SlideShare una empresa de Scribd logo

Code Obfuscation for Android and Windows Phone 7 Apps

Descargar como PPTX, PDF
Jeff Bollinger
Jeff Bollinger

Code Obfuscation slide deck from 9/1/2011 Mobile St. Cloud meeting.

Tecnología
1 de 31
Code ObfuscationAndroid and Windows Phone 7 Mobile St. Cloud
What is it? Code obfuscation is the process of making code difficult to understand. It helps in discouraging an unauthorized person from reverse engineering an application to get access to its code without the permission of the author.
What it is not? It is not a way to prevent reverse engineering of code
Why should you consider it? It is very easy to view code that is not obfuscated Nothing stands in between attacker and code
Talk layout Android Reverse engineering obfuscation Inspect obfuscated code Windows Phone 7 Reverse engineering obfuscation Inspect obfuscated code
Android app reverse engineering To view code in an Android app .apk-> .dex-> .jar -> code .apk: App package (xml, images… everything) .dex: dalvik executable (code)
Android app reverse engineering cont’d Using Dex2jar + jd-gui Unzip the .apk file to get .dex Use Dex2jar to get .jar from .dexfile Unzip and use in command line dex2jar.bat <.dex file> Use jd-guito view code from .jar file Unzip and run exe
Android app reverse engineering cont’d
Dex2Jar +jd-gui Example
Android Code Obfuscation ProGuard The standard tool recommended by Android Optional but highly recommended Features Shrinks Optimizes Obfuscates You get Smaller size .apk file App difficult to reverse engineer
Android Code Obfuscation cont’d Integrated into Android build system Runs only when the app is built in release mode
ProGuard usage Enable Make an entry for proguard.config file path in default.properties relative/absolute Can move proguard.config and use relative path In project root directoryby default
ProGuard usage cont’d Building Build in release mode Turn off debugging. Set android:debuggable=”false” in AndroidManifest.xml in application tag Export apkfile (Eclipse) File -> Export -> Export Android Application Select the project to be exported Select a keystore All fields required Enter key details First five fields required
ProGuard usage cont’d
ProGuardusage cont’d
ProGuard obfuscation example
Inspect ProGuard obfuscation Verify promised features of ProGuard Size Optimization Obfuscation
ProGuard settings There are some custom settings available If a class is only referenced in the Manifest file, ProGuard will not see it keep public class <YourClassName>
WP7 reverse engineering To view code in a WP7 app xap -> .dll -> code .xap: App package (images… everything) .dll: windows dll
WP7 reverse engineering cont’d Using JustDecompile (telerik) – Free Shows each property and method separately Class only shows method signatures Just fire up and open dll
WP7 reverse engineering cont’d
JustDecompile example
WP7 reverse engineering cont’d Using dotPeek (JetBrains) – Free Was still in beta till recently Just unzip the tool, like Eclipse Opens up entire class, not separate entries for methods and properties
WP7 reverse engineering cont’d
dotPeek example
WP7 reverse engineering cont’d Other tools .Net Reflector (redgate) – Paid Used to be free but not anymore
WP7 Code Obfuscation Dotfuscator (Preemptive Solutions) The standard tool recommended by Microsoft Obfuscation features Renaming Control flow String encryption Not just an obfuscation tool, does instrumentation too Lets you view how your app is being used
Dotfuscator usage Download the installer Requires registration Will ask you to enter unique company name Suggests use your name if you have no company URL http://www.preemptive.com/windowsphone7.html
Dotfuscator usage cont’d Fire up Dotfuscator exe File -> New Project Open .xap file to obfuscate Add new input file (folder icon) Select the .xap to obfuscate Package artifacts will not be obfuscated
Dotfuscator obfuscation example
Thank you Me Osman Syed Meer Linked in Twitter (osmanmeer)

Recomendados

Blink downcast helpers
Blink downcast helpersBlink downcast helpers
Blink downcast helpersAbhijeet Kandalkar
 
Rock Your Code With Code Contracts -2013
Rock Your Code With Code Contracts -2013Rock Your Code With Code Contracts -2013
Rock Your Code With Code Contracts -2013David McCarter
 
Back-2-Basics: Exception & Event Instrumentation in .NET
Back-2-Basics: Exception & Event Instrumentation in .NETBack-2-Basics: Exception & Event Instrumentation in .NET
Back-2-Basics: Exception & Event Instrumentation in .NETDavid McCarter
 
Webinar on Google Android SDK
Webinar on Google Android SDKWebinar on Google Android SDK
Webinar on Google Android SDKSchogini Systems Pvt Ltd
 
Throwing Laravel into your Legacy App™
Throwing Laravel into your Legacy App™Throwing Laravel into your Legacy App™
Throwing Laravel into your Legacy App™Joe Ferguson
 
Automatic Test 2019-07-25
Automatic Test 2019-07-25Automatic Test 2019-07-25
Automatic Test 2019-07-25FedericoGuerinoni
 
I++ unit testing
I++ unit testingI++ unit testing
I++ unit testingGil Zilberfeld
 
Checkstyle wikipedia
Checkstyle wikipediaCheckstyle wikipedia
Checkstyle wikipediaThiago Souto Mendes
 

Recomendados

Blink downcast helpers
Blink downcast helpersBlink downcast helpers
Blink downcast helpersAbhijeet Kandalkar
 
Rock Your Code With Code Contracts -2013
Rock Your Code With Code Contracts -2013Rock Your Code With Code Contracts -2013
Rock Your Code With Code Contracts -2013David McCarter
 
Back-2-Basics: Exception & Event Instrumentation in .NET
Back-2-Basics: Exception & Event Instrumentation in .NETBack-2-Basics: Exception & Event Instrumentation in .NET
Back-2-Basics: Exception & Event Instrumentation in .NETDavid McCarter
 
Webinar on Google Android SDK
Webinar on Google Android SDKWebinar on Google Android SDK
Webinar on Google Android SDKSchogini Systems Pvt Ltd
 
Throwing Laravel into your Legacy App™
Throwing Laravel into your Legacy App™Throwing Laravel into your Legacy App™
Throwing Laravel into your Legacy App™Joe Ferguson
 
Automatic Test 2019-07-25
Automatic Test 2019-07-25Automatic Test 2019-07-25
Automatic Test 2019-07-25FedericoGuerinoni
 
I++ unit testing
I++ unit testingI++ unit testing
I++ unit testingGil Zilberfeld
 
Checkstyle wikipedia
Checkstyle wikipediaCheckstyle wikipedia
Checkstyle wikipediaThiago Souto Mendes
 
Code Clone Detection in Visual Studio 2012
Code Clone Detection in Visual Studio 2012Code Clone Detection in Visual Studio 2012
Code Clone Detection in Visual Studio 2012Suhail Jamaldeen
 
Mocking vtcc3 - en
Mocking vtcc3 - enMocking vtcc3 - en
Mocking vtcc3 - envgrondin
 
FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09Pyxis Technologies
 
New Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning RoslynNew Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning RoslynPVS-Studio
 
Code review best practice
Code review best practiceCode review best practice
Code review best practiceOren Digmi
 
Test Driven Development - Overview and Adoption
Test Driven Development - Overview and AdoptionTest Driven Development - Overview and Adoption
Test Driven Development - Overview and AdoptionPyxis Technologies
 
Tdd in php a brief example
Tdd in php a brief exampleTdd in php a brief example
Tdd in php a brief exampleJeremy Kendall
 
10 Things You Probably Should Have Learned With Your Computer Science Degree....
10 Things You Probably Should Have Learned With Your Computer Science Degree....10 Things You Probably Should Have Learned With Your Computer Science Degree....
10 Things You Probably Should Have Learned With Your Computer Science Degree....New Relic
 
Zero to Zend Framework in 10 minutes
Zero to Zend Framework in 10 minutesZero to Zend Framework in 10 minutes
Zero to Zend Framework in 10 minutesJeremy Kendall
 
TDD in PHP - Memphis PHP 2011-08-25
TDD in PHP - Memphis PHP 2011-08-25TDD in PHP - Memphis PHP 2011-08-25
TDD in PHP - Memphis PHP 2011-08-25Jeremy Kendall
 
Sonarlint
SonarlintSonarlint
Sonarlintpenetration Tester
 
code documentation
code documentationcode documentation
code documentationMADUABUM NNANNA
 
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...Pavneet Singh Kochhar
 
Code Quality Management iOS
Code Quality Management iOSCode Quality Management iOS
Code Quality Management iOSArpit Kulsreshtha
 
Behaviour Driven Development with SpecFlow
Behaviour Driven Development with SpecFlowBehaviour Driven Development with SpecFlow
Behaviour Driven Development with SpecFlowPascal Laurin
 
NET Code Testing
NET Code TestingNET Code Testing
NET Code TestingKirill Miroshnichenko
 
Android Applications Introduction
Android Applications IntroductionAndroid Applications Introduction
Android Applications IntroductionAnjali Rao
 
A Brief Introduction to Zend_Form
A Brief Introduction to Zend_FormA Brief Introduction to Zend_Form
A Brief Introduction to Zend_FormJeremy Kendall
 
Study Jam: Android for Beginners, Summary
Study Jam: Android for Beginners, SummaryStudy Jam: Android for Beginners, Summary
Study Jam: Android for Beginners, SummaryConstantine Mars
 
Binary Studio Academy: .NET Code Testing
Binary Studio Academy: .NET Code TestingBinary Studio Academy: .NET Code Testing
Binary Studio Academy: .NET Code TestingBinary Studio
 
MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsRon Munitz
 
Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Licel
 

Más contenido relacionado

La actualidad más candente

Code Clone Detection in Visual Studio 2012
Code Clone Detection in Visual Studio 2012Code Clone Detection in Visual Studio 2012
Code Clone Detection in Visual Studio 2012Suhail Jamaldeen
 
Mocking vtcc3 - en
Mocking vtcc3 - enMocking vtcc3 - en
Mocking vtcc3 - envgrondin
 
FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09Pyxis Technologies
 
New Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning RoslynNew Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning RoslynPVS-Studio
 
Code review best practice
Code review best practiceCode review best practice
Code review best practiceOren Digmi
 
Test Driven Development - Overview and Adoption
Test Driven Development - Overview and AdoptionTest Driven Development - Overview and Adoption
Test Driven Development - Overview and AdoptionPyxis Technologies
 
Tdd in php a brief example
Tdd in php a brief exampleTdd in php a brief example
Tdd in php a brief exampleJeremy Kendall
 
10 Things You Probably Should Have Learned With Your Computer Science Degree....
10 Things You Probably Should Have Learned With Your Computer Science Degree....10 Things You Probably Should Have Learned With Your Computer Science Degree....
10 Things You Probably Should Have Learned With Your Computer Science Degree....New Relic
 
Zero to Zend Framework in 10 minutes
Zero to Zend Framework in 10 minutesZero to Zend Framework in 10 minutes
Zero to Zend Framework in 10 minutesJeremy Kendall
 
TDD in PHP - Memphis PHP 2011-08-25
TDD in PHP - Memphis PHP 2011-08-25TDD in PHP - Memphis PHP 2011-08-25
TDD in PHP - Memphis PHP 2011-08-25Jeremy Kendall
 
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...Pavneet Singh Kochhar
 
Behaviour Driven Development with SpecFlow
Behaviour Driven Development with SpecFlowBehaviour Driven Development with SpecFlow
Behaviour Driven Development with SpecFlowPascal Laurin
 
Android Applications Introduction
Android Applications IntroductionAndroid Applications Introduction
Android Applications IntroductionAnjali Rao
 
A Brief Introduction to Zend_Form
A Brief Introduction to Zend_FormA Brief Introduction to Zend_Form
A Brief Introduction to Zend_FormJeremy Kendall
 
Study Jam: Android for Beginners, Summary
Study Jam: Android for Beginners, SummaryStudy Jam: Android for Beginners, Summary
Study Jam: Android for Beginners, SummaryConstantine Mars
 
Binary Studio Academy: .NET Code Testing
Binary Studio Academy: .NET Code TestingBinary Studio Academy: .NET Code Testing
Binary Studio Academy: .NET Code TestingBinary Studio
 

La actualidad más candente (20)

Code Clone Detection in Visual Studio 2012
Code Clone Detection in Visual Studio 2012Code Clone Detection in Visual Studio 2012
Code Clone Detection in Visual Studio 2012
 
Mocking vtcc3 - en
Mocking vtcc3 - enMocking vtcc3 - en
Mocking vtcc3 - en
 
FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09
 
New Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning RoslynNew Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning Roslyn
 
Code review best practice
Code review best practiceCode review best practice
Code review best practice
 
Test Driven Development - Overview and Adoption
Test Driven Development - Overview and AdoptionTest Driven Development - Overview and Adoption
Test Driven Development - Overview and Adoption
 
Tdd in php a brief example
Tdd in php a brief exampleTdd in php a brief example
Tdd in php a brief example
 
10 Things You Probably Should Have Learned With Your Computer Science Degree....
10 Things You Probably Should Have Learned With Your Computer Science Degree....10 Things You Probably Should Have Learned With Your Computer Science Degree....
10 Things You Probably Should Have Learned With Your Computer Science Degree....
 
Zero to Zend Framework in 10 minutes
Zero to Zend Framework in 10 minutesZero to Zend Framework in 10 minutes
Zero to Zend Framework in 10 minutes
 
TDD in PHP - Memphis PHP 2011-08-25
TDD in PHP - Memphis PHP 2011-08-25TDD in PHP - Memphis PHP 2011-08-25
TDD in PHP - Memphis PHP 2011-08-25
 
Sonarlint
SonarlintSonarlint
Sonarlint
 
code documentation
code documentationcode documentation
code documentation
 
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
 
Code Quality Management iOS
Code Quality Management iOSCode Quality Management iOS
Code Quality Management iOS
 
Behaviour Driven Development with SpecFlow
Behaviour Driven Development with SpecFlowBehaviour Driven Development with SpecFlow
Behaviour Driven Development with SpecFlow
 
NET Code Testing
NET Code TestingNET Code Testing
NET Code Testing
 
Android Applications Introduction
Android Applications IntroductionAndroid Applications Introduction
Android Applications Introduction
 
A Brief Introduction to Zend_Form
A Brief Introduction to Zend_FormA Brief Introduction to Zend_Form
A Brief Introduction to Zend_Form
 
Study Jam: Android for Beginners, Summary
Study Jam: Android for Beginners, SummaryStudy Jam: Android for Beginners, Summary
Study Jam: Android for Beginners, Summary
 
Binary Studio Academy: .NET Code Testing
Binary Studio Academy: .NET Code TestingBinary Studio Academy: .NET Code Testing
Binary Studio Academy: .NET Code Testing
 

Similar a Code Obfuscation for Android and Windows Phone 7 Apps

MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsRon Munitz
 
Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Licel
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Dasnullowaspmumbai
 
Creating the first app with android studio
Creating the first app with android studioCreating the first app with android studio
Creating the first app with android studioParinita03
 
Android SDK and PhoneGap
Android SDK and PhoneGapAndroid SDK and PhoneGap
Android SDK and PhoneGapDoncho Minkov
 
AN ANDROID APP FOR BUILDING STUDENT PROFILES
AN ANDROID APP FOR BUILDING STUDENT PROFILESAN ANDROID APP FOR BUILDING STUDENT PROFILES
AN ANDROID APP FOR BUILDING STUDENT PROFILESIRJET Journal
 
Android Programming made easy
Android Programming made easyAndroid Programming made easy
Android Programming made easyLars Vogel
 
1 introduction of android
1 introduction of android1 introduction of android
1 introduction of androidakila_mano
 
Android_Studio_Structure.docx
Android_Studio_Structure.docxAndroid_Studio_Structure.docx
Android_Studio_Structure.docxKNANTHINIMCA
 
Installing eclipse & sdk
Installing eclipse & sdkInstalling eclipse & sdk
Installing eclipse & sdkArun Kumar
 
Android presentation
Android presentationAndroid presentation
Android presentationImam Raza
 
Android tutorial
Android tutorialAndroid tutorial
Android tutorialAbid Khan
 
Seminar on android app development
Seminar on android app developmentSeminar on android app development
Seminar on android app developmentAbhishekKumar4779
 
Questions About Android Application Development
Questions About Android Application DevelopmentQuestions About Android Application Development
Questions About Android Application DevelopmentAdeel Rasheed
 
Mobile Application Development-Lecture 03 & 04.pdf
Mobile Application Development-Lecture 03 & 04.pdfMobile Application Development-Lecture 03 & 04.pdf
Mobile Application Development-Lecture 03 & 04.pdfAbdullahMunir32
 

Similar a Code Obfuscation for Android and Windows Phone 7 Apps (20)

MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android Apps
 
Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015Is Your App Hackable for droidcon Berlin 2015
Is Your App Hackable for droidcon Berlin 2015
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
 
Creating the first app with android studio
Creating the first app with android studioCreating the first app with android studio
Creating the first app with android studio
 
Android SDK and PhoneGap
Android SDK and PhoneGapAndroid SDK and PhoneGap
Android SDK and PhoneGap
 
AN ANDROID APP FOR BUILDING STUDENT PROFILES
AN ANDROID APP FOR BUILDING STUDENT PROFILESAN ANDROID APP FOR BUILDING STUDENT PROFILES
AN ANDROID APP FOR BUILDING STUDENT PROFILES
 
Android Programming made easy
Android Programming made easyAndroid Programming made easy
Android Programming made easy
 
Android Development
Android DevelopmentAndroid Development
Android Development
 
1 introduction of android
1 introduction of android1 introduction of android
1 introduction of android
 
Android
AndroidAndroid
Android
 
Android_Studio_Structure.docx
Android_Studio_Structure.docxAndroid_Studio_Structure.docx
Android_Studio_Structure.docx
 
Installing eclipse & sdk
Installing eclipse & sdkInstalling eclipse & sdk
Installing eclipse & sdk
 
Android presentation
Android presentationAndroid presentation
Android presentation
 
Intro to Android Programming
Intro to Android ProgrammingIntro to Android Programming
Intro to Android Programming
 
Android
Android Android
Android
 
Android tutorial
Android tutorialAndroid tutorial
Android tutorial
 
Seminar on android app development
Seminar on android app developmentSeminar on android app development
Seminar on android app development
 
Questions About Android Application Development
Questions About Android Application DevelopmentQuestions About Android Application Development
Questions About Android Application Development
 
Mobile Application Development-Lecture 03 & 04.pdf
Mobile Application Development-Lecture 03 & 04.pdfMobile Application Development-Lecture 03 & 04.pdf
Mobile Application Development-Lecture 03 & 04.pdf
 
Bird.pdf
Bird.pdf Bird.pdf
Bird.pdf
 

Más de Jeff Bollinger

Minnebar 2013 - Scaling with Cassandra
Minnebar 2013 - Scaling with CassandraMinnebar 2013 - Scaling with Cassandra
Minnebar 2013 - Scaling with CassandraJeff Bollinger
 
Mobile News Madness - March 2012
Mobile News Madness - March 2012Mobile News Madness - March 2012
Mobile News Madness - March 2012Jeff Bollinger
 
Android Development with Flash Builder Burrito
Android Development with Flash Builder BurritoAndroid Development with Flash Builder Burrito
Android Development with Flash Builder BurritoJeff Bollinger
 
Objective C for C# Developers
Objective C for C# DevelopersObjective C for C# Developers
Objective C for C# DevelopersJeff Bollinger
 
Agile Development at W3i
Agile Development at W3iAgile Development at W3i
Agile Development at W3iJeff Bollinger
 

Más de Jeff Bollinger (7)

Minnebar 2013 - Scaling with Cassandra
Minnebar 2013 - Scaling with CassandraMinnebar 2013 - Scaling with Cassandra
Minnebar 2013 - Scaling with Cassandra
 
Mobile News Madness - March 2012
Mobile News Madness - March 2012Mobile News Madness - March 2012
Mobile News Madness - March 2012
 
Agile
AgileAgile
Agile
 
Android Development with Flash Builder Burrito
Android Development with Flash Builder BurritoAndroid Development with Flash Builder Burrito
Android Development with Flash Builder Burrito
 
Objective C for C# Developers
Objective C for C# DevelopersObjective C for C# Developers
Objective C for C# Developers
 
Mobile News Round Up
Mobile News Round UpMobile News Round Up
Mobile News Round Up
 
Agile Development at W3i
Agile Development at W3iAgile Development at W3i
Agile Development at W3i
 

Último

Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Último (20)

Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

Code Obfuscation for Android and Windows Phone 7 Apps

  • 1. Code ObfuscationAndroid and Windows Phone 7 Mobile St. Cloud
  • 2. What is it? Code obfuscation is the process of making code difficult to understand. It helps in discouraging an unauthorized person from reverse engineering an application to get access to its code without the permission of the author.
  • 3. What it is not? It is not a way to prevent reverse engineering of code
  • 4. Why should you consider it? It is very easy to view code that is not obfuscated Nothing stands in between attacker and code
  • 5. Talk layout Android Reverse engineering obfuscation Inspect obfuscated code Windows Phone 7 Reverse engineering obfuscation Inspect obfuscated code
  • 6. Android app reverse engineering To view code in an Android app .apk-> .dex-> .jar -> code .apk: App package (xml, images… everything) .dex: dalvik executable (code)
  • 7. Android app reverse engineering cont’d Using Dex2jar + jd-gui Unzip the .apk file to get .dex Use Dex2jar to get .jar from .dexfile Unzip and use in command line dex2jar.bat <.dex file> Use jd-guito view code from .jar file Unzip and run exe
  • 8. Android app reverse engineering cont’d
  • 10. Android Code Obfuscation ProGuard The standard tool recommended by Android Optional but highly recommended Features Shrinks Optimizes Obfuscates You get Smaller size .apk file App difficult to reverse engineer
  • 11. Android Code Obfuscation cont’d Integrated into Android build system Runs only when the app is built in release mode
  • 12. ProGuard usage Enable Make an entry for proguard.config file path in default.properties relative/absolute Can move proguard.config and use relative path In project root directoryby default
  • 13. ProGuard usage cont’d Building Build in release mode Turn off debugging. Set android:debuggable=”false” in AndroidManifest.xml in application tag Export apkfile (Eclipse) File -> Export -> Export Android Application Select the project to be exported Select a keystore All fields required Enter key details First five fields required
  • 17. Inspect ProGuard obfuscation Verify promised features of ProGuard Size Optimization Obfuscation
  • 18. ProGuard settings There are some custom settings available If a class is only referenced in the Manifest file, ProGuard will not see it keep public class <YourClassName>
  • 19. WP7 reverse engineering To view code in a WP7 app xap -> .dll -> code .xap: App package (images… everything) .dll: windows dll
  • 20. WP7 reverse engineering cont’d Using JustDecompile (telerik) – Free Shows each property and method separately Class only shows method signatures Just fire up and open dll
  • 23. WP7 reverse engineering cont’d Using dotPeek (JetBrains) – Free Was still in beta till recently Just unzip the tool, like Eclipse Opens up entire class, not separate entries for methods and properties
  • 26. WP7 reverse engineering cont’d Other tools .Net Reflector (redgate) – Paid Used to be free but not anymore
  • 27. WP7 Code Obfuscation Dotfuscator (Preemptive Solutions) The standard tool recommended by Microsoft Obfuscation features Renaming Control flow String encryption Not just an obfuscation tool, does instrumentation too Lets you view how your app is being used
  • 28. Dotfuscator usage Download the installer Requires registration Will ask you to enter unique company name Suggests use your name if you have no company URL http://www.preemptive.com/windowsphone7.html
  • 29. Dotfuscator usage cont’d Fire up Dotfuscator exe File -> New Project Open .xap file to obfuscate Add new input file (folder icon) Select the .xap to obfuscate Package artifacts will not be obfuscated
  • 31. Thank you Me Osman Syed Meer Linked in Twitter (osmanmeer)