Beginners Guide to Reverse Engineering Android ... - RSA Conference [PDF]

Recommend Documents

Android Beginners Guide (pdf)

May 19, 2010 ... A Beginner's Guide to Android. Reto Meier. May 19 ... for Beginners. Reto Meier .... .

Android Beginners Guide ( pdf ) - Google dl

A description for this result is not available because of this site's robots.txtLearn more

Reverse Engineering Android: Disassembly & Code Injection

[email protected] - www.syssec-project.eu. 2. Roadmap. • The APK Structure. • The Tools. • Hacking Approach. • Disassembly & App Analysis. • Code Injection ...

The 2014 Securosis RSA Conference Guide

Securosis, L.L.C. 515 E. Carefree Highway, Suite 766 Phoenix, AZ 85085 T 602-412-3051 .... provides advanced analysis ca

The 2014 Securosis RSA Conference Guide

vendors continue to roll their stuff into VMs and AMIs that can run in public and private clouds. So they are ready to s

Security Startups - The CISO's Guide to Flying High ... - RSA Conference

The security industry moves fast. WE SEEâ¦ WE HADâ¦ 6. 9 new startups every month. 5 new categories every six months.

Android Architecture For Beginners

Apr 22, 2013 ... smartphones, 42% in tablets, available on smart TVs and mini PC. Leon Romanovsky [email protected]. Android Architecture For Beginners ...

Android Beginners Workshop - Plastiblends

Feb 23, 2010 - Download this presentation as PDF: http://www.androidpit.de/files/androidpit-beginners-workshop-2010.pdf.

Android Beginners Workshop - Plastiblends

Download this presentation as PDF: http://www.androidpit.de/files/androidpit-beginners-workshop-2010.pdf. Android Beginn

Hacking Exposed - RSA Conference

We define malware as âmalicious softwareâ or anything that can run on an endpoint and do bad things. This includes .

Beginners Guide to Corrosion

Wash away conductive pollutants regularly. (c) Apply a current to the material (see cathodic protection). (2) Slow down or stop oxygen from reaching the surface.

RSA Guide

This guide complements our other guides for vehicle operators and drivers. They ... Competence (Driver CPC). 89 Appendix 4: Sample HGV vehicle inspection checklist ..... For example, a petrol tanker is likely to require more thorough daily ...

android examples for beginners pdf - Google Drive

Connect more apps... Try one of the apps below to open or edit this item. android examples for beginners pdf. android ex

android examples for beginners pdf - Google Drive

android examples for beginners pdf. android examples for beginners pdf. Open. Extract. Open with. Sign In. Main menu. Di

Beginners Guide to Bird Song - Saltscape [PDF]

May 1, 2017 - Tweeter Bird Sounds (Windows 8 phones & all Windows 10 devices, free) ... UK Bird Sounds (Android, only one sound per bird, free).

Reverse Engineering Relational Schemas to

Jul 1, 1996 - parentheses following the name of the foreign key refers to the table of which it is a primary key. Note that in many modern RDBMSs, all this ...

Mobile Vulnerabilities From Data Breach to ... - RSA Conference [PDF]

#RSAC. External. Android stores. Repackaged. Apps. iOS impact ... 10%. 20%. 30%. 40%. 50%. 0. 1 Month. 2 Months. 3 Months. 4 Months. % affected d evices.

Human Hacking Exposed - RSA Conference

Session ID: Session Classification: Christopher Hadnagy. Social-Engineer.Com. Human Hacking Exposed. 6 Preventative Tips. That Can. Save Your Company.

Reverse Engineering

CDES specializes in developing 3D models that match original as-designed features and also the parametric ones to aid OEMs remanufacture the parts and replace them with the worn-out ones.

Reverse Engineering

1) From the toolbar Select TOOLSâJava/J2EE (or any other language) âReverse Engineering. 2) Select the folder which

reverse engineering

important tools, which help in this process, are different scanning ... direct control on machine tool in advance. ..... RE for foundry parts and tools reconstruction.

Engineering Reverse

Our team of engineer’s leverages reverse engineering principle to generate a CAD model from inputs of laser scanned data received from fabricators, OEM firms, and plant owners

THE BEGINNERS GUIDE TO INVESTING

THE BEGINNERS GUIDE TO INVESTING. A P U B L I C A T I O N O F C R E D I T G U A R D O F A M E R I C A l s risks. Nowadays, more ...

Cyber Security & Aviation - RSA Conference

Cyber Security & Aviation. MASH-F01. Managing ... General Counsel & Managing Director Information. Security. TAL

Beginners Guide to Reverse Engineering Android ... - RSA Conference [PDF]

Download PDF

2 downloads 149 Views 950KB Size Report

Comment

Beginners Guide to Reverse Engineering. Android Apps. STU- ... Anatomy of an Android app. â Obtaining our target apps. â Getting our hands dirty: ... Page 10 ...

Beginners Guide to Reverse Engineering Android Apps SESSION ID: STU-W02B

Pau Oliva Fora Sr. Mobile Security Engineer viaForensics @pof

Agenda 

Anatomy of an Android app



Obtaining our target apps



Getting our hands dirty: reversing the target application



Demo using Santoku Linux

#RSAC

2

Anatomy of an Android app

Anatomy of an Android app 

Simple ZIP file, renamed to “APK” extension



App resources



Signature



Manifest (binary XML)

#RSAC

4

Obtaining our target apps

Getting the APK from the phone 

Backup to SD Card: 

APKOptic



Astro file manager



etc…

#RSAC

6

Getting the APK from the phone 

Using ADB (Android Debug Bridge): 

adb shell pm list packages



adb pull /data/app/package-name-1.apk

#RSAC

7

Downloading the APK from Google Play 

Using unofficial Google Play API: 



https://github.com/egirault/googleplay-api

Using a web service or browser extension: 

http://apps.evozi.com/apk-downloader/



http://apify.ifc0nfig.com/static/clients/apk-downloader/

#RSAC

8

Downloading the APK from Google Play 

Using unofficial Google Play API: 



https://github.com/egirault/googleplay-api

Using a web service or browser extension: 

http://apps.evozi.com/apk-downloader/



http://apify.ifc0nfig.com/static/clients/apk-downloader/

#RSAC

9

Getting our hands dirty: reversing the target application

Disassembling

DEX

Smali #RSAC

11

Apktool 

apktool https://code.google.com/p/android -apktool/ 

Multi platform, Apache 2.0 license



Decode resources to original form (and rebuild after modification)



Transforms binary Dalvik bytecode (classes.dex) into Smali source

#RSAC

12

Smali

#RSAC

13

Decompiling – Java Decompiler

DEX

JAR

JAVA #RSAC

14

Dex2Jar 

dex2jar - https://code.google.com/p/dex2jar/ 

Multi platform, Apache 2.0 license



Converts Dalvik bytecode (DEX) to java bytecode (JAR)



Allows to use any existing Java decompiler with the resulting JAR file

#RSAC

15

Java Decompilers 





Jd-gui - http://jd.benow.ca/ 

Multi platform



closed source

JAD - http://varaneckas.com/jad/ 

Multi platform



closed source



Command line

Others: Dare, Mocha, Procyon, … #RSAC

16

Decompiling – Android (Dalvik) decompiler

DEX

JAVA #RSAC

17

Dalvik Decompilers 

Transforming DEX to JAR looses important metadata that the decompiler could use. 



Pure Dalvik decompilers skip this step, so they produce better output

Unfortunately there are not as many choices for Android decompilers as for Java decompilers: 

Open Source: Androguard’s DAD - https://code.google.com/p/androguard/



Commercial: JEB - http://www.android-decompiler.com/



Others?

#RSAC

18

Demo – Santoku

Demo – Santoku Linux 

Santoku Linux https://santoku-linux.com/ 

Mobile Forensics



Mobile Malware analysis



Mobile application assessment

#RSAC

20

Summary 

APK files are ZIP files, can be extracted with any unzip utility



Apktool helps extracting binary resources, and allows repacking



Dex2jar converts Dalvik Bytecode to Java Bytecode



Pure Android decompilers are better



Santoku Linux has all the tools you need to reverse engineering mobile apps

#RSAC

21

Q&A | Contact | Feedback 

Thanks for listening…



@pof



github.com/poliva



[email protected]

#RSAC

22