ApacheCon 2016] Advanced Apache Cordova[ApacheCon 2016] Advanced Apache Cordova
[ApacheCon 2016] Advanced Apache Cordova
Hazem Saleh
 
Code Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCoCode Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCo
Evgeny Mandrikov
 
Exploring the power of Gradle in android studio - Basics & Beyond
Exploring the power of Gradle in android studio - Basics & BeyondExploring the power of Gradle in android studio - Basics & Beyond
Exploring the power of Gradle in android studio - Basics & Beyond
Kaushal Dhruw
 
Qtp interview questions and answers
Qtp interview questions and answersQtp interview questions and answers
Qtp interview questions and answers
ITeLearn
 
Droidcon Summary 2021
Droidcon Summary 2021Droidcon Summary 2021
Droidcon Summary 2021
Bartosz Kosarzycki
 
JavaOne 2009 BOF-5189 Griffon In Depth
JavaOne 2009 BOF-5189 Griffon In DepthJavaOne 2009 BOF-5189 Griffon In Depth
JavaOne 2009 BOF-5189 Griffon In Depth
Danno Ferrin
 
Dependence day insurgence
Dependence day insurgenceDependence day insurgence
Dependence day insurgence
Jorge Ortiz
 
Functional Reactive Programming in the Netflix API
Functional Reactive Programming in the Netflix APIFunctional Reactive Programming in the Netflix API
Functional Reactive Programming in the Netflix API
C4Media
 
When Enterprise Java Micro Profile meets Angular
When Enterprise Java Micro Profile meets AngularWhen Enterprise Java Micro Profile meets Angular
When Enterprise Java Micro Profile meets Angular
Antonio Goncalves
 
Apache Cordova In Action
Apache Cordova In ActionApache Cordova In Action
Apache Cordova In Action
Hazem Saleh
 
Effective code reviews
Effective code reviewsEffective code reviews
Effective code reviews
Sebastian Marek
 
Java quick reference
Java quick referenceJava quick reference
Java quick reference
www.programmingarena.com
 
Effective code reviews
Effective code reviewsEffective code reviews
Effective code reviews
Sebastian Marek
 
From zero to hero with React Native!
From zero to hero with React Native!From zero to hero with React Native!
From zero to hero with React Native!
Commit University
 
基於 Flow & Path 的 MVP 架構
基於 Flow & Path 的 MVP 架構基於 Flow & Path 的 MVP 架構
基於 Flow & Path 的 MVP 架構
玄武 Wu
 
Programming in Java
Programming in JavaProgramming in Java
Programming in Java
Abhilash Nair
 
Apache Deltaspike the CDI Toolbox (Java One 2015)
Apache Deltaspike the CDI Toolbox (Java One 2015)Apache Deltaspike the CDI Toolbox (Java One 2015)
Apache Deltaspike the CDI Toolbox (Java One 2015)
Antoine Sabot-Durand
 
Carrers in instrumentation engineering
Carrers in instrumentation engineeringCarrers in instrumentation engineering
Carrers in instrumentation engineering
entranzz123
 
Mechanical, Electrical and Instrumentation Engineering for Non-Engineers
Mechanical, Electrical and Instrumentation Engineering for Non-EngineersMechanical, Electrical and Instrumentation Engineering for Non-Engineers
Mechanical, Electrical and Instrumentation Engineering for Non-Engineers
Living Online
 

Contenu connexe

Tendances

Why the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID ArchitectureWhy the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID Architecture
Jorge Ortiz
 
[ApacheCon 2016] Advanced Apache Cordova
[ApacheCon 2016] Advanced Apache Cordova[ApacheCon 2016] Advanced Apache Cordova
[ApacheCon 2016] Advanced Apache Cordova
Hazem Saleh
 
Code Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCoCode Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCo
Evgeny Mandrikov
 
When Enterprise Java Micro Profile meets Angular
When Enterprise Java Micro Profile meets AngularWhen Enterprise Java Micro Profile meets Angular
When Enterprise Java Micro Profile meets Angular
Antonio Goncalves
 

Tendances (20)

Extract source code from an Android apk file
Extract source code from an Android apk fileExtract source code from an Android apk file
Extract source code from an Android apk file
 
Gwt and JSR 269's Pluggable Annotation Processing API
Gwt and JSR 269's Pluggable Annotation Processing APIGwt and JSR 269's Pluggable Annotation Processing API
Gwt and JSR 269's Pluggable Annotation Processing API
 
Why the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID ArchitectureWhy the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID Architecture
 
[ApacheCon 2016] Advanced Apache Cordova
[ApacheCon 2016] Advanced Apache Cordova[ApacheCon 2016] Advanced Apache Cordova
[ApacheCon 2016] Advanced Apache Cordova
 
Code Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCoCode Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCo
 
Exploring the power of Gradle in android studio - Basics & Beyond
Exploring the power of Gradle in android studio - Basics & BeyondExploring the power of Gradle in android studio - Basics & Beyond
Exploring the power of Gradle in android studio - Basics & Beyond
 
Qtp interview questions and answers
Qtp interview questions and answersQtp interview questions and answers
Qtp interview questions and answers
 
Droidcon Summary 2021
Droidcon Summary 2021Droidcon Summary 2021
Droidcon Summary 2021
 
JavaOne 2009 BOF-5189 Griffon In Depth
JavaOne 2009 BOF-5189 Griffon In DepthJavaOne 2009 BOF-5189 Griffon In Depth
JavaOne 2009 BOF-5189 Griffon In Depth
 
Dependence day insurgence
Dependence day insurgenceDependence day insurgence
Dependence day insurgence
 
Functional Reactive Programming in the Netflix API
Functional Reactive Programming in the Netflix APIFunctional Reactive Programming in the Netflix API
Functional Reactive Programming in the Netflix API
 
When Enterprise Java Micro Profile meets Angular
When Enterprise Java Micro Profile meets AngularWhen Enterprise Java Micro Profile meets Angular
When Enterprise Java Micro Profile meets Angular
 
Apache Cordova In Action
Apache Cordova In ActionApache Cordova In Action
Apache Cordova In Action
 
Effective code reviews
Effective code reviewsEffective code reviews
Effective code reviews
 
Java quick reference
Java quick referenceJava quick reference
Java quick reference
 
Effective code reviews
Effective code reviewsEffective code reviews
Effective code reviews
 
From zero to hero with React Native!
From zero to hero with React Native!From zero to hero with React Native!
From zero to hero with React Native!
 
基於 Flow & Path 的 MVP 架構
基於 Flow & Path 的 MVP 架構基於 Flow & Path 的 MVP 架構
基於 Flow & Path 的 MVP 架構
 
Programming in Java
Programming in JavaProgramming in Java
Programming in Java
 
Apache Deltaspike the CDI Toolbox (Java One 2015)
Apache Deltaspike the CDI Toolbox (Java One 2015)Apache Deltaspike the CDI Toolbox (Java One 2015)
Apache Deltaspike the CDI Toolbox (Java One 2015)
 

En vedette

Mechanical, Electrical and Instrumentation Engineering for Non-Engineers
Mechanical, Electrical and Instrumentation Engineering for Non-EngineersMechanical, Electrical and Instrumentation Engineering for Non-Engineers
Mechanical, Electrical and Instrumentation Engineering for Non-Engineers
Living Online
 
Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...
Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...
Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...
eeiej
 
Jason Fong - Instrumentation Engineering Technologist update April 18
Jason Fong - Instrumentation Engineering Technologist update April 18Jason Fong - Instrumentation Engineering Technologist update April 18
Jason Fong - Instrumentation Engineering Technologist update April 18
Jason Fong
 
Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...
Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...
Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...
SCADAmetrics
 

En vedette (14)

Carrers in instrumentation engineering
Carrers in instrumentation engineeringCarrers in instrumentation engineering
Carrers in instrumentation engineering
 
Mechanical, Electrical and Instrumentation Engineering for Non-Engineers
Mechanical, Electrical and Instrumentation Engineering for Non-EngineersMechanical, Electrical and Instrumentation Engineering for Non-Engineers
Mechanical, Electrical and Instrumentation Engineering for Non-Engineers
 
Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...
Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...
Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...
 
Big picture of electronics and instrumentation engineering
Big picture of electronics and instrumentation engineeringBig picture of electronics and instrumentation engineering
Big picture of electronics and instrumentation engineering
 
Instrumentation Engineering
Instrumentation EngineeringInstrumentation Engineering
Instrumentation Engineering
 
Presentation on e&i supports
Presentation on e&i supportsPresentation on e&i supports
Presentation on e&i supports
 
Jason Fong - Instrumentation Engineering Technologist update April 18
Jason Fong - Instrumentation Engineering Technologist update April 18Jason Fong - Instrumentation Engineering Technologist update April 18
Jason Fong - Instrumentation Engineering Technologist update April 18
 
instrumentation Engineering Cv
instrumentation Engineering Cvinstrumentation Engineering Cv
instrumentation Engineering Cv
 
Hacking for Fun and Profit
Hacking for Fun and ProfitHacking for Fun and Profit
Hacking for Fun and Profit
 
Lecture 10
Lecture 10Lecture 10
Lecture 10
 
Industrial training at Numaligarh Refinery Limited ( Instrumentation Engineer...
Industrial training at Numaligarh Refinery Limited ( Instrumentation Engineer...Industrial training at Numaligarh Refinery Limited ( Instrumentation Engineer...
Industrial training at Numaligarh Refinery Limited ( Instrumentation Engineer...
 
Hedland Variable Area Flow Meters
Hedland Variable Area Flow MetersHedland Variable Area Flow Meters
Hedland Variable Area Flow Meters
 
Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...
Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...
Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...
 
Blancett Turbine Flow Meters
Blancett Turbine Flow MetersBlancett Turbine Flow Meters
Blancett Turbine Flow Meters
 

Similaire à Reverse engineering and instrumentation of android apps

TripCase Unit Testing with Jasmine
TripCase Unit Testing with JasmineTripCase Unit Testing with Jasmine
TripCase Unit Testing with Jasmine
Stephen Pond
 
Use Ruby to Write (and Test) Your Next Android App
Use Ruby to Write (and Test) Your Next Android AppUse Ruby to Write (and Test) Your Next Android App
Use Ruby to Write (and Test) Your Next Android App
Joel Byler
 

Similaire à Reverse engineering and instrumentation of android apps (20)

Tools/Processes for serious android app development
Tools/Processes for serious android app developmentTools/Processes for serious android app development
Tools/Processes for serious android app development
 
Javascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and BackboneJavascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
 
TripCase Unit Testing with Jasmine
TripCase Unit Testing with JasmineTripCase Unit Testing with Jasmine
TripCase Unit Testing with Jasmine
 
An Introduction to AngularJS
An Introduction to AngularJSAn Introduction to AngularJS
An Introduction to AngularJS
 
Ruby meetup 7_years_in_testing
Ruby meetup 7_years_in_testingRuby meetup 7_years_in_testing
Ruby meetup 7_years_in_testing
 
Use Ruby to Write (and Test) Your Next Android App
Use Ruby to Write (and Test) Your Next Android AppUse Ruby to Write (and Test) Your Next Android App
Use Ruby to Write (and Test) Your Next Android App
 
Mobile development in 2020
Mobile development in 2020 Mobile development in 2020
Mobile development in 2020
 
Google App Engine for Java
Google App Engine for JavaGoogle App Engine for Java
Google App Engine for Java
 
PhpStorm for WordPress
PhpStorm for WordPressPhpStorm for WordPress
PhpStorm for WordPress
 
Plugin-based software design with Ruby and RubyGems
Plugin-based software design with Ruby and RubyGemsPlugin-based software design with Ruby and RubyGems
Plugin-based software design with Ruby and RubyGems
 
OOP_chapter _1.pptx
OOP_chapter _1.pptxOOP_chapter _1.pptx
OOP_chapter _1.pptx
 
PERFORMANCE COMPARISON ON JAVA TECHNOLOGIES - A PRACTICAL APPROACH
PERFORMANCE COMPARISON ON JAVA TECHNOLOGIES - A PRACTICAL APPROACHPERFORMANCE COMPARISON ON JAVA TECHNOLOGIES - A PRACTICAL APPROACH
PERFORMANCE COMPARISON ON JAVA TECHNOLOGIES - A PRACTICAL APPROACH
 
Performance comparison on java technologies a practical approach
Performance comparison on java technologies a practical approachPerformance comparison on java technologies a practical approach
Performance comparison on java technologies a practical approach
 
iOS Client Side Analysis
iOS Client Side AnalysisiOS Client Side Analysis
iOS Client Side Analysis
 
Droid con 2013 workshop unit testing in android [robolectirc]
Droid con 2013 workshop unit testing in android [robolectirc]Droid con 2013 workshop unit testing in android [robolectirc]
Droid con 2013 workshop unit testing in android [robolectirc]
 
Towards SLA-based Scheduling on YARN Clusters
Towards SLA-based Scheduling on YARN ClustersTowards SLA-based Scheduling on YARN Clusters
Towards SLA-based Scheduling on YARN Clusters
 
Javascript Frameworks Comparison
Javascript Frameworks ComparisonJavascript Frameworks Comparison
Javascript Frameworks Comparison
 
Introduction to Android Development Part 1
Introduction to Android Development Part 1Introduction to Android Development Part 1
Introduction to Android Development Part 1
 
Android For Java Developers
Android For Java DevelopersAndroid For Java Developers
Android For Java Developers
 
Test automation
Test automationTest automation
Test automation
 

Dernier

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Dernier (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 

Reverse engineering and instrumentation of android apps

  • 1. Reverse engineering and instrumenting android apps Gaurav Lochan Little Eye Labs Friday 13 December 13
  • 2. Outline Motivation? Instrumentation Guts of an android app Instrumentation approaches Chosen approach Friday 13 December 13
  • 3. Motivation? Little Eye Measures, Analyzes and helps optimize app resource usage on Android. But network stats are aggregates only Friday 13 December 13
  • 4. Motivation (2) Needed granular network stats - each endpoint/URL, Latency, Data transferred Considered different approaches Implement a VPN client app Use a proxy Looked at OS stats - didn’t find anything Java debug wire protocol (JDWP) Instrumentation Friday 13 December 13
  • 5. Instrumentation ie, Rewriting parts of a binary (in this case, android app) Allows us to intercept HTTP calls, with code-level context (parameters, errors) for each call Works on any app Works on practically any android version/device Opens up a lot of exciting possibilities... Friday 13 December 13
  • 6. Instrumentation (2) Can be: Static or Runtime Examples Android Traceview (startMethodTracing) Android test automation framework iOS instruments Purify (Rational / IBM) JVM -javaagent option AspectJ Friday 13 December 13
  • 7. Guts of an app Friday 13 December 13
  • 8. classes.dx Dalvik is the custom android VM (different from JVM) Dex = Dalvik EXecutable format. It’s a custom bytecode format designed for android Build process: compile .java code into .class files dx converts each .class file into .dx representation, and stores them in the single classes.dx all ref’d library code also goes into classes.dex Friday 13 December 13
  • 9. Reverse engineering tools Smali (by JesusFreke) - dex disassembler ApkTool - decodes resources, repackage app dex2jar - disassembles dex to .class format JD-GUI - Decompiles .class into .java Androguard - Tool for deep analysis of android app ApkAnalyzer - Tool for analysis of app, also supports instrumentation of the app. Friday 13 December 13
  • 10. Smali: Before Friday 13 December 13
  • 11. Smali: After Friday 13 December 13
  • 14. Instrumentation Approaches Explored the following approaches on android Runtime Instrument .class files during build process Instrument .dex file Friday 13 December 13
  • 15. Runtime instrumentation A JVM allows this - pass in a java.lang.instrumentation (using the -javaagent flag) which can transform class at class-load time Dalvik doesn’t support this It supports passing in a android.app.instrumentation, but that has a limited set of methods, mostly for automated testing Friday 13 December 13
  • 16. Instrumenting .class files Considered modifying .class files, in two ways: Using the JavaAssist tool/library AspectJ Both are well understood tools, but need to be done at build time Requires a process change, plus not all of our users have access to the build (e.g. 3rd party QA team) Friday 13 December 13
  • 17. Instrumenting .dex file Found some tools - none of these looked solid enough dexpler - research project redexer - research project apkil - google summer of code project Tried dex2jar to convert .dx into .class - but this is not a reliable method. Fine for reading code (skip the failed conversions), but not for this use case. Friday 13 December 13
  • 18. Instrumenting .dex file (2) Smali A simple tool that decompiles the .dx into an intermediate format (also known as smali) This is well-used (e.g. ApkTool, ApkAnalyzer, and apkil use it) Active project, well supported by JesusFreke I disassemble an app, modified the smali code, and reassembled and repackaged, and it just worked! Friday 13 December 13
  • 19. Automating instrumentation Challenges: Need a way to find all the appropriate calls in the app to replace Need to do it without side-effects. Tried many approaches, JesusFreke pointed me to MutableMethod which did what i needed Called my approach Umbreyta (icelandic for transform). https://github.com/LittleEyeLabs/smali Friday 13 December 13