Are Your Mobile Apps Well Protected? Daniel Xiapu Luo Department of Computing The Hong Kong Polytechnic Unviersity
|
|
- Clarence Briggs
- 5 years ago
- Views:
Transcription
1 Are Your Mobile Apps Well Protected? Daniel Xiapu Luo Department of Computing The Hong Kong Polytechnic Unviersity 1
2 What if your mobile app is reverse-engineered by others? Core business logic and major algorithms could be learnt by your competitors. Credentials in apps. 2
3 Turn your app into a malware Source: businessinsider.com 3
4 Secure, no ads Save $6.99, but get ads 4
5 Source: Trend Micro Percentage of top 10 apps in each category which have repacked version: 100% of the apps of Widgets, Media & Video, etc. 90% of the apps of Business, Music & Audio, etc. 5 5
6 6
7 7
8 8
9 Can they protect your app? 9
10 Outline Android App Protection You Can Run But You Cannot Hide Suggestions 10
11 Android App Protection Goal Raise the bar for attackers Hide the code Make the code hard to be understood. m4k3 7h3 (0d3 h4rd und3r5700d 11
12 Android App Protection Techniques used by packers Obfuscation Dynamic class loading Java reflection Dex file modification Native code Emulator detection Anti-debug Hide the code 12
13 Obfuscation Transform the code to make it difficult to understand or change while keeping its functionalities. Renaming identifier Equivalent expression Encrypting data Splitting and merging functions Complicating control flow Inserting bogus codes ProGuard 13
14 Dynamic class loading A feature supported by Java Implement the core business logic in a separated class. The class can be located in the server or released from a native library. Load the class into the runtime when the class is used. 14
15 Java reflection A feature supported by Java An app can use it to Inspect classes, interfaces, fields and methods at runtime without knowing their names, Instantiate new objects dynamically, Invoke methods dynamically, 15
16 Dex file modification Hide the method. Bad code to make reverse-engineering tools crash. Opcodes AXML Resource files Source: Hu et al. 16
17 Native code App can invoke native code through Java native interface (JNI). Native code can modify the dex file in the memory. Source: A. Blaich 17
18 Emulator detection The adversary can observe how an app executes by running it in an emulator (e.g., Qemu). Emulator is a software that usually has fixed configuration. So it is different from a real smartphone. Device ID
19 Outline Android App Protection You Can Run But You Cannot Hide Suggestions 19
20 Dex file The executable of an App Java source code - > Java class -> dex Java class: each file contains one class dex: one file contains all classes 20
21 You Can Run But You Cannot Hide Can we extract the dex file from a packed app? Yes! DexHunter Yueqian Zhang, Xiapu Luo, and Haoyang Yin, DexHunter: Toward Extracting Hidden Code from Packed Android Applications, Proceedings of the 20th European Symposium on Research in Computer Security (ESORICS), Vienna, Austria, Sept Paper: Source code and demo: Key insight Dex file will be loaded and run by Android runtime, including Dalvik virtual machine (DVM) and the new Android Runtime (ART), which controls everything. 21
22 DexHunter Modify Android runtime (i.e., DVM and ART) to extract the dex file. Dex File The header contains the length and the offset for each section. class_defs section contains class_def_items, each of which describes a class. 22
23 When to unpack the app? When the first class of the app is being loaded. Why? Before a class is loaded, the content of the class should be available in the memory; When the class has been initialized, some content in memory may be modified dynamically; Just before a method is invoked, its code_item or instructions should be available. How? Load and initialize all classes proactively. 23
24 How to unpack the app? Integrate our tool into Android runtime including DVM and ART. Wait for the time when the first class of the app is being loaded. Locate the target memory region. Dump the selected memory area. Correct and reconstruct the dex file. 24
25 Loading & initializing classes Traverse all class_def_items in the dex file. For each one, DexHunter loads it with FindClass function (ART) or dvmdefineclass function (DVM). DexHunter initializes it with EnsureInitialized function (ART) or dvmisclassinitialized & dvminitclass functions (DVM). 25
26 Locating the target memory region The target memory region contains the dex file. DexHunter uses a special string to determine whether the current dex file is what we want. ART: the string location_ in DexFile objects. DVM: the string filename in DexOrJar objects. 26
27 27
28 Dumping the dex file in memory Divide the target memory region Part 1: the content before the class_defs section Part 2: the class_defs section Part 3: the content after the class_defs section Dump part 1 into a file named part1 and part 3 into a file named data. 28
29 Correcting and collecting Why? Packing services may modify the memory dynamically. The memory consists of the region containing the dex file and the method objects (i.e., ArtMethod in ART, Method in DVM) managed by runtime. The runtime executes instructions according to the managed method objects. 29
30 Reconstructing the dex file Eventually, DexHunter has four files: part1, classdef, data, extra. It combines them according to the following sequence to construct a dex file. part1 classdef data extra 30
31 Products under Investigation Ali Baidu Bangcle Tencent ijiami 31
32 Experiment Setup 32
33 Anti-debugging All products detect debugger Anti-ptrace Anti-JWDP. They cannot detect DexHunter. 33
34 360 Version: It encrypts the dex file and saves it in libjiagu.so/libjiagu_art.so. It releases the data into memory and decrypts it while running. 34
35 Ali Version: It splits the original dex file into two parts One is the main body saved in libmobisecy.so The other one contains the class_data_item and the code_item of some class_def_items. It releases both two parts into memory as plain text and corrects some offset values in the main body while running. Some annotation_offs are set to incorrect values. 35
36 Baidu Version: It moves some class data items to other places outside the dex file. It wipes the magic numbers, checksum and signature in the header after the dex file has been opened. 36
37 Baidu It fills in an empty method just before it is invoked and erases the content after the method is finished. DexHunter instruments method invocation to dump these methods which is available only just before invoking. doinvoke (ART) dvmmterp_invokemethod (DVM) 37
38 Bangcle Version: It prepares the odex file or oat file in advance. It encrypts the file and stores it in an external jar file. It decrypts the data while running It hooks several functions in libc.so, such as fwrite, mmap, 38
39 ijiami Version: Similar to Bangcle. The string changes every time the app runs. It releases the decrypted file, which is also encrypted as a jar file, with different file names each time while they are in the same directory. 39
40 Tencent Version: It can protect the methods selected by users. If a method is selected, it cannot be found in the relevant class_data_item. It releases the real class_data_item and adjusts the offset. The code_item of the selected method is still in the data section. Some annotation_offs are set to 0xFFFFFFFF. It can only runs in DVM. 40
41 Outline Android App Protection You Can Run But You Cannot Hide Suggestions 41
42 Suggestions Do not assume that your app cannot be reverse-engineered by others. Do not put secrete into your app. Protect your apps using various techniques Strong obfuscation algorithms Implement core business logics into native code and then pack the native code Server side verification Customized hardening services 42
43 Suggestions Detect repackaged apps from markets Simple approach Finding apps with similar descriptions, etc. Advanced approach Detect repackaged apps by comparing their codes. It may be affected by the app hardening techniques. Detect repackaged apps by comparing their resources. 43
44 ResDroid A scalable approach to detect repackaged apps by leveraging resource features (e.g., GUI, etc.) instead of code. Use statistical features for the coarse-grained processing Use structural features for the fine-grained processing 44
45 Thanks my group members and collaborators for contributing to this research: Yueqian Zhang Wenjun Hu Yuru Shao Haoyang Yin Xiaobo Ma Xian Zhan 45
46 DexHunter Paper: Source code and demo : ResDroid Paper: Our other tools and papers on Android security: 46
47 References Christian Collberg and Jasvir Nagra, Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection, Addison- Wesley, 2009 Yuru Shao, Xiapu Luo, Chenxiong Qian, Pengfei Zhu, and Lei Zhang, Towards a Scalable Resource-driven Approach for Detecting Repackaged Android Applications, Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC), New Orleans, USA, December A. Apvrille and R. Nigam, Obfuscation in android malware, and how to fight back, Virus Bulletin, July M. Grassi, Reverse engineering, pentesting, and hardening of android apps. DroidCon, T. Strazzere and J. Sawyer, Android hacker protection level 0, DefCon, (android-unpacker, ZjDroid, Y. Park, We can still crack you! general unpacking method for android packer (no root), Blackhat Asia,
The Terminator to Android Hardening Services. Yueqian Zhang, Xiapu Luo, Haoyang Yin Department of Computing The Hong Kong Polytechnic University
The Terminator to Android Hardening Services Yueqian Zhang, Xiapu Luo, Haoyang Yin Department of Computing The Hong Kong Polytechnic University 1 Source: Trend Micro Percentage of top 10 apps in each category
More informationThings You May Not Know About Android (Un)Packers: A Systematic Study based on Whole- System Emulation
Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole- System Emulation Yue Duan, Mu Zhang, Abhishek Vasisht Bhaskar, Heng Yin, Xiaorui Pan, Tongxin Li, Xueqiang Wang, XiaoFeng
More informationAdaptive Unpacking of Android Apps
2017 IEEE/ACM 39th International Conference on Software Engineering Adaptive Unpacking of Android Apps Lei Xue, Xiapu Luo,LeYu, Shuai Wang, Dinghao Wu Department of Computing, The Hong Kong Polytechnic
More informationAppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware
AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware Wenbo Yang 1(B), Yuanyuan Zhang 1, Juanru Li 1, Junliang Shu 1,BodongLi 1, Wenjun Hu 2,3,andDawuGu 1 1 Computer Science and
More informationAppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware
AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware Yang Wenbo 1(B), Zhang Yuanyuan 1, Li Juanru 1, Shu Junliang 1 Li Bodong 1, Hu Wenjun 2,3, Gu Dawu 1 1 Computer Science and
More informationAppSpear: Bytecode Decryp0ng and DEX Reassembling for Packed Android Malware
AppSpear: Bytecode Decryp0ng and DEX Reassembling for Packed Android Malware Yang Wenbo, Zhang Yuanyuan, Li Juanru, Shu Junliang, Li Bodong, Hu Wenjun, Gu Dawu Sudeep Nanjappa Jayakumar Agenda Introduc0on
More informationVirtualSwindle: An Automated Attack Against In-App Billing on Android
Northeastern University Systems Security Lab VirtualSwindle: An Automated Attack Against In-App Billing on Android ASIACCS 2014 Collin Mulliner, William Robertson, Engin Kirda {crm,wkr,ek}[at]ccs.neu.edu
More informationTackling runtime-based obfuscation in Android with TIRO
Tackling runtime-based obfuscation in Android with Michelle Wong and David Lie University of Toronto Usenix Security 2018 Android malware and analysis Mobile devices are a valuable target for malware developers
More informationAndroid app protection through anti-tampering and anti-debugging Techniques
Android app protection through anti-tampering and anti-debugging Techniques by Jia Wan A thesis submitted to the School of Computing in conformity with the requirements for the degree of Master of Science
More informationA Framework for Evaluating Mobile App Repackaging Detection Algorithms
A Framework for Evaluating Mobile App Repackaging Detection Algorithms Heqing Huang, PhD Candidate. Sencun Zhu, Peng Liu (Presenter) & Dinghao Wu, PhDs Repackaging Process Downloaded APK file Unpack Repackaged
More informationThe Research on Security Reinforcement of Android Applications
4th International Conference on Mechatronics, Materials, Chemistry and Computer Engineering (ICMMCCE 2015) The Research on Security Reinforcement of Android Applications Feng Xiaorong1, a, Lin Jun2,b and
More informationdroidcon Greece Thessaloniki September 2015
droidcon Greece Thessaloniki 10-12 September 2015 Reverse Engineering in Android Countermeasures and Tools $ whoami > Dario Incalza (@h4oxer) > Application Security Engineering Analyst > Android Developer
More informationTackling runtime-based obfuscation in Android with TIRO
Tackling runtime-based obfuscation in Android with TIRO Michelle Y. Wong and David Lie University of Toronto Abstract Obfuscation is used in malware to hide malicious activity from manual or automatic
More informationReverse Engineering Malware Binary Obfuscation and Protection
Reverse Engineering Malware Binary Obfuscation and Protection Jarkko Turkulainen F-Secure Corporation Protecting the irreplaceable f-secure.com Binary Obfuscation and Protection What is covered in this
More informationServer-based code obfuscation scheme for APK tamper detection
SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks 2016; 9:457 467 Published online 10 March 2014 in Wiley Online Library (wileyonlinelibrary.com)..936 SPECIAL ISSUE PAPER Server-based code obfuscation
More informationHow to secure your mobile application with RASP
How to secure your mobile application with RASP Webinar - 13 December 2016 Agenda 1. Mobile Application Security Risk categories Protection layers including RASP Dirk Denayer Enterprise & Application Security
More informationCUHK CSE ADAM: An Automatic & Extensible Platform Stress Test Android Anti-Virus Systems John Spark Patrick C.S. Lui ZHENG Min P.C.
ADAM: An Automatic & Extensible Platform To Stress Test Android Anti-Virus Systems John C.S. Lui Patrick P.C. Lee 1 of 15 Android Malware Up 3,325% in 2011 1. This past year, we saw a significant increase
More informationAndroid Malware Reverse Engineering
Android Malware Reverse Engineering Axelle Apvrille Hack.Lu, October 2016 Hack.Lu 2016 - A. Apvrille 2/46 Hello Who am I? Axelle Apvrille Welcome! Security researcher at Fortinet, Fortiguard Labs Topic:
More informationANDROID HACKER PROTECTION LEVEL 0
ANDROID HACKER PROTECTION LEVEL 0 + some blackphone stuff TIM DIFF STRAZZERE - JON JUSTIN CASE SAWYER 08.10.2014 Defcon 22 WHO ARE WE JCASE DIFF CTO of Applied Cybersecurity LLC Professional Exploit Troll
More informationAndroid Debugging ART
Android Debugging ART Khaled JMAL 2016 / 11 / 17 2 / 24 The Dalvik Virtual Machine Up to version 4.4 KitKat, Android was based on the Dalvik Virtual Machine Java compiles into DEX code DEX code is compiled
More informationMOBILE DEFEND. Powering Robust Mobile Security Solutions
MOBILE DEFEND Powering Robust Mobile Security Solutions Table of Contents Introduction Trustlook SECURE ai Mobile Defend Who Uses SECURE ai Mobile Defend? How it Works o Mobile Device Risk Score o Mobile
More informationMobileFindr: Function Similarity Identification for Reversing Mobile Binaries. Yibin Liao, Ruoyan Cai, Guodong Zhu, Yue Yin, Kang Li
MobileFindr: Function Similarity Identification for Reversing Mobile Binaries Yibin Liao, Ruoyan Cai, Guodong Zhu, Yue Yin, Kang Li Reverse Engineering The process of taking a software program s binary
More informationMain idea. Demonstrate how malware can increase its robustness against detection by taking advantage of the ubiquitous Graphics Processing Unit (GPU)
-Assisted Malware Giorgos Vasiliadis Michalis Polychronakis Sotiris Ioannidis ICS-FORTH, Greece Columbia University, USA ICS-FORTH, Greece Main idea Demonstrate how malware can increase its robustness
More informationSoftware Protection via Obfuscation
Software Protection via Obfuscation Ciprian Lucaci InfoSec Meetup #1 1 About me Software Protection via Obfuscation - Ciprian LUCACI 2 About me 2008-2012 # Bachelor Computer Science @ Politehnica Univerity
More informationDetecting Advanced Android Malware by Data Flow Analysis Engine. Xu Hao & pll
Detecting Advanced Android Malware by Data Flow Analysis Engine Xu Hao & pll 2013.09 Content Background adfaer - Android Data Flow Analyzer Janus - Detect Reflection Experiment Future Work Android Security
More informationSECURITY OF VEHICLE TELEMATICS SYSTEMS. Daniel Xiapu Luo Department of Computing The Hong Kong Polytechnic University
SECURITY OF VEHICLE TELEMATICS SYSTEMS Daniel Xiapu Luo Department of Computing The Hong Kong Polytechnic University 1 2 3 TELEMATICS 4 TELEMATICS 5 OBD-II On-Board Diagnostic Perform emissions related
More informationSmall footprint inspection techniques for Android
Small footprint inspection techniques for Android Damien Cauquil, Pierre Jaury 29C3 December 29, 2012 Damien Cauquil, Pierre Jaury Small footprint inspection techniques for Android 1 / 33 Introduction
More informationA Security Microcosm Attacking and Defending Shiva
A Security Microcosm Attacking and Defending Shiva Shiva written by Neel Mehta and Shaun Clowes Presented by Shaun Clowes shaun@securereality.com.au What is Shiva? Shiva is an executable encryptor Encrypted
More informationTable 1 lists the projects and teams. If you want to, you can switch teams with other students.
University of Arizona, Department of Computer Science CSc 620 Assignment 3 40% Christian Collberg August 27, 2008 1 Introduction This is your main project for the class. The project is worth 40% of your
More informationBreaking and Securing Mobile Apps
Breaking and Securing Mobile Apps Aditya Gupta @adi1391 adi@attify.com +91-9538295259 Who Am I? The Mobile Security Guy Attify Security Architecture, Auditing, Trainings etc. Ex Rediff.com Security Lead
More informationCTF Workshop. Crim Synopsys, Inc. 1
CTF Workshop Crim2018 31.10.2018 2018 Synopsys, Inc. 1 CTF (Capture the Flag) Capture the Flag (CTF) is a computer security competition. CTF are usually designed test and teach computer security skills.
More informationMobile application tamper detection scheme using dynamic code injection against repackaging attacks
J Supercomput (2016) 72:3629 3645 DOI 10.1007/s11227-016-1763-2 Mobile application tamper detection scheme using dynamic code injection against repackaging attacks Haehyun Cho 1 Jiwoong Bang 1 Myeongju
More informationAutomated code extraction from packed android applications.
Syracuse University SURFACE Dissertations - ALL SURFACE 7-1-2016 Automated code extraction from packed android applications. Abhishek Vasisht Bhaskar Syracuse University Follow this and additional works
More informationAn Effective Android Software Reinforcement Scheme Based on Online Key
2016 IEEE 18th International Conference on High Performance Computing and Communications; IEEE 14th International Conference on Smart City; IEEE 2nd International Conference on Data Science and Systems
More informationDeliver Strong Mobile App Security and the Ultimate User Experience
Deliver Strong Mobile App Security and the Ultimate User Experience The Presenters Will LaSala, Director of Services @ VASCO Will has been with VASCO since 2001 and over the years has been involved in
More informationOWASP German Chapter Stammtisch Initiative/Ruhrpott. Android App Pentest Workshop 101
OWASP German Chapter Stammtisch Initiative/Ruhrpott Android App Pentest Workshop 101 About What we will try to cover in the first session: Setup of a Mobile Application Pentest Environment Basics of Mobile
More informationCh 7: Mobile Device Management. CNIT 128: Hacking Mobile Devices. Updated
Ch 7: Mobile Device Management CNIT 128: Hacking Mobile Devices Updated 4-4-17 What is MDM? Frameworks that control, monitor, and manage mobile devices Deployed across enterprises or service providers
More informationComparative Analysis of Mobile App Reverse Engineering Methods on Dalvik and ART
Comparative Analysis of Mobile App Reverse Engineering Methods on Dalvik and ART Geonbae Na, Jongsu Lim, Kyoungmin Kim, and Jeong Hyun Yi Soongsil University, Seoul, 06978, Korea {nagb, jongsu253, mseckkm,
More informationAdaptive Android Kernel Live Patching
USENIX Security Symposium 2017 Adaptive Android Kernel Live Patching Yue Chen 1, Yulong Zhang 2, Zhi Wang 1, Liangzhao Xia 2, Chenfu Bao 2, Tao Wei 2 Florida State University 1 Baidu X-Lab 2 Android Kernel
More informationSECURE2013 ANDROTOTAL A SCALABLE FRAMEWORK FOR ANDROID ANTIMALWARE TESTING
SECURE2013 ANDROTOTAL A SCALABLE FRAMEWORK FOR ANDROID ANTIMALWARE TESTING Federico Maggi, Andrea Valdi, Stefano Zanero Politecnico di Milano, DEIB fede@maggi.cc ROADMAP 1. Android threats and protections
More informationUnpacking the Packed Unpacker
Unpacking the Packed Unpacker Reversing an Android Anti-Analysis Native Library Maddie Stone @maddiestone BlackHat USA 2018 Who am I? - Maddie Stone Reverse Engineer on Google s Android Security Team 5+
More informationL.C.Smith. Privacy-Preserving Offloading of Mobile App to the Public Cloud
Privacy-Preserving Offloading of Mobile App to the Public Cloud Yue Duan, Mu Zhang, Heng Yin and Yuzhe Tang Department of EECS Syracuse University L.C.Smith College of Engineering 1 and Computer Science
More informationAbusing Android In-app Billing feature thanks to a misunderstood integration. Insomni hack 18 22/03/2018 Jérémy MATOS
Abusing Android In-app Billing feature thanks to a misunderstood integration Insomni hack 18 22/03/2018 Jérémy MATOS whois securingapps Developer background Worked last 12 years in Switzerland on security
More informationAccess Control for Plugins in Cordova-based Hybrid Applications
2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising
More informationIP Protection in Java Based Software
IP Protection in Java Based Software By Drona Wilddiary.com Java - The preferred choice A simple Object Oriented Language VM approach, Platform independent Omnipresent - Presence on Desktop, Web browsers
More informationThe Android security jungle: pitfalls, threats and survival tips. Scott
The Android security jungle: pitfalls, threats and survival tips Scott Alexander-Bown @scottyab The Jungle Ecosystem Google s protection Threats Risks Survival Network Data protection (encryption) App/device
More informationEmulating Code In Radare2. pancake Lacon 2015
Emulating Code In Radare2 pancake Lacon 2015 Overview Emulation allows us to simulate the execution of code of the same or different CPU in order to understand what a specific snippet of code is doing
More informationATLANTIS - Assembly Trace Analysis Environment
ATLANTIS - Assembly Trace Analysis Environment Brendan Cleary, Margaret-Anne Storey, Laura Chan Dept. of Computer Science, University of Victoria, Victoria, BC, Canada bcleary@uvic.ca, mstorey@uvic.ca,
More informationHoney, I Shrunk Your App Security: The State of Android App Hardening
Honey, I Shrunk Your App Security: The State of Android App Hardening Vincent Haupert 1( ), Dominik Maier 2, Nicolas Schneider 1, Julian Kirsch 3, and Tilo Müller 1 1 Friedrich-Alexander University Erlangen-Nürnberg
More informationMobile Payment Application Security. Security steps to take while developing Mobile Application s. SISA Webinar.
Mobile Payment Application Security Security steps to take while developing Mobile Application s About SISA Payment Security Specialists PCI Certification Body (PCI Qualified Security Assessor) Payment
More informationReverse Engineering Malware Dynamic Analysis of Binary Malware II
Reverse Engineering Malware Dynamic Analysis of Binary Malware II Jarkko Turkulainen F-Secure Corporation Protecting the irreplaceable f-secure.com Advanced dynamic analysis Debugger scripting Hooking
More informationTHE POWER AND RISK OF MOBILE. White paper
THE POWER AND RISK OF MOBILE White paper TABLE OF CONTENTS Executive Summary - 3 Introduction - 4 The Power and Risk of Mobile - 4 Growing Dominance of Android - 5 Best Practices to Develop Secure Mobile
More informationEU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux
EU GENERAL DATA PROTECTION: TIME TO ACT Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux Is this the WAY you handle GDPR today 2 3 area s to consider
More informationT Jarkko Turkulainen, F-Secure Corporation
T-110.6220 2010 Emulators and disassemblers Jarkko Turkulainen, F-Secure Corporation Agenda Disassemblers What is disassembly? What makes up an instruction? How disassemblers work Use of disassembly In
More informationTrusted Computing and O/S Security. Aggelos Kiayias Justin Neumann
Trusted Computing and O/S Security Aggelos Kiayias Justin Neumann O/S Security Fundamental concept for O/S Security: separation. hardware kernel system user Each layer may try to verify the outer layer
More informationSoftware Protection: How to Crack Programs, and Defend Against Cracking Lecture 4: Code Obfuscation Minsk, Belarus, Spring 2014
Software Protection: How to Crack Programs, and Defend Against Cracking Lecture 4: Code Obfuscation Minsk, Belarus, Spring 2014 Christian Collberg University of Arizona www.cs.arizona.edu/ collberg c June
More informationID: Sample Name: tesseract-ocrsetup exe. Cookbook: default.jbs Time: 16:44:15 Date: 12/02/2018 Version:
ID: 46161 Sample Name: tesseract-ocrsetup-3.05.01.exe Cookbook: default.jbs Time: 16:44:15 Date: 12/02/2018 Version: 20.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence
More informationCoordinated Disclosure of Vulnerabilities in McAfee Security Android
Coordinated Disclosure of Vulnerabilities in McAfee Security Android 4.8.0.370 1 Executive summary Researchers of MRG Effitas tested the McAfee Security Android application. During use, we came across
More informationRomain Thomas - Static instrumentation based on executable file formats
Romain Thomas - rthomas@quarkslab.com Static instrumentation based on executable file formats About Romain Thomas - Security engineer at Quarkslab Working on various topics: Android, (de)obfuscation, software
More informationLIEF: Library to Instrument Executable Formats
RMLL 2017 Romain Thomas - rthomas@quarkslab.com LIEF: Library to Instrument Executable Formats Table of Contents Introduction Project Overview Demo Conclusion About Romain Thomas (rthomas@quarkslab.com)
More informationResearch Article DWroidDump: Executable Code Extraction from Android Applications for Malware Analysis
Distributed Sensor Networks Volume 2015, Article ID 379682, 9 pages http://dx.doi.org/10.1155/2015/379682 Research Article DWroidDump: Executable Code Extraction from Android Applications for Malware Analysis
More informationAndroid Analysis Tools. Yuan Tian
Android Analysis Tools Yuan Tian Malware are more creative: XcodeGhost More than 300 a pps are infected, including wechat and netease Collect device ID, Apple ID and p assword 10/3/15 CMU Mobile Security
More informationObfuscator-LLVM. - Software Obfuscation for the Masses. area41 // Zürich //
Obfuscator-LLVM - Software Obfuscation for the Masses area41 // Zürich // 02-06-2014 Who? Who? Pascal Junod (@cryptopathe), Julien Rinaldini (@pyknite), Johan Wehrli (@jowehrli) // HEIG-VD Julie Michielin
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationFile System Interpretation
File System Interpretation Part III. Advanced Techniques and Tools for Digital Forensics CSF: Forensics Cyber-Security Fall 2018 Nuno Santos Previously: Introduction to Android forensics! How does Android
More informationMobile and Ubiquitous Computing: Android Programming (part 1)
Mobile and Ubiquitous Computing: Android Programming (part 1) Master studies, Winter 2015/2016 Dr Veljko Pejović Veljko.Pejovic@fri.uni-lj.si The World of Android The Android Platform A mobile operating
More informationCryptoAuthentication Firmware Protection
CryptoAuthentication Firmware Protection Atmel...Everywhere You Are...Securely September 09 1 CRYPTOAUTHENTICATION Device basics Agenda Keys and OTP fuses Operational block diagram Firmware protection
More informationConnectWise Automate. What is ConnectWise Automate?
What is ConnectWise Automate? ConnectWise Automate is a remote monitoring and management tool (RMM) that allows us to actively track the health and performance of your IT network. We compile that data
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationManaged. Code Rootkits. Hooking. into Runtime. Environments. Erez Metula ELSEVIER. Syngress is an imprint of Elsevier SYNGRESS
Managed Code Rootkits Hooking into Runtime Environments Erez Metula ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an imprint
More informationAndroid App Protection via Interpretation Obfuscation
Android App Protection via Interpretation Obfuscation Junliang Shu, Juanru Li, Yuanyuan Zhang and Dawu Gu Lab of Cryptology and Computer Security Shanghai Jiao Tong University Shanghai, China, Abstract
More informationAndroid Reverse Engineering tools Not the Usual Suspects. Axelle Apvrille - Fortinet
Android Reverse Engineering tools Not the Usual Suspects Axelle Apvrille - Fortinet aapvrille@fortinet.com Virus Bulletin, October 2017 Virus Bulletin Oct 2017 - A. Apvrille 2/34 Outline 1 Docker environment
More informationAnalysis of Java Code Protector
Analysis of Java Code Protector September 2005 December 2005 Submitted to Lockheed Martin Co. Principal Investigators Students Advisors Sean McGinnis ECE Dr. Gina Tang Matthew Sargent ECE Dr. Ravi Ramachandran
More informationComputer Security. 10. Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2017
Computer Security 10. Exam 2 Review Paul Krzyzanowski Rutgers University Spring 2017 March 23, 2018 CS 419 2017 Paul Krzyzanowski 1 Question 1(a) Suppose you come across some old text in the form GEPPQ
More informationNifty stuff that you can still do with Android. Xavier 'xeu' Martin HES 2013 May 2th 2013
Nifty stuff that you can still do with Android Xavier 'xeu' Martin HES 2013 May 2th 2013 1 Thank You! This presentation is a compilation of original research done by the following people: Tim Strazzere
More informationTechnical Report. Verifying the Integrity of Open Source Android Applications. Michael Macnair. RHUL MA March 2015
Verifying the Integrity of Open Source Android Applications Michael Macnair Technical Report RHUL MA 2015 4 4 March 2015 Information Security Group Royal Holloway University of London Egham, Surrey, TW20
More informationAndroid Application Sandbox. Thomas Bläsing DAI-Labor TU Berlin
Android Application Sandbox Thomas Bläsing DAI-Labor TU Berlin Agenda Introduction What is Android? Malware on smartphones Common countermeasures on the Android platform Use-Cases Design Conclusion Summary
More informationCSE Fall Project 1: Password Management
CSE 543 - Fall 2017 - Project 1: Password Management 1 Dates Out: August 26, 2017 Due: September 20, 2017 2 Introduction In this project, you will complete the implementation of a password management system.
More informationSecuring the SMB Cloud Generation
Securing the SMB Cloud Generation Intelligent Protection Against the New Generation of Threats Colin Brackman, National Distribution Manager, Consumer Sales, Symantec Christopher Covert Principal Product
More informationDanny Quist. Blackhat USA 2008
Temporal Reverse Engineering Danny Quist Colin Ames Blackhat USA 2008 1 Danny Quist Co-founder Offensive Computing, LLC Ph.D. Candidate at New Mexico Tech Reverse Engineering i Instructor Infosec Institute
More informationCoordinated Disclosure of Vulnerabilities in AVG Antivirus Free Android
Coordinated Disclosure of Vulnerabilities in AVG Antivirus Free Android 5.9.4.1 1 Executive summary Researchers of MRG Effitas tested the AVG AntiVirus Free Android application. During use, we came across
More informationThe missing link in the chain? Android network analysis. Rowland Yu Senior Threat Researcher II
The missing link in the chain? Android network analysis Rowland Yu Senior Threat Researcher II Facts Facts Monthly Sample Doubled from 2015 to 2018 600000 Monthly Android Malware Statistics: from September
More informationSECURITY ARCHITECTURES CARSTEN WEINHOLD
Department of Computer Science Institute of System Architecture, Operating Systems Group SECURITY ARCHITECTURES CARSTEN WEINHOLD MOTIVATION Common observations: Complex software has security bugs Users
More informationLecture 14. System Integrity Services Obfuscation
Lecture 14 System Integrity Services Obfuscation OS independent integrity checking Observation Majority of critical server vulnerabilities are memory based Modern anti-virus software must scan memory Modern
More informationWhen providing a native mobile app ruins the security of your existing web solution. CyberSec Conference /11/2015 Jérémy MATOS
When providing a native mobile app ruins the security of your existing web solution CyberSec Conference 2015 05/11/2015 Jérémy MATOS whois securingapps Developer background Spent last 10 years working
More informationObfuscation-Resilient Code Detection Analyses for Android Apps
Obfuscation-Resilient Code Detection Analyses for Android Apps Dissertation Presented in Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy in the Graduate School of The Ohio State
More informationSoftware Protection: How to Crack Programs, and Defend Against Cracking Lecture 5: Code Obfuscation II Moscow State University, Spring 2014
Software Protection: How to Crack Programs, and Defend Against Cracking Lecture 5: Code Obfuscation II Moscow State University, Spring 2014 Christian Collberg University of Arizona www.cs.arizona.edu/
More informationWhite-Box Cryptography
Based on: J. W. Bos, C. Hubain, W. Michiels, P. Teuwen. In CHES 2016: Differential computation analysis: Hiding your white-box designs is not enough. White-Box Cryptography Don't Forget About Grey Box
More informationTongbo Luo Cong Zheng Zhi Xu Xin Ouyang ANTI-PLUGIN: DON T LET YOUR APP PLAY AS AN ANDROID PLUGIN
Tongbo Luo Cong Zheng Zhi Xu Xin Ouyang ANTI-PLUGIN: DON T LET YOUR APP PLAY AS AN ANDROID PLUGIN Bio Black Hat Veteran. Principle Security Researcher @ PANW. Mobile Security - Discover Malware - Android
More informationPlaying Hide and Seek with Dalvik Executables
Playing Hide and Seek with Dalvik Executables Axelle Apvrille Hack.Lu, October 2013 Hack.Lu 2013 - A. Apvrille 2/20 Who am i? whoami #!/usr/bin/perl -w my $self = { realname => Axelle Apvrille, nickname
More informationPortable Executable format, TitaniumCore report and packers. Katja Pericin
Portable Executable format, TitaniumCore report and packers Katja Pericin Portable Executable format 3/21/2018 2 Introduction file? operating system abstraction for a data container segment(s) of physical
More informationPorting mobile web application engine to the Android platform
2010 10th IEEE International Conference on Computer and Information Technology (CIT 2010) Porting mobile web application engine to the Android platform Yonghong Wu, Jianchao Luo, Lei Luo School of Computer
More informationCHAPTER 2: SYSTEM STRUCTURES. By I-Chen Lin Textbook: Operating System Concepts 9th Ed.
CHAPTER 2: SYSTEM STRUCTURES By I-Chen Lin Textbook: Operating System Concepts 9th Ed. Chapter 2: System Structures Operating System Services User Operating System Interface System Calls Types of System
More informationChapter 2: Operating-System Structures
Chapter 2: Operating-System Structures Chapter 2: Operating-System Structures Operating System Services User Operating System Interface System Calls Types of System Calls System Programs Operating System
More informationCuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes
CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes Patrick Carter, Collin Mulliner, Martina Lindorfer, William Robertson, Engin Kirda 02/23/2016 Android 2015
More informationDigital Signature Records for the NFC Data Exchange Format
Digital Signature Records for the NFC Data Exchange Format Michael Roland Upper Austria University of Applied Sciences,, Austria 2 nd International Workshop on Near Field Communication 20 April 2010, Monaco
More informationMcAfee Advanced Threat Defense
Advanced Threat Defense Detect advanced malware Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike
More informationIdentifying the Applied Obfuscation Method towards De-obfuscation
Identifying the Applied Obfuscation Method towards De-obfuscation Hayato Sagisaka Division of Frontier Informatics, Graduate School of Kyoto Sangyo University. Haruaki Tamada Faculty of Computer Science
More informationMobile Devices prioritize User Experience
Mobile Security 1 Uniqueness of Mobile Mobile Devices are Shared More Often Mobile Devices are Used in More Locations Mobile Devices prioritize User Experience Mobile Devices have multiple personas Mobile
More informationMobile Trends And The New Threats Is Your SAP System Vulnerable to Cyber Attacks? Stephen Lamy, Virtual Forge
Mobile Trends And The New Threats Is Your SAP System Vulnerable to Cyber Attacks? Stephen Lamy, Virtual Forge Agenda Mobile Trends and The New Threats The Forgotten Layer Benchmarks of Defects in Custom
More information