droidcon Greece Thessaloniki September 2015
|
|
- Barnard Lane
- 5 years ago
- Views:
Transcription
1 droidcon Greece Thessaloniki September 2015
2 Reverse Engineering in Android Countermeasures and Tools
3 $ whoami > Dario Incalza > Application Security Engineering Analyst > Android Developer
4 CONTENTS > Motivation > Android App Anatomy and Building Process > Reverse Engineering > Tools with Use Case > Countermeasures
5 MOTIVATION > Good Guys: > Understand Malware > Security Research > Bad Guys: > Piracy > Steal Intellectual Property > Introduce backdoors
6 IS IT LEGAL? > Law is a gray area! > Depends on country > Depends on purpose (i.e. achieve interoperability) > End User License Agreement (EULA) > Takes away all doubt > Almost always illegal > For educational purposes ;-)
7 CONTENTS > Motivation > Android App Anatomy and Building Process > Reverse Engineering > Tools with Use Case > Countermeasures
8 Android Application Anatomy.zip file Android Package (.apk) Dalvik byte code uncompiled resources classes.dex resources. arsc Compiled resources Third-party.so libraries AndroidManifest.xml Native Libraries Binary version of AndroidManifest.xml
9 Android Build Process
10 Application Execution > classes.dex is executed > Dalvik <-> ART (since Android 4.4) > Optimize code for execution > Dalvik: Just-in-Time (JIT) > ART : Ahead-of-Time (AOT)
11 Application Execution JIT AOT
12 CONTENTS > Motivation > Android App Anatomy and Building Process > Reverse Engineering > Tools with Use Case > Countermeasures
13 Reverse Engineering Dalvik ByteCode APK RE Tools Java Code Smali/Jasmin Native Code
14 Reverse Engineering Dalvik ByteCode Dalvik ByteCode Java Code RE Tools Smali/Jasmin
15 Reverse Engineering Smali Dalvik ByteCode Java Code RE Tools Smali/Jasmin
16 Reverse Engineering To which format do I RE the.apk? > Depends on what you want to achieve > Understanding internal mechanisms => Java Code > Instrumenting RE Tools apps => Dalvik/Smali Bytecode/Jasmin > Native libraries => RE the.so library to native code Usually a combination of all Smali/Jasmin Native Code
17 Reverse Engineering RE Java Code Information < Original Java Code Information Reason: Information RE loss Tools when building classes.dex from.class Smali/Jasmin Consequence: Impossible to rebuild RE Java Code, use Dalvik Byte Code format instead Native Code
18 Reverse Engineering How does a regular RE process RE Tools looks like? Smali/Jasmin Native Code
19 Reverse Engineering First Step: Objectives Who wrote the app? What permissions does it use and why does it need them? Is it using crypto, if so, what is it encrypting? Is it using reflection, RE if so, Tools why is it using reflection? Is it using dynamic bytecode loading, if so why is it using it? Is it using obfuscation? Smali/Jasmin Is it malware? Native Code
20 Reverse Engineering Second Step: Info gathering > Don t jump to looking at code in the wild! > app name, icon, activities, receivers, services, permissions, intents (AndroidManifest.xml) > strings.xml RE Tools > native.so libraries Smali/Jasmin > signature of the app Native Code
21 Reverse Engineering Third Step: Hacking Time Now experience comes into play > decompile classes.dex or.so libraries > Find entry-points RE Tools > Search for dynamic bytecode Smali/Jasmin loading, permission usage, reflection, crypto code Native Code
22 CONTENTS > Motivation > Android App Anatomy and Building Process > Reverse Engineering > Tools with Use Case > Countermeasures
23 Use Case AnserverBot Trojan RE Tools (August Yajin Zhou, Xuxian Jiang ) Smali/Jasmin Native Code
24 Use Case - AnserverBot Trojan Dynamic Bytecode Loading Reflection RE Tools Smali/Jasmin Aggressive Obfuscation Native Code C&C Server
25 Use Case - AnserverBot Trojan Background Service RE Tools Smali/Jasmin Native Code Dynamically Loaded
26 Use Case - AnserverBot Trojan $ unzip anserverbot_sample.apk $ cd assets Payload A Payload B
27 Use Case - APKTool $ apktool d anserverbot_sample.apk
28 Use Case - AnserverBot Trojan - AndroidManifest SUSPICIOUS
29 Use Case - AnserverBot Trojan - AndroidManifest SUSPICIOUS
30 Use Case - AnserverBot Trojan - Payloads Anservera.db and Anserverb.db are not database files. Zip archives? => Android apps
31 Use Case - AnserverBot Trojan - Payloads $ apktool d anservera.db
32 Use Case - AnserverBot Trojan Dynamic Bytecode Loading Payloads == Android code => Dynamic Bytecode loading! Use ARES (Android Reverse Engineering Suite) or Androguard!
33 Use Case - AnserverBot Trojan - ARES Payload A uses Dynamic Bytecode Loading AND Reflection
34 Use Case - AnserverBot Trojan - ARES Lcom/sec/android/providers/ drm/style -> a() Lcom/sec/android/providers/ drm/style -> b() Lcom/sec/android/providers/ drm/style -> c()
35 Use Case - AnserverBot Trojan Next steps: > Look at the methods a(), b() and c() > You ll see obfuscation and encryption > Use symbolic execution to get rid off encryption > I.e. Simplify
36 Use Case Simplify If an app's strings are encrypted, Simplify will interpret the app in its own virtual machine to determine semantics. Then, it uses the apps own code to decrypt the strings and replaces the encrypted strings and the decryption method calls with the decrypted versions.
37 Use Case Anserverbot Trojan C&C Command & Control (Phone Home) Goal: Keep control, update payloads and push back info Server addresses are hardcoded but encrypted > Custom Base64 encryption What to do?
38 Use Case Decompile with Simplify Smali Files Classes.dex JAR Smali from Simplify dex2jar JAD APK Eliminates useless code, encryption, makes code more readable
39 Summary Tools Androguard: Reverse Engineering API written in Python, comes with a shell ARES: Android Reverse Engineering Suite, build on Androguard Simplify: Symbolic code executioner, rewrites code to simplify and eliminate encryption, dead/useless code. DEX2JAR/DEX2JASMIN/DEX2SMALI: Transform classes.dex to intermediate code
40 Summary Tools JEB: Android Reverse Engineering Suite (Commercial) Radare: Reverse Engineering Tool, Android support APKTool: Automate decompilation of resources and classes.dex to smali APKStudio: An IDE for decompiling/editing & then recompiling of android application binaries.
41 CONTENTS > Motivation > Android App Anatomy and Building Process > Reverse Engineering > Tools with Use Case > Countermeasures
42 COUNTERMEASURES How to protect your code once it is distributed? No silver bullet =(
43 COUNTERMEASURES > Tamper detection > Dynamic Bytecode Loading > Obfuscation > Anti-debugging > Code/String Encryption > Code Guards
44 COUNTERMEASURES TAMPER DETECTION > Detect app modification/repacking > APKTool makes it easy to repack > What if we could detect rebuild/recompilation/repackaging? Source: BlueBox Security
45 COUNTERMEASURES TAMPER DETECTION Idea: Use the AndroidManifest.xml > Purpose: provide metadata: permissions, activities, services, etc. > Compiled to binary format in APK > During build: text => binary (aapt) > What about binary to text? (apktool)
46 COUNTERMEASURES TAMPER DETECTION > When parsed by Android, attributes are identified according to an id: <public type="attr" name="name" id="0x " /> > Inject a name attribute into <application> with an unknown id, Android will not recognize it as a name attribute.
47 COUNTERMEASURES TAMPER DETECTION > Result: Android will parse manifest just fine, APKTool will include a proper name attribute when rebuilding APK > Executing a rebuild APK with APKTool will execute the injected name (i.e. detect.class) and thus trigger an alarm
48 COUNTERMEASURES TAMPER DETECTION <application> < android.name= detect.class > <activity android:name= "com.example.manifestexample.mainactivity"> <intent filter> <action android:name= "android.intent.action.main" / > </intent filter > </activity> </application>
49 COUNTERMEASURES Dynamic Bytecode Loading > Code that is not statically available cannot be RE > Use Dynamic Bytecode Loading for critical code > Ship code as encrypted asset > Attack: dump code from memory > Tool: DABiB Dynamic Android Binary Debugger
50 COUNTERMEASURES Obfuscation > Idea: transform source or byte code to human unreadable but semantically equivalent code > Inject useless code > Disrupt call graph flow by using reflection and dynamic bytecode loading > Encrypt assets and libraries > Class/String Encryption
51 COUNTERMEASURES Obfuscation > Tools: ProGuard/DexGuard, Arxan, DashO, Allatori, Stringer > Attack: Decompile code and start with entry-point, refactor through code, use Simplify
52 COUNTERMEASURES ANTI-DEBUGGING > Idea: detect debugging environment > Different behavior than in non-debugging environment > Only works if you know the execution environment (we do) > Tools: DexGuard Enterprise, Arxan
53 COUNTERMEASURES Code/String Encryption
54 COUNTERMEASURES Code/String Encryption Packers Static Dynamic Stub Application Execution Stub Application Hidden Encrypted Code Decrypted Code
55 COUNTERMEASURES Code/String Encryption Packers (Bangcle, Pangxie) > Static analysis is hard > Code can still be dumped from memory after unpacking on runtime > Slows attacker down > Tools: DexGuard, Arxan, Stringer, Allatori
56 COUNTERMEASURES Code Guards > Inject guards in bytecode > Protect and check program flow > Re-initialize critical values > Detect hooks > Check signature > Check app checksum > Tool: Arxan
57 COUNTERMEASURES Conclusion > Security should be a requirement in SDLC > Work towards thin Android apps > Business critical code on server > Deploy countermeasures to slow down RE
58 Thank you! droidcon Greece Thessaloniki YOUR AVATAR or YOUR PHOTO Dario Incalza Application Security Engineering Analyst LSEC Leaders in
Ch 7: Mobile Device Management. CNIT 128: Hacking Mobile Devices. Updated
Ch 7: Mobile Device Management CNIT 128: Hacking Mobile Devices Updated 4-4-17 What is MDM? Frameworks that control, monitor, and manage mobile devices Deployed across enterprises or service providers
More informationAndroid Malware Reverse Engineering
Android Malware Reverse Engineering Axelle Apvrille Hack.Lu, October 2016 Hack.Lu 2016 - A. Apvrille 2/46 Hello Who am I? Axelle Apvrille Welcome! Security researcher at Fortinet, Fortiguard Labs Topic:
More informationAbusing Android In-app Billing feature thanks to a misunderstood integration. Insomni hack 18 22/03/2018 Jérémy MATOS
Abusing Android In-app Billing feature thanks to a misunderstood integration Insomni hack 18 22/03/2018 Jérémy MATOS whois securingapps Developer background Worked last 12 years in Switzerland on security
More informationA Framework for Evaluating Mobile App Repackaging Detection Algorithms
A Framework for Evaluating Mobile App Repackaging Detection Algorithms Heqing Huang, PhD Candidate. Sencun Zhu, Peng Liu (Presenter) & Dinghao Wu, PhDs Repackaging Process Downloaded APK file Unpack Repackaged
More informationOWASP German Chapter Stammtisch Initiative/Ruhrpott. Android App Pentest Workshop 101
OWASP German Chapter Stammtisch Initiative/Ruhrpott Android App Pentest Workshop 101 About What we will try to cover in the first session: Setup of a Mobile Application Pentest Environment Basics of Mobile
More informationCUHK CSE ADAM: An Automatic & Extensible Platform Stress Test Android Anti-Virus Systems John Spark Patrick C.S. Lui ZHENG Min P.C.
ADAM: An Automatic & Extensible Platform To Stress Test Android Anti-Virus Systems John C.S. Lui Patrick P.C. Lee 1 of 15 Android Malware Up 3,325% in 2011 1. This past year, we saw a significant increase
More informationSmall footprint inspection techniques for Android
Small footprint inspection techniques for Android Damien Cauquil, Pierre Jaury 29C3 December 29, 2012 Damien Cauquil, Pierre Jaury Small footprint inspection techniques for Android 1 / 33 Introduction
More informationAppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware
AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware Wenbo Yang 1(B), Yuanyuan Zhang 1, Juanru Li 1, Junliang Shu 1,BodongLi 1, Wenjun Hu 2,3,andDawuGu 1 1 Computer Science and
More informationManaged. Code Rootkits. Hooking. into Runtime. Environments. Erez Metula ELSEVIER. Syngress is an imprint of Elsevier SYNGRESS
Managed Code Rootkits Hooking into Runtime Environments Erez Metula ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an imprint
More informationAnother difference is that the kernel includes only the suspend to memory mechanism, and not the suspend to hard disk, which is used on PCs.
9. Android is an open-source operating system for mobile devices. Nowadays, it has more than 1.4 billion monthly active users (statistic from September 2015) and the largest share on the mobile device
More informationBreaking and Securing Mobile Apps
Breaking and Securing Mobile Apps Aditya Gupta @adi1391 adi@attify.com +91-9538295259 Who Am I? The Mobile Security Guy Attify Security Architecture, Auditing, Trainings etc. Ex Rediff.com Security Lead
More informationAppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware
AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware Yang Wenbo 1(B), Zhang Yuanyuan 1, Li Juanru 1, Shu Junliang 1 Li Bodong 1, Hu Wenjun 2,3, Gu Dawu 1 1 Computer Science and
More informationTechnical Report. Verifying the Integrity of Open Source Android Applications. Michael Macnair. RHUL MA March 2015
Verifying the Integrity of Open Source Android Applications Michael Macnair Technical Report RHUL MA 2015 4 4 March 2015 Information Security Group Royal Holloway University of London Egham, Surrey, TW20
More informationAndroid app protection through anti-tampering and anti-debugging Techniques
Android app protection through anti-tampering and anti-debugging Techniques by Jia Wan A thesis submitted to the School of Computing in conformity with the requirements for the degree of Master of Science
More informationThe Security of Android APKs
Masaryk University Faculty of Informatics The Security of Android APKs Bachelor s Thesis Michaela Lubyová Brno, Spring 2017 Declaration Hereby I declare that this paper is my original authorial work,
More informationAre Your Mobile Apps Well Protected? Daniel Xiapu Luo Department of Computing The Hong Kong Polytechnic Unviersity
Are Your Mobile Apps Well Protected? Daniel Xiapu Luo csxluo@comp.polyu.edu.hk Department of Computing The Hong Kong Polytechnic Unviersity 1 What if your mobile app is reverse-engineered by others? Core
More informationID: Sample Name: YNtbLvNHuo Cookbook: defaultandroidfilecookbook.jbs Time: 14:44:34 Date: 12/01/2018 Version:
ID: 42511 Sample Name: YNtbLvNHuo Cookbook: defaultandroidfilecookbook.jbs Time: 14:44:34 Date: 12/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information
More informationIP Protection in Java Based Software
IP Protection in Java Based Software By Drona Wilddiary.com Java - The preferred choice A simple Object Oriented Language VM approach, Platform independent Omnipresent - Presence on Desktop, Web browsers
More informationWhen providing a native mobile app ruins the security of your existing web solution. CyberSec Conference /11/2015 Jérémy MATOS
When providing a native mobile app ruins the security of your existing web solution CyberSec Conference 2015 05/11/2015 Jérémy MATOS whois securingapps Developer background Spent last 10 years working
More informationMobile hacking. Marit Iren Rognli Tokle
Mobile hacking Marit Iren Rognli Tokle 14.11.2018 «Hacker boss Marit» Software Engineer at Sopra Steria Leading TG:Hack, Norways largest hacking competition Leading UiO-CTF with Laszlo Shared 1st place
More informationTale of a mobile application ruining the security of global solution because of a broken API design. SIGS Geneva 21/09/2016 Jérémy MATOS
Tale of a mobile application ruining the security of global solution because of a broken API design SIGS Geneva 21/09/2016 Jérémy MATOS whois securingapps Developer background Spent last 10 years working
More informationReconstructing DALVIK. Applications. Marc Schönefeld CANSECWEST 2009, MAR18
Reconstructing DALVIK Applications Marc Schönefeld CANSECWEST 2009, MAR18 Motivation As a reverse engineer I have the tendency to look in the code that is running on my mobile device Coming from a JVM
More informationThe Research on Security Reinforcement of Android Applications
4th International Conference on Mechatronics, Materials, Chemistry and Computer Engineering (ICMMCCE 2015) The Research on Security Reinforcement of Android Applications Feng Xiaorong1, a, Lin Jun2,b and
More informationANDROID COMPILER FINGERPRINTING
ANDROID COMPILER FINGERPRINTING CALEB FENTON - TIM DIFF STRAZZERE 07.22.2016 HITCON COMMUNITY 2016 REDNAGA WHO ARE WE RED NAGA? Banded together by the love of 0days and hot sauces Random out of work collaboration
More informationThe Terminator to Android Hardening Services. Yueqian Zhang, Xiapu Luo, Haoyang Yin Department of Computing The Hong Kong Polytechnic University
The Terminator to Android Hardening Services Yueqian Zhang, Xiapu Luo, Haoyang Yin Department of Computing The Hong Kong Polytechnic University 1 Source: Trend Micro Percentage of top 10 apps in each category
More informationLecture 1 - Introduction to Android
Lecture 1 - Introduction to Android This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/
More informationServer-based code obfuscation scheme for APK tamper detection
SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks 2016; 9:457 467 Published online 10 March 2014 in Wiley Online Library (wileyonlinelibrary.com)..936 SPECIAL ISSUE PAPER Server-based code obfuscation
More informationAndroid Analysis Tools. Yuan Tian
Android Analysis Tools Yuan Tian Malware are more creative: XcodeGhost More than 300 a pps are infected, including wechat and netease Collect device ID, Apple ID and p assword 10/3/15 CMU Mobile Security
More informationIntroduction To Android
Introduction To Android Mobile Technologies Symbian OS ios BlackBerry OS Windows Android Introduction to Android Android is an operating system for mobile devices such as smart phones and tablet computers.
More informationID: Sample Name: com.cleanmaster.mguard_ apk Cookbook: defaultandroidfilecookbook.jbs Time: 18:32:59 Date: 27/02/2018 Version: 22.0.
ID: 48100 Sample Name: com.cleanmaster.mguard_2018-02-12.apk Cookbook: defaultandroidfilecookbook.jbs Time: 18:32:59 Date: 27/02/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report
More informationECOM 5341 Mobile Computing(Android) Eng.Ruba A. Salamah
ECOM 5341 Mobile Computing(Android) 1 Eng.Ruba A. Salamah Lecture # 2 Android Tools Objectives Understand Android Tools Setup Android Development Environment Create HelloWorld Application Understand HelloWorld
More informationID: Sample Name: NEW ORDER LIST.jar Cookbook: default.jbs Time: 10:19:47 Date: 19/02/2018 Version:
ID: 47020 Sample Name: NEW ORDER LIST.jar Cookbook: default.jbs Time: :19:47 Date: 19/02/201 Version: 21.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence
More informationID: Sample Name: flashlight_sky.apk Cookbook: defaultandroidfilecookbook.jbs Time: 16:39:31 Date: 07/02/2018 Version:
ID: 45399 Sample Name: flashlight_sky.apk Cookbook: defaultandroidfilecookbook.jbs Time: 16:39:31 Date: 07/02/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information
More informationID: Sample Name: SMS_MMS_1.0_1.apk Cookbook: defaultandroidfilecookbook.jbs Time: 14:20:20 Date: 01/12/2017 Version:
ID: 38864 Sample Name: SMS_MMS_1.0_1.apk Cookbook: defaultandroidfilecookbook.jbs Time: 14:20:20 Date: 01/12/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information
More informationPaul Sabanal IBM X-Force Advanced Research. Hiding Behind ART IBM Corporation
Paul Sabanal IBM X-Force Advanced Research Hiding Behind ART Agenda Introduc)on ART Overview User Mode Rootkits Demo Conclusion 2 Introduction Motivation Recent advancements in Android security dm- verity
More informationAppSpear: Bytecode Decryp0ng and DEX Reassembling for Packed Android Malware
AppSpear: Bytecode Decryp0ng and DEX Reassembling for Packed Android Malware Yang Wenbo, Zhang Yuanyuan, Li Juanru, Shu Junliang, Li Bodong, Hu Wenjun, Gu Dawu Sudeep Nanjappa Jayakumar Agenda Introduc0on
More informationMobile Hacking & Security. Ir. Arthur Donkers & Ralph Moonen, ITSX
Mobile Hacking & Security Ir. Arthur Donkers & Ralph Moonen, ITSX Introduction Who we are: Ir. Arthur Donkers Ralph Moonen ITSX 2 Agenda Mobile Threats BYOD iphone and Android hacking 3 Threats Various:
More informationID: Sample Name: tesseract-ocrsetup exe. Cookbook: default.jbs Time: 16:44:15 Date: 12/02/2018 Version:
ID: 46161 Sample Name: tesseract-ocrsetup-3.05.01.exe Cookbook: default.jbs Time: 16:44:15 Date: 12/02/2018 Version: 20.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence
More informationID: Sample Name: com.cleanmaster.mguard_ apk Cookbook: defaultandroidfilecookbook.jbs Time: 18:17:05 Date: 27/02/2018 Version: 22.0.
ID: 48093 Sample Name: com.cleanmaster.mguard_2018-02-12.apk Cookbook: defaultandroidfilecookbook.jbs Time: 18:17:05 Date: 27/02/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report
More informationComparative Analysis of Mobile App Reverse Engineering Methods on Dalvik and ART
Comparative Analysis of Mobile App Reverse Engineering Methods on Dalvik and ART Geonbae Na, Jongsu Lim, Kyoungmin Kim, and Jeong Hyun Yi Soongsil University, Seoul, 06978, Korea {nagb, jongsu253, mseckkm,
More informationMobile OS. Symbian. BlackBerry. ios. Window mobile. Android
Ing. Elton Domnori December 7, 2011 Mobile OS Symbian BlackBerry Window mobile Android ios Mobile OS OS First release Last release Owner Android Android 1.0 September 2008 Android 4.0 May 2011 Open Handset
More informationA Large-Scale Empirical Study on the Effects of Code Obfuscations on Android Apps and Anti-Malware Products
Department of Informatics University of California, Irvine Irvine, California, USA {hammadm, joshug4, malek}@uci.edu ABSTRACT The Android platform has been the dominant mobile platform in recent years
More informationAndroid Reverse Engineering tools Not the Usual Suspects. Axelle Apvrille - Fortinet
Android Reverse Engineering tools Not the Usual Suspects Axelle Apvrille - Fortinet aapvrille@fortinet.com Virus Bulletin, October 2017 Virus Bulletin Oct 2017 - A. Apvrille 2/34 Outline 1 Docker environment
More informationID: Sample Name: L3sEK5fFCj Cookbook: defaultandroidfilecookbook.jbs Time: 02:53:37 Date: 29/04/2018 Version:
ID: 57162 Sample Name: L3sEK5fFCj Cookbook: defaultandroidfilecookbook.jbs Time: 02:53:37 Date: 29/04/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Classification
More informationInsomniDroid CrackMe Spoiler Insomni hack 2012
InsomniDroid CrackMe Spoiler Insomni hack 2012 Axelle Apvrille, Fortinet March 2012 Abstract This is the solution to the InsomniDroid challenge which was released at Insomni Hack [Ins12] challenge, in
More informationANDROID HACKER PROTECTION LEVEL 0
ANDROID HACKER PROTECTION LEVEL 0 + some blackphone stuff TIM DIFF STRAZZERE - JON JUSTIN CASE SAWYER 08.10.2014 Defcon 22 WHO ARE WE JCASE DIFF CTO of Applied Cybersecurity LLC Professional Exploit Troll
More informationTECHNICAL WHITE PAPER Penetration Test. Penetration Test. We help you build security into your software at every stage. 1 Page
Penetration Test We help you build security into your software at every stage 1 Page Table of Contents 1 Overview... 3 2 Penetration Test Services Overview... 4 2.1 Values of penetration testing... 4 2.2
More informationID: Sample Name: VCE.Mobile apk Cookbook: defaultandroidfilecookbook.jbs Time: 22:06:32 Date: 10/01/2018 Version: 20.0.
ID: 42258 Sample Name: VCE.Mobile.8.0.7.apk Cookbook: defaultandroidfilecookbook.jbs Time: 22:06:32 Date: 10/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General
More informationID: Sample Name: gsa_wearable.apk Cookbook: defaultandroidfilecookbook.jbs Time: 09:49:05 Date: 16/10/2017 Version:
ID: 34303 Sample Name: sa_wearable.apk Cookbook: defaultandroidfilecookbook.jbs Time: 09:49:05 Date: 1/10/2017 Version: 20.0.0 Table of Contents Analysis Report Overview General Information Detection Classification
More informationVersion 7.6 PREEMPTIVE SOLUTIONS DASHO. User Guide
Version 7.6 PREEMPTIVE SOLUTIONS DASHO User Guide 1998-2015 by PreEmptive Solutions, LLC All rights reserved. Manual Version 7.6 www.preemptive.com TRADEMARKS DashO, Overload-Induction, the PreEmptive
More informationReverse Engineering Malware Binary Obfuscation and Protection
Reverse Engineering Malware Binary Obfuscation and Protection Jarkko Turkulainen F-Secure Corporation Protecting the irreplaceable f-secure.com Binary Obfuscation and Protection What is covered in this
More informationUnpacking the Packed Unpacker
Unpacking the Packed Unpacker Reversing an Android Anti-Analysis Native Library Maddie Stone @maddiestone BlackHat USA 2018 Who am I? - Maddie Stone Reverse Engineer on Google s Android Security Team 5+
More informationPlaying with skype. 4knahs
Playing with skype 4knahs slacking @work Monkey taken from : http://www.websimians.com/ For educational purposes only! I do not support the use of any of the mentioned techniques for illegal activities..
More informationAndroid Debugging ART
Android Debugging ART Khaled JMAL 2016 / 11 / 17 2 / 24 The Dalvik Virtual Machine Up to version 4.4 KitKat, Android was based on the Dalvik Virtual Machine Java compiles into DEX code DEX code is compiled
More informationThursday, October 25, 12. How we tear into that little green man
How we tear into that little green man Who are you?! Mathew Rowley (@wuntee) Senior security consultant at Matasano Agenda Techniques MITM - SSL Static analysis -> Skype secret menu Modifying an app ->
More informationThe Attacker s POV Hacking Mobile Apps. in Your Enterprise to Reveal Real Vulns and Protect the Business. Tony Ramirez
The Attacker s POV Hacking Mobile Apps in Your Enterprise to Reveal Real Vulns and Protect the Business Tony Ramirez AGENDA & SPEAKERS Introduction Attacks on Mobile Live Demo Recommendations Q&A Tony
More informationMobile application tamper detection scheme using dynamic code injection against repackaging attacks
J Supercomput (2016) 72:3629 3645 DOI 10.1007/s11227-016-1763-2 Mobile application tamper detection scheme using dynamic code injection against repackaging attacks Haehyun Cho 1 Jiwoong Bang 1 Myeongju
More informationID: Sample Name: badoo.apk Cookbook: defaultandroidfilecookbook.jbs Time: 12:51:18 Date: 29/05/2018 Version:
ID: 61542 Sample Name: badoo.apk Cookbook: defaultandroidfilecookbook.jbs Time: 12:51:18 Date: 29/05/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information
More informationThings You May Not Know About Android (Un)Packers: A Systematic Study based on Whole- System Emulation
Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole- System Emulation Yue Duan, Mu Zhang, Abhishek Vasisht Bhaskar, Heng Yin, Xiaorui Pan, Tongxin Li, Xueqiang Wang, XiaoFeng
More informationAndroid App Development
Android App Development Outline Introduction Android Fundamentals Android Studio Tutorials Introduction What is Android? A software platform and operating system for mobile devices Based on the Linux kernel
More informationAndroid Reverse Engineering Tools From an anti-virus analyst's perspective
Android Reverse Engineering Tools From an anti-virus analyst's perspective Axelle Apvrille InsomniHack'12, March 2012 InsomniHack'12 - A. Apvrille 2/42 Agenda Contents of an APK: manifest,.dex, resources...
More informationBUILDING A TEST ENVIRONMENT FOR ANDROID ANTI-MALWARE TESTS Hendrik Pilz AV-TEST GmbH, Klewitzstr. 7, Magdeburg, Germany
BUILDING A TEST ENVIRONMENT FOR ANDROID ANTI-MALWARE TESTS Hendrik Pilz AV-TEST GmbH, Klewitzstr. 7, 39112 Magdeburg, Germany Email hpilz@av-test.de ABSTRACT The growth of the Smartphone market over the
More informationAndroid Security. Francesco Mercaldo, PhD
Android Security Francesco Mercaldo, PhD Post-Doctoral researcher Sicurezza delle Reti e dei Sistemi Software Corso di Laurea Magistrale in Ingegneria Informatica Università degli Studi del Sannio (fmercaldo@unisannio.it)
More informationAHNLAB 조주봉 (silverbug)
AHNLAB 조주봉 (silverbug) Android Android is a software stack for mobile devices that includes an operating system, middleware and key applications. Application framework Dalvik virtual machine Integrated
More informationPractice of Android Reverse Engineering
Practice of Android Reverse Engineering Jim Huang ( 黃敬群 ) Developer, 0xlab jserv@0xlab.org July 23, 2011 / HITcon Rights to copy Copyright 2011 0xlab http://0xlab.org/ contact@0xlab.org Attribution ShareAlike
More informationCOLLEGE OF ENGINEERING, NASHIK-4
Pune Vidyarthi Griha s COLLEGE OF ENGINEERING, NASHIK-4 DEPARTMENT OF COMPUTER ENGINEERING 1) What is Android? Important Android Questions It is an open-sourced operating system that is used primarily
More informationHow to secure your mobile application with RASP
How to secure your mobile application with RASP Webinar - 13 December 2016 Agenda 1. Mobile Application Security Risk categories Protection layers including RASP Dirk Denayer Enterprise & Application Security
More informationTackling runtime-based obfuscation in Android with TIRO
Tackling runtime-based obfuscation in Android with TIRO Michelle Y. Wong and David Lie University of Toronto Abstract Obfuscation is used in malware to hide malicious activity from manual or automatic
More informationMobile and Ubiquitous Computing: Android Programming (part 1)
Mobile and Ubiquitous Computing: Android Programming (part 1) Master studies, Winter 2015/2016 Dr Veljko Pejović Veljko.Pejovic@fri.uni-lj.si The World of Android The Android Platform A mobile operating
More informationSoftware Protection via Obfuscation
Software Protection via Obfuscation Ciprian Lucaci InfoSec Meetup #1 1 About me Software Protection via Obfuscation - Ciprian LUCACI 2 About me 2008-2012 # Bachelor Computer Science @ Politehnica Univerity
More informationAndroid Application Sandbox. Thomas Bläsing DAI-Labor TU Berlin
Android Application Sandbox Thomas Bläsing DAI-Labor TU Berlin Agenda Introduction What is Android? Malware on smartphones Common countermeasures on the Android platform Use-Cases Design Conclusion Summary
More informationID: Sample Name: js.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 10:01:15 Date: 26/09/2018 Version:
ID: 80115 Sample Name: js.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 10:01:15 Date: 26/09/2018 Version: 23.0.0 Table of Contents Table of Contents Analysis Report js.jar Overview General Information
More informationID: Sample Name: dronefly.apk Cookbook: defaultandroidfilecookbook.jbs Time: 13:19:28 Date: 14/06/2018 Version:
ID: 6401 Sample Name: dronefly.apk Cookbook: defaultandroidfilecookbook.jbs Time: 13:19:28 Date: 14/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Classification
More informationFile System Interpretation
File System Interpretation Part III. Advanced Techniques and Tools for Digital Forensics CSF: Forensics Cyber-Security Fall 2018 Nuno Santos Previously: Introduction to Android forensics! How does Android
More informationAn Effective Android Software Reinforcement Scheme Based on Online Key
2016 IEEE 18th International Conference on High Performance Computing and Communications; IEEE 14th International Conference on Smart City; IEEE 2nd International Conference on Data Science and Systems
More informationObfuscation-Resilient Code Detection Analyses for Android Apps
Obfuscation-Resilient Code Detection Analyses for Android Apps Dissertation Presented in Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy in the Graduate School of The Ohio State
More informationEmbedded/Connected Device Secure Coding. 4-Day Course Syllabus
Embedded/Connected Device Secure Coding 4-Day Course Syllabus Embedded/Connected Device Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted
More informationID: Sample Name: eikadagene_ _ _5ac51250.apk Cookbook: defaultandroidfilecookbook.jbs Time: 09:17:09 Date: 05/04/2018 Version:
ID: 53351 Sample Name: eikadagene_2018-04-04_18-58- 40_5ac51250.apk Cookbook: defaultandroidfilecookbook.jbs Time: 09:17:09 Date: 05/04/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis
More informationIntroduction. Lecture 1. Operating Systems Practical. 5 October 2016
Introduction Lecture 1 Operating Systems Practical 5 October 2016 This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/.
More informationID: Sample Name: mimovistar_v3_0_25_1.apk Cookbook: defaultandroidfilecookbook.jbs Time: 15:29:38 Date: 26/02/2018 Version: 22.0.
ID: 47863 Sample Name: mimovistar_v3_0_25_1.apk Cookbook: defaultandroidfilecookbook.jbs Time: 15:29:38 Date: 26/02/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection
More informationID: Sample Name: dronefly.apk Cookbook: default.jbs Time: 10:24:54 Date: 07/06/2018 Version:
ID: 001 Sample Name: dronefly.apk Cookbook: default.jbs Time: 10:24:4 Date: 0/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence
More informationResearch Article DWroidDump: Executable Code Extraction from Android Applications for Malware Analysis
Distributed Sensor Networks Volume 2015, Article ID 379682, 9 pages http://dx.doi.org/10.1155/2015/379682 Research Article DWroidDump: Executable Code Extraction from Android Applications for Malware Analysis
More informationID: Sample Name: 21PO jpg...js Cookbook: default.jbs Time: 14:32:06 Date: 21/11/2017 Version:
ID: 371 Sample Name: 21PO201745.jpg...js Cookbook: default.jbs Time: 14:32:0 Date: 21/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence
More informationMobileFindr: Function Similarity Identification for Reversing Mobile Binaries. Yibin Liao, Ruoyan Cai, Guodong Zhu, Yue Yin, Kang Li
MobileFindr: Function Similarity Identification for Reversing Mobile Binaries Yibin Liao, Ruoyan Cai, Guodong Zhu, Yue Yin, Kang Li Reverse Engineering The process of taking a software program s binary
More informationPlaying Hide and Seek with Dalvik Executables
Playing Hide and Seek with Dalvik Executables Axelle Apvrille Hack.Lu, October 2013 Hack.Lu 2013 - A. Apvrille 2/20 Who am i? whoami #!/usr/bin/perl -w my $self = { realname => Axelle Apvrille, nickname
More informationAndroid App Protection via Interpretation Obfuscation
Android App Protection via Interpretation Obfuscation Junliang Shu, Juanru Li, Yuanyuan Zhang and Dawu Gu Lab of Cryptology and Computer Security Shanghai Jiao Tong University Shanghai, China, Abstract
More informationCSCI 420: Mobile Application Security. Lecture 15. Prof. Adwait Nadkarni
CSCI 420: Mobile Application Security Lecture 15 Prof. Adwait Nadkarni 1 Running scripts from home apktool instructions: Move both files (apktool.jar & apktool) to /usr/local/bin (root needed) No-root
More informationTales of Practical Android Penetration Testing (Mobile Pentest Toolkit) Alexander Subbotin OWASP Bucharest AppSec 2018
Tales of Practical Android Penetration Testing (Mobile Pentest Toolkit) Alexander Subbotin OWASP Bucharest AppSec 2018 About Me About Me IT Security Consultant (https://subbotin.de) Penetration Tester/Ethical
More informationAccess Control for Plugins in Cordova-based Hybrid Applications
2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising
More informationT Jarkko Turkulainen, F-Secure Corporation
T-110.6220 2010 Emulators and disassemblers Jarkko Turkulainen, F-Secure Corporation Agenda Disassemblers What is disassembly? What makes up an instruction? How disassemblers work Use of disassembly In
More informationVersion 8.0 PREEMPTIVE SOLUTIONS DASHO. User Guide
Version 8.0 PREEMPTIVE SOLUTIONS DASHO User Guide 1998-2016 by PreEmptive Solutions, LLC All rights reserved. Manual Version 8.0-preview www.preemptive.com TRADEMARKS DashO, Overload-Induction, the PreEmptive
More informationCROSS-PLATFORM MOBILE MALWARE: WRITE ONCE, RUN EVERYWHERE William Lee & Xinran Wu Sophos, Australia
CROSS-PLATFORM MOBILE MALWARE: WRITE ONCE, RUN EVERYWHERE William Lee & Xinran Wu Sophos, Australia Email {william.lee, xinran.wu@sophos.com.au ABSTRACT Every day, thousands of new mobile apps are published
More informationBachelor Thesis Project. Evaluating Dynamic Analysis Methods for Android Applications
Bachelor Thesis Project Evaluating Dynamic Analysis Methods for Android Applications Author: Alexander Spottka Supervisor: Ola Flygt External Supervisor: Philip Åkesson Semester: VT 2017 Subject: Computer
More informationWhoamI. Attacking WBC Implementations No con Name 2017
Attacking WBC Implementations No con Name 2017 1 WHO I AM EDUCATION: Computer Science MSc in IT security COMPANY & ROLES: HCE Security Evaluator R&D Engineer WBC project Responsible of Android security
More informationAndroid Internals and the Dalvik VM!
Android Internals and the Dalvik VM! Adam Champion, Andy Pyles, Boxuan Gu! Derived in part from presentations by Patrick Brady, Dan Bornstein, and Dan Morrill from Google (http://source.android.com/documentation)!
More informationInvestigating the Effectiveness of Obfuscation Against Android Application Reverse Engineering. Rowena Harrison. Technical Report
Investigating the Effectiveness of Obfuscation Against Android Application Reverse Engineering Rowena Harrison Technical Report RHUL MA 2015 7 4 March 2015 Information Security Group Royal Holloway University
More informationJust-In-Time Compilation
Just-In-Time Compilation Thiemo Bucciarelli Institute for Software Engineering and Programming Languages 18. Januar 2016 T. Bucciarelli 18. Januar 2016 1/25 Agenda Definitions Just-In-Time Compilation
More informationAndroid System Architecture. Android Application Fundamentals. Applications in Android. Apps in the Android OS. Program Model 8/31/2015
Android System Architecture Android Application Fundamentals Applications in Android All source code, resources, and data are compiled into a single archive file. The file uses the.apk suffix and is used
More informationA Hidden Way of Malware on Android
Antiy Labs August 8, 2013 Contents Backgroud... 1 The Tampered Calender -- egdata.a... 1 The Infected Kuwo Music Player -- Variant egdata.c... 4 Summary... 6 egdata.a... 6 egdata.c... 6 Reference... 6
More informationAndroid: Under the Hood. GDG-SG DevFest 5th Nov 2016 Jason Zaman
Android: Under the Hood GDG-SG DevFest 5th Nov 2016 Jason Zaman Overview Who am I? Android Block Diagram Mobile Hardware Filesystem Layout Startup Linux Kernel Bionic libc Ashmem / Binder IPC Zygote Dalvik
More information