andevcon: android reverse engineering
Post on 13-Jun-2015
Embed Size (px)
DESCRIPTIONSlides of the presentation at the AnDevCon: Android Reverse Engineering
- 1. Agenda:-Intro -Purpose -Tools -APK Structure -Obtaining APKs -Decompiling -Manipulation -Repackage/signing -Examples -Prevention !
2. Ego slideMobile Developer @ Sixt M. Sc. UCM/RWTH CS Teacher at Alcal University ! ! !+EnriqueLpezMaas @eenriquelopez 3. Reverse EngineeringObtaining source code from a compiled source ! 4. Why Java?-Java code is partially compiled and then interpreted -JVM and opcodes are xed -Few instructions -No real protection 5. Why Android?-APKs are easily downloadable -Obfuscation does not happen by default - APK to JAR translation is easy 6. Legal issuesSmall set: !- Dont decompile, recompile and pass it off as your own - Dont try to sell it as your own - If License Agreement forbids decompiling, do not decompile -Dont decompile to remove protection mechanisms 7. Legal issuesUS !- Precedents allowing decompilation !(Sega vs. Acolade, http://digitallaw-online.info/cases/ 24PQ2D1561.htm) 8. Legal issuesEU (Directive on the Legal Protection of Computer Programs ) - Allows decompilation !(if you need access to internal calls and authors refuse to divulge API) !BUT: !-Only to interface your program -Only if they are not protected 9. GenerallyYES: !- Understand interoperatibility - Create a program interface !NO: !- Create a copy and sell it. 10. Privacy leaksCheatingCode injectionPasswordsScore manipulationDownload from obscure sourcesPersonal dataAsset manipulationUnrequested data collection/stealAdsMalware 11. EducationalInterfacingProtectionLearning codeCreating interfacesChecking our own mistakes!Researching bugsImproving existing resources 12. Dex2Jar 13. JD-GUI 14. JAD 15. apktool 16. Eclipse 17. Java programming(SDK/NDK)Distribution (freely, Google Play or other)Compiling to DEX, running in DVMPackage signed as APK 18. Obtaining APKConverting DEX to JarDecompiling Java 19. How to obtain APKs 22.214.171.124.-Pulling from device Using GooglePlay Python API Alternative sources Sniffer transfer 20. Pulling from device:Connect with USB cable ADB Root 21. Alternative Sources: 22. Sniffer: 23. Google Play Python API: 24. First unzip 25. Using dex2jar to create a Jar 26. Using a Java Decompiler 27. Some tips: Look for known strings Not only code: also XML and resources Be aware of obfuscation 28. Edit and modify resources Change essential code SMALI 29. Create certicate with JDK Keytool Sign Jar with JDK jarsigner 30. HelloWorld Crackme Code injection 31. Protecting your source [We want] to protect [the] code by making reverse engineering so technically difcult that it becomes impossible or at the very least economically inviable.!-Christian Collberg, 32. Idea #1Writing two versions of the app 33. Idea #2 Obfuscation When obfu scation is outlawed, only outlaw s will sifj difdm woeemf eifm. 34. Idea #3 WebServices 35. Idea #4 FingerPrinting our code 36. Idea #5 Native methods 37. Thank you !+ Enrique Lpez Maas @eenriquelopez