SlideShare una empresa de Scribd logo

Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensics-rsa-conference-2014

viaForensics
viaForensics

Beginners' Guide to Reverse Engineering Android Apps - Pau Oliva Fora at RSA Conference 2014

Educación
1 de 22
Descargar para leer sin conexión
SESSION ID: Beginners Guide to Reverse Engineering Android Apps STU-W02B Pau Oliva Fora Sr. Mobile Security Engineer viaForensics @pof
#RSAC Agenda  Anatomy of an Android app  Obtaining our target apps  Getting our hands dirty: reversing the target application  Demo using Santoku Linux 2
Anatomy of an Android app
#RSAC Anatomy of an Android app  Simple ZIP file, renamed to “APK” extension  App resources  Signature  Manifest (binary XML) 4
Obtaining our target apps
#RSAC Getting the APK from the phone  Backup to SD Card:  APKOptic  Astro file manager  etc… 6
#RSAC Getting the APK from the phone  Using ADB (Android Debug Bridge):  adb shell pm list packages  adb pull /data/app/package-name-1.apk 7
#RSAC Downloading the APK from Google Play  Using unofficial Google Play API:  https://github.com/egirault/googleplay-api  Using a web service or browser extension:  http://apps.evozi.com/apk-downloader/  http://apify.ifc0nfig.com/static/clients/apk-downloader/ 8
#RSAC Downloading the APK from Google Play  Using unofficial Google Play API:  https://github.com/egirault/googleplay-api  Using a web service or browser extension:  http://apps.evozi.com/apk-downloader/  http://apify.ifc0nfig.com/static/clients/apk-downloader/ 9
Getting our hands dirty: reversing the target application
#RSAC Disassembling DEX Smali 11
#RSAC Apktool  apktool - https://code.google.com/p/android-apktool/  Multi platform, Apache 2.0 license  Decode resources to original form (and rebuild after modification)  Transforms binary Dalvik bytecode (classes.dex) into Smali source 12
#RSAC Smali 13
#RSAC Decompiling – Java Decompiler DEX JAR JAVA 14
#RSAC Dex2Jar  dex2jar - https://code.google.com/p/dex2jar/  Multi platform, Apache 2.0 license  Converts Dalvik bytecode (DEX) to java bytecode (JAR)  Allows to use any existing Java decompiler with the resulting JAR file 15
#RSAC Java Decompilers  Jd-gui - http://jd.benow.ca/  Multi platform  closed source  JAD - http://varaneckas.com/jad/  Multi platform  closed source  Command line  Others: Dare, Mocha, Procyon, … 16
#RSAC Decompiling – Android (Dalvik) decompiler DEX JAVA 17
#RSAC Dalvik Decompilers  Transforming DEX to JAR looses important metadata that the decompiler could use.  Pure Dalvik decompilers skip this step, so they produce better output  Unfortunately there are not as many choices for Android decompilers as for Java decompilers:  Open Source: Androguard’s DAD - https://code.google.com/p/androguard/  Commercial: JEB - http://www.android-decompiler.com/  Others? 18
Demo – Santoku
#RSAC Demo – Santoku Linux  Santoku Linux - https://santoku-linux.com/  Mobile Forensics  Mobile Malware analysis  Mobile application assessment 20
#RSAC Summary  APK files are ZIP files, can be extracted with any unzip utility  Apktool helps extracting binary resources, and allows repacking  Dex2jar converts Dalvik Bytecode to Java Bytecode  Pure Android decompilers are better  Santoku Linux has all the tools you need to reverse engineering mobile apps 21
#RSAC Q&A | Contact | Feedback  Thanks for listening…  @pof  github.com/poliva  poliva@viaforensics.com 22

Recomendados

inside dvm internals
inside dvm internalsinside dvm internals
inside dvm internalsMykola Bova
 
Springboard & OpenCV
Springboard & OpenCVSpringboard & OpenCV
Springboard & OpenCVCruise Chen
 
.Net Hijacking to Defend PowerShell BSidesSF2017
.Net Hijacking to Defend PowerShell BSidesSF2017 .Net Hijacking to Defend PowerShell BSidesSF2017
.Net Hijacking to Defend PowerShell BSidesSF2017 Amanda Rousseau
 
Scala FS 2012
Scala FS 2012Scala FS 2012
Scala FS 2012Diego Pacheco
 
Java 9 new features
Java 9 new featuresJava 9 new features
Java 9 new featuresMasudul Haque
 
FRIDA 101 Android
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 AndroidTony Thomas
 
Os Koziarsky
Os KoziarskyOs Koziarsky
Os Koziarskyoscon2007
 
Android - ADB
Android - ADBAndroid - ADB
Android - ADBYossi Gruner
 

Recomendados

inside dvm internals
inside dvm internalsinside dvm internals
inside dvm internalsMykola Bova
 
Springboard & OpenCV
Springboard & OpenCVSpringboard & OpenCV
Springboard & OpenCVCruise Chen
 
.Net Hijacking to Defend PowerShell BSidesSF2017
.Net Hijacking to Defend PowerShell BSidesSF2017 .Net Hijacking to Defend PowerShell BSidesSF2017
.Net Hijacking to Defend PowerShell BSidesSF2017 Amanda Rousseau
 
Scala FS 2012
Scala FS 2012Scala FS 2012
Scala FS 2012Diego Pacheco
 
Java 9 new features
Java 9 new featuresJava 9 new features
Java 9 new featuresMasudul Haque
 
FRIDA 101 Android
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 AndroidTony Thomas
 
Os Koziarsky
Os KoziarskyOs Koziarsky
Os Koziarskyoscon2007
 
Android - ADB
Android - ADBAndroid - ADB
Android - ADBYossi Gruner
 
Import golang; struct microservice
Import golang; struct microserviceImport golang; struct microservice
Import golang; struct microserviceGiulio De Donato
 
Who Needs Thumbs? Reverse Engineering Scramble with Friends v1.1
Who Needs Thumbs? Reverse Engineering Scramble with Friends v1.1Who Needs Thumbs? Reverse Engineering Scramble with Friends v1.1
Who Needs Thumbs? Reverse Engineering Scramble with Friends v1.1Apkudo
 
really really really awesome php application with bdd behat and iterfaces
really really really awesome php application with bdd behat and iterfacesreally really really awesome php application with bdd behat and iterfaces
really really really awesome php application with bdd behat and iterfacesGiulio De Donato
 
Aosp+
Aosp+Aosp+
Aosp+jpuderer
 
Startup Camp - Git, Python, Django session
Startup Camp - Git, Python, Django sessionStartup Camp - Git, Python, Django session
Startup Camp - Git, Python, Django sessionJuraj Michálek
 
You're Off the Hook: Blinding Security Software
You're Off the Hook: Blinding Security SoftwareYou're Off the Hook: Blinding Security Software
You're Off the Hook: Blinding Security SoftwareCylance
 
Asynchronous Systems with Fn Flow
Asynchronous Systems with Fn FlowAsynchronous Systems with Fn Flow
Asynchronous Systems with Fn FlowJosé Paumard
 
用 Go 語言實戰 Push Notification 服務
用 Go 語言實戰 Push Notification 服務用 Go 語言實戰 Push Notification 服務
用 Go 語言實戰 Push Notification 服務Bo-Yi Wu
 
ADB(Android Debug Bridge): How it works?
ADB(Android Debug Bridge): How it works?ADB(Android Debug Bridge): How it works?
ADB(Android Debug Bridge): How it works?Tetsuyuki Kobayashi
 
GCE 上搭配 Cloud Storage 建置 Drone CI
GCE 上搭配 Cloud Storage 建置 Drone CI GCE 上搭配 Cloud Storage 建置 Drone CI
GCE 上搭配 Cloud Storage 建置 Drone CIMING JUI Chen
 
What Can Reverse Engineering Do For You?
What Can Reverse Engineering Do For You?What Can Reverse Engineering Do For You?
What Can Reverse Engineering Do For You?Amanda Rousseau
 
X Means Y
X Means YX Means Y
X Means YCommonsWare
 
Golang Project Layout and Practice
Golang Project Layout and PracticeGolang Project Layout and Practice
Golang Project Layout and PracticeBo-Yi Wu
 
The Hookshot: Runtime Exploitation
The Hookshot: Runtime ExploitationThe Hookshot: Runtime Exploitation
The Hookshot: Runtime ExploitationPrathan Phongthiproek
 
ARM Cortex-A53 Errata on Andoid
ARM Cortex-A53 Errata on AndoidARM Cortex-A53 Errata on Andoid
ARM Cortex-A53 Errata on Andoidhidenorly
 
PyCon Canada 2015 - Is your python application secure
PyCon Canada 2015 - Is your python application securePyCon Canada 2015 - Is your python application secure
PyCon Canada 2015 - Is your python application secureIMMUNIO
 
Is your python application secure? - PyCon Canada - 2015-11-07
Is your python application secure? - PyCon Canada - 2015-11-07Is your python application secure? - PyCon Canada - 2015-11-07
Is your python application secure? - PyCon Canada - 2015-11-07Frédéric Harper
 
C/C++ Remote Development Overview
C/C++ Remote Development OverviewC/C++ Remote Development Overview
C/C++ Remote Development OverviewThitipong Jampajeen
 
Git, CMake, Conan - How to ship and reuse our C++ projects?
Git, CMake, Conan - How to ship and reuse our C++ projects?Git, CMake, Conan - How to ship and reuse our C++ projects?
Git, CMake, Conan - How to ship and reuse our C++ projects?Mateusz Pusz
 
sebis research profile
sebis research profilesebis research profile
sebis research profilesebistum
 
Hide Android applications in images
Hide Android applications in imagesHide Android applications in images
Hide Android applications in imagesAnge Albertini
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUMohit Rampal
 

Más contenido relacionado

La actualidad más candente

Import golang; struct microservice
Import golang; struct microserviceImport golang; struct microservice
Import golang; struct microserviceGiulio De Donato
 
Who Needs Thumbs? Reverse Engineering Scramble with Friends v1.1
Who Needs Thumbs? Reverse Engineering Scramble with Friends v1.1Who Needs Thumbs? Reverse Engineering Scramble with Friends v1.1
Who Needs Thumbs? Reverse Engineering Scramble with Friends v1.1Apkudo
 
really really really awesome php application with bdd behat and iterfaces
really really really awesome php application with bdd behat and iterfacesreally really really awesome php application with bdd behat and iterfaces
really really really awesome php application with bdd behat and iterfacesGiulio De Donato
 
Startup Camp - Git, Python, Django session
Startup Camp - Git, Python, Django sessionStartup Camp - Git, Python, Django session
Startup Camp - Git, Python, Django sessionJuraj Michálek
 
You're Off the Hook: Blinding Security Software
You're Off the Hook: Blinding Security SoftwareYou're Off the Hook: Blinding Security Software
You're Off the Hook: Blinding Security SoftwareCylance
 
Asynchronous Systems with Fn Flow
Asynchronous Systems with Fn FlowAsynchronous Systems with Fn Flow
Asynchronous Systems with Fn FlowJosé Paumard
 
用 Go 語言實戰 Push Notification 服務
用 Go 語言實戰 Push Notification 服務用 Go 語言實戰 Push Notification 服務
用 Go 語言實戰 Push Notification 服務Bo-Yi Wu
 
ADB(Android Debug Bridge): How it works?
ADB(Android Debug Bridge): How it works?ADB(Android Debug Bridge): How it works?
ADB(Android Debug Bridge): How it works?Tetsuyuki Kobayashi
 
GCE 上搭配 Cloud Storage 建置 Drone CI
GCE 上搭配 Cloud Storage 建置 Drone CI GCE 上搭配 Cloud Storage 建置 Drone CI
GCE 上搭配 Cloud Storage 建置 Drone CIMING JUI Chen
 
What Can Reverse Engineering Do For You?
What Can Reverse Engineering Do For You?What Can Reverse Engineering Do For You?
What Can Reverse Engineering Do For You?Amanda Rousseau
 
Golang Project Layout and Practice
Golang Project Layout and PracticeGolang Project Layout and Practice
Golang Project Layout and PracticeBo-Yi Wu
 
ARM Cortex-A53 Errata on Andoid
ARM Cortex-A53 Errata on AndoidARM Cortex-A53 Errata on Andoid
ARM Cortex-A53 Errata on Andoidhidenorly
 
PyCon Canada 2015 - Is your python application secure
PyCon Canada 2015 - Is your python application securePyCon Canada 2015 - Is your python application secure
PyCon Canada 2015 - Is your python application secureIMMUNIO
 
Is your python application secure? - PyCon Canada - 2015-11-07
Is your python application secure? - PyCon Canada - 2015-11-07Is your python application secure? - PyCon Canada - 2015-11-07
Is your python application secure? - PyCon Canada - 2015-11-07Frédéric Harper
 
C/C++ Remote Development Overview
C/C++ Remote Development OverviewC/C++ Remote Development Overview
C/C++ Remote Development OverviewThitipong Jampajeen
 
Git, CMake, Conan - How to ship and reuse our C++ projects?
Git, CMake, Conan - How to ship and reuse our C++ projects?Git, CMake, Conan - How to ship and reuse our C++ projects?
Git, CMake, Conan - How to ship and reuse our C++ projects?Mateusz Pusz
 

La actualidad más candente (19)

Import golang; struct microservice
Import golang; struct microserviceImport golang; struct microservice
Import golang; struct microservice
 
Who Needs Thumbs? Reverse Engineering Scramble with Friends v1.1
Who Needs Thumbs? Reverse Engineering Scramble with Friends v1.1Who Needs Thumbs? Reverse Engineering Scramble with Friends v1.1
Who Needs Thumbs? Reverse Engineering Scramble with Friends v1.1
 
really really really awesome php application with bdd behat and iterfaces
really really really awesome php application with bdd behat and iterfacesreally really really awesome php application with bdd behat and iterfaces
really really really awesome php application with bdd behat and iterfaces
 
Aosp+
Aosp+Aosp+
Aosp+
 
Startup Camp - Git, Python, Django session
Startup Camp - Git, Python, Django sessionStartup Camp - Git, Python, Django session
Startup Camp - Git, Python, Django session
 
You're Off the Hook: Blinding Security Software
You're Off the Hook: Blinding Security SoftwareYou're Off the Hook: Blinding Security Software
You're Off the Hook: Blinding Security Software
 
Asynchronous Systems with Fn Flow
Asynchronous Systems with Fn FlowAsynchronous Systems with Fn Flow
Asynchronous Systems with Fn Flow
 
用 Go 語言實戰 Push Notification 服務
用 Go 語言實戰 Push Notification 服務用 Go 語言實戰 Push Notification 服務
用 Go 語言實戰 Push Notification 服務
 
ADB(Android Debug Bridge): How it works?
ADB(Android Debug Bridge): How it works?ADB(Android Debug Bridge): How it works?
ADB(Android Debug Bridge): How it works?
 
GCE 上搭配 Cloud Storage 建置 Drone CI
GCE 上搭配 Cloud Storage 建置 Drone CI GCE 上搭配 Cloud Storage 建置 Drone CI
GCE 上搭配 Cloud Storage 建置 Drone CI
 
What Can Reverse Engineering Do For You?
What Can Reverse Engineering Do For You?What Can Reverse Engineering Do For You?
What Can Reverse Engineering Do For You?
 
X Means Y
X Means YX Means Y
X Means Y
 
Golang Project Layout and Practice
Golang Project Layout and PracticeGolang Project Layout and Practice
Golang Project Layout and Practice
 
The Hookshot: Runtime Exploitation
The Hookshot: Runtime ExploitationThe Hookshot: Runtime Exploitation
The Hookshot: Runtime Exploitation
 
ARM Cortex-A53 Errata on Andoid
ARM Cortex-A53 Errata on AndoidARM Cortex-A53 Errata on Andoid
ARM Cortex-A53 Errata on Andoid
 
PyCon Canada 2015 - Is your python application secure
PyCon Canada 2015 - Is your python application securePyCon Canada 2015 - Is your python application secure
PyCon Canada 2015 - Is your python application secure
 
Is your python application secure? - PyCon Canada - 2015-11-07
Is your python application secure? - PyCon Canada - 2015-11-07Is your python application secure? - PyCon Canada - 2015-11-07
Is your python application secure? - PyCon Canada - 2015-11-07
 
C/C++ Remote Development Overview
C/C++ Remote Development OverviewC/C++ Remote Development Overview
C/C++ Remote Development Overview
 
Git, CMake, Conan - How to ship and reuse our C++ projects?
Git, CMake, Conan - How to ship and reuse our C++ projects?Git, CMake, Conan - How to ship and reuse our C++ projects?
Git, CMake, Conan - How to ship and reuse our C++ projects?
 

Destacado

sebis research profile
sebis research profilesebis research profile
sebis research profilesebistum
 
Hide Android applications in images
Hide Android applications in imagesHide Android applications in images
Hide Android applications in imagesAnge Albertini
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUMohit Rampal
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsAditya K Sood
 
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...Aditya K Sood
 
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014viaForensics
 
Via forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linuxVia forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linuxviaForensics
 
One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got StolenOne Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got StolenOpenDNS
 
Cyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptCyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptMohit Rampal
 
Blackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream PresentationBlackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream PresentationOpenDNS
 
Shodan- That Device Search Engine
Shodan- That Device Search EngineShodan- That Device Search Engine
Shodan- That Device Search EngineInMobi Technology
 
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...Aditya K Sood
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?anupriti
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...Aditya K Sood
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...arnaudsoullie
 
Android– forensics and security testing
Android– forensics and security testingAndroid– forensics and security testing
Android– forensics and security testingSanthosh Kumar
 

Destacado (18)

sebis research profile
sebis research profilesebis research profile
sebis research profile
 
Hide Android applications in images
Hide Android applications in imagesHide Android applications in images
Hide Android applications in images
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSU
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android Infections
 
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
 
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
 
Via forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linuxVia forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linux
 
One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got StolenOne Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen
 
Cyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptCyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-ppt
 
Blackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream PresentationBlackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream Presentation
 
M.Tech. Cyber Security & Incident Response
M.Tech. Cyber Security & Incident ResponseM.Tech. Cyber Security & Incident Response
M.Tech. Cyber Security & Incident Response
 
Shodan- That Device Search Engine
Shodan- That Device Search EngineShodan- That Device Search Engine
Shodan- That Device Search Engine
 
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
 
Android– forensics and security testing
Android– forensics and security testingAndroid– forensics and security testing
Android– forensics and security testing
 
Social Media at NASA, 2012 Edition
Social Media at NASA, 2012 EditionSocial Media at NASA, 2012 Edition
Social Media at NASA, 2012 Edition
 

Similar a Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensics-rsa-conference-2014

LinkedIn - Disassembling Dalvik Bytecode
LinkedIn - Disassembling Dalvik BytecodeLinkedIn - Disassembling Dalvik Bytecode
LinkedIn - Disassembling Dalvik BytecodeAlain Leon
 
Manish Chasta - Securing Android Applications
Manish Chasta - Securing Android ApplicationsManish Chasta - Securing Android Applications
Manish Chasta - Securing Android ApplicationsPositive Hack Days
 
Deep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UKDeep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UKJosé Paumard
 
Alternatives to Java for Android development
Alternatives to Java for Android developmentAlternatives to Java for Android development
Alternatives to Java for Android developmentttogrul
 
Null mumbai-Android-Insecure-Data-Storage-Exploitation
Null mumbai-Android-Insecure-Data-Storage-ExploitationNull mumbai-Android-Insecure-Data-Storage-Exploitation
Null mumbai-Android-Insecure-Data-Storage-ExploitationNitesh Malviya
 
Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011pundiramit
 
GDGSCL - Docker a jeho provoz v Heroku a AWS
GDGSCL - Docker a jeho provoz v Heroku a AWSGDGSCL - Docker a jeho provoz v Heroku a AWS
GDGSCL - Docker a jeho provoz v Heroku a AWSLadislav Prskavec
 
Mobile development in 2020
Mobile development in 2020 Mobile development in 2020
Mobile development in 2020 Bogusz Jelinski
 
Alternatives to Java for Android development
Alternatives to Java for Android developmentAlternatives to Java for Android development
Alternatives to Java for Android developmentttogrul
 
Toğrul Tağıyev - Müxtəlif dillərdə Android proqramlaşdırma
Toğrul Tağıyev - Müxtəlif dillərdə Android proqramlaşdırmaToğrul Tağıyev - Müxtəlif dillərdə Android proqramlaşdırma
Toğrul Tağıyev - Müxtəlif dillərdə Android proqramlaşdırmaFarhad
 
Toğrul Tağıyev - Müxtəlif dillərdə Android proqramlaşdırma
Toğrul Tağıyev - Müxtəlif dillərdə Android proqramlaşdırmaToğrul Tağıyev - Müxtəlif dillərdə Android proqramlaşdırma
Toğrul Tağıyev - Müxtəlif dillərdə Android proqramlaşdırmaFarhad
 
Optimizing Spring Boot apps for Docker
Optimizing Spring Boot apps for DockerOptimizing Spring Boot apps for Docker
Optimizing Spring Boot apps for DockerGraham Charters
 
An Introduction To Android
An Introduction To AndroidAn Introduction To Android
An Introduction To Androidnatdefreitas
 
Very Early Review - Rocket(CoreOS)
Very Early Review - Rocket(CoreOS)Very Early Review - Rocket(CoreOS)
Very Early Review - Rocket(CoreOS)충섭 김
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Dasnullowaspmumbai
 
2014 09 30_sparkling_water_hands_on
2014 09 30_sparkling_water_hands_on2014 09 30_sparkling_water_hands_on
2014 09 30_sparkling_water_hands_onSri Ambati
 

Similar a Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensics-rsa-conference-2014 (20)

LinkedIn - Disassembling Dalvik Bytecode
LinkedIn - Disassembling Dalvik BytecodeLinkedIn - Disassembling Dalvik Bytecode
LinkedIn - Disassembling Dalvik Bytecode
 
Manish Chasta - Securing Android Applications
Manish Chasta - Securing Android ApplicationsManish Chasta - Securing Android Applications
Manish Chasta - Securing Android Applications
 
Core Android
Core AndroidCore Android
Core Android
 
Deep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UKDeep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UK
 
Alternatives to Java for Android development
Alternatives to Java for Android developmentAlternatives to Java for Android development
Alternatives to Java for Android development
 
Null mumbai-Android-Insecure-Data-Storage-Exploitation
Null mumbai-Android-Insecure-Data-Storage-ExploitationNull mumbai-Android-Insecure-Data-Storage-Exploitation
Null mumbai-Android-Insecure-Data-Storage-Exploitation
 
Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011
 
Getting Native with NDK
Getting Native with NDKGetting Native with NDK
Getting Native with NDK
 
GDGSCL - Docker a jeho provoz v Heroku a AWS
GDGSCL - Docker a jeho provoz v Heroku a AWSGDGSCL - Docker a jeho provoz v Heroku a AWS
GDGSCL - Docker a jeho provoz v Heroku a AWS
 
Apache cordova
Apache cordovaApache cordova
Apache cordova
 
Mobile development in 2020
Mobile development in 2020 Mobile development in 2020
Mobile development in 2020
 
Alternatives to Java for Android development
Alternatives to Java for Android developmentAlternatives to Java for Android development
Alternatives to Java for Android development
 
Toğrul Tağıyev - Müxtəlif dillərdə Android proqramlaşdırma
Toğrul Tağıyev - Müxtəlif dillərdə Android proqramlaşdırmaToğrul Tağıyev - Müxtəlif dillərdə Android proqramlaşdırma
Toğrul Tağıyev - Müxtəlif dillərdə Android proqramlaşdırma
 
Toğrul Tağıyev - Müxtəlif dillərdə Android proqramlaşdırma
Toğrul Tağıyev - Müxtəlif dillərdə Android proqramlaşdırmaToğrul Tağıyev - Müxtəlif dillərdə Android proqramlaşdırma
Toğrul Tağıyev - Müxtəlif dillərdə Android proqramlaşdırma
 
Optimizing Spring Boot apps for Docker
Optimizing Spring Boot apps for DockerOptimizing Spring Boot apps for Docker
Optimizing Spring Boot apps for Docker
 
An Introduction To Android
An Introduction To AndroidAn Introduction To Android
An Introduction To Android
 
Very Early Review - Rocket(CoreOS)
Very Early Review - Rocket(CoreOS)Very Early Review - Rocket(CoreOS)
Very Early Review - Rocket(CoreOS)
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
 
2014 09 30_sparkling_water_hands_on
2014 09 30_sparkling_water_hands_on2014 09 30_sparkling_water_hands_on
2014 09 30_sparkling_water_hands_on
 
Reverse Engineering Android Application
Reverse Engineering Android ApplicationReverse Engineering Android Application
Reverse Engineering Android Application
 

Último

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jisc
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxDr. Ravikiran H M Gowda
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxPooja Bhuva
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxUmeshTimilsina1
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...Amil baba
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 

Último (20)

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 

Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensics-rsa-conference-2014

  • 1. SESSION ID: Beginners Guide to Reverse Engineering Android Apps STU-W02B Pau Oliva Fora Sr. Mobile Security Engineer viaForensics @pof
  • 2. #RSAC Agenda  Anatomy of an Android app  Obtaining our target apps  Getting our hands dirty: reversing the target application  Demo using Santoku Linux 2
  • 3. Anatomy of an Android app
  • 4. #RSAC Anatomy of an Android app  Simple ZIP file, renamed to “APK” extension  App resources  Signature  Manifest (binary XML) 4
  • 6. #RSAC Getting the APK from the phone  Backup to SD Card:  APKOptic  Astro file manager  etc… 6
  • 7. #RSAC Getting the APK from the phone  Using ADB (Android Debug Bridge):  adb shell pm list packages  adb pull /data/app/package-name-1.apk 7
  • 8. #RSAC Downloading the APK from Google Play  Using unofficial Google Play API:  https://github.com/egirault/googleplay-api  Using a web service or browser extension:  http://apps.evozi.com/apk-downloader/  http://apify.ifc0nfig.com/static/clients/apk-downloader/ 8
  • 9. #RSAC Downloading the APK from Google Play  Using unofficial Google Play API:  https://github.com/egirault/googleplay-api  Using a web service or browser extension:  http://apps.evozi.com/apk-downloader/  http://apify.ifc0nfig.com/static/clients/apk-downloader/ 9
  • 10. Getting our hands dirty: reversing the target application
  • 12. #RSAC Apktool  apktool - https://code.google.com/p/android-apktool/  Multi platform, Apache 2.0 license  Decode resources to original form (and rebuild after modification)  Transforms binary Dalvik bytecode (classes.dex) into Smali source 12
  • 14. #RSAC Decompiling – Java Decompiler DEX JAR JAVA 14
  • 15. #RSAC Dex2Jar  dex2jar - https://code.google.com/p/dex2jar/  Multi platform, Apache 2.0 license  Converts Dalvik bytecode (DEX) to java bytecode (JAR)  Allows to use any existing Java decompiler with the resulting JAR file 15
  • 16. #RSAC Java Decompilers  Jd-gui - http://jd.benow.ca/  Multi platform  closed source  JAD - http://varaneckas.com/jad/  Multi platform  closed source  Command line  Others: Dare, Mocha, Procyon, … 16
  • 17. #RSAC Decompiling – Android (Dalvik) decompiler DEX JAVA 17
  • 18. #RSAC Dalvik Decompilers  Transforming DEX to JAR looses important metadata that the decompiler could use.  Pure Dalvik decompilers skip this step, so they produce better output  Unfortunately there are not as many choices for Android decompilers as for Java decompilers:  Open Source: Androguard’s DAD - https://code.google.com/p/androguard/  Commercial: JEB - http://www.android-decompiler.com/  Others? 18
  • 20. #RSAC Demo – Santoku Linux  Santoku Linux - https://santoku-linux.com/  Mobile Forensics  Mobile Malware analysis  Mobile application assessment 20
  • 21. #RSAC Summary  APK files are ZIP files, can be extracted with any unzip utility  Apktool helps extracting binary resources, and allows repacking  Dex2jar converts Dalvik Bytecode to Java Bytecode  Pure Android decompilers are better  Santoku Linux has all the tools you need to reverse engineering mobile apps 21
  • 22. #RSAC Q&A | Contact | Feedback  Thanks for listening…  @pof  github.com/poliva  poliva@viaforensics.com 22