Reverse Engineering on Android

Reverse Engineering on AndroidCanh Le My2014.08.111AGENDAMotivationAndroid app packingHow android execute your applicationAvailable toolsDemonstration

22MotivationBright side:How to secure your appDark side:Learn about an applicationModification and its innumerous purposesTodays talk.3Android app packingApkJar/Zip fileContain metadata Manifest Certificates Layouts Contain code classes.dexjars native libraries Contain resources/assets4

How android execute your app/data/app/package-name-.apk

5

How android execute your appDalvik

6

How android execute your appSmali

7

Available toolsApktoolhttps://code.google.com/p/android-apktool/Apache license 2.0Decompile and Recompile apk fileDecoding resources to nearly original form (including resources.arsc, XMLs and 9.png files) and rebuilding them.Baksmali: Classes.dex smali filesSmali: Classes.dex smali filesBut smali code is hard to read?

8

Available toolsDex2jarhttps://code.google.com/p/dex2jar/classes.dex jar file contains *.classDecompile toolsjd-gui: not support try-catch, java 5+jad: no longer maintainedProcyon / Java Decompiler the best choicehttps://bitbucket.org/mstrobel/procyon

9

DemonstrationWe can use freedom to bypass IAP, but not always successhttp://system.in-appstore.com/freedom/Expense Manager

10

https://play.google.com/store/apps/details?id=at.markushi.expensemanagerFreedom works, but it will lock premium features again after a day.So, lets see what can we do

Demonstration 2Practice English Grammar

11

https://play.google.com/store/apps/details?id=com.testsstore.app.peg0Freedom does NOT work.So, lets see

Demonstration 3Money Lover

12

https://play.google.com/store/apps/details?id=com.testsstore.app.peg0Freedom works perfectly but you can do a try.

Q&A13THANK YOU!14