1 / 14

Reverse Engineering on Android

Reverse Engineering on Android. Canh Le My 2014.08.11. AGENDA. Motivation Android app packing How android execute your application Available tools Demonstration. Motivation. Bright side: How to secure your app Dark side: Learn about an application

hedva
Download Presentation

Reverse Engineering on Android

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Reverse Engineering on Android Canh Le My 2014.08.11

  2. AGENDA • Motivation • Android app packing • How android execute your application • Available tools • Demonstration

  3. Motivation • Bright side: • How to secure your app • Dark side: • Learn about an application • Modification and its innumerous purposes • Today’s talk.

  4. Android app packing • Apk • Jar/Zip file • Containmetadata • Manifest • Certificates • Layouts • Containcode • classes.dex • jars • native libraries • Containresources/assets

  5. How android execute your app • /data/app/package-name-<certificate-index>.apk

  6. How android execute your app • Dalvik

  7. How android execute your app • Smali

  8. Available tools • Apktool • https://code.google.com/p/android-apktool/ • Apache license 2.0 • Decompile and Recompile apk file • Decoding resources to nearly original form (including resources.arsc, XMLs and 9.png files) and rebuilding them. • Baksmali: Classes.dex→ smali files • Smali: Classes.dex← smali files • But smali code is hard to read?

  9. Available tools • Dex2jar • https://code.google.com/p/dex2jar/ • classes.dex→ jar file contains *.class • Decompile tools • jd-gui: not support try-catch, java 5+ • jad: no longer maintained • Procyon / Java Decompiler← the best choice • https://bitbucket.org/mstrobel/procyon

  10. Demonstration • We can use freedom to bypass IAP, but not always success • http://system.in-appstore.com/freedom/ • Expense Manager • https://play.google.com/store/apps/details?id=at.markushi.expensemanager • Freedom works, but it will lock premium features again after a day. • So, lets see what can we do…

  11. Demonstration 2 • Practice English Grammar • https://play.google.com/store/apps/details?id=com.testsstore.app.peg0 • Freedom does NOT work. • So, lets see…

  12. Demonstration 3 • Money Lover • https://play.google.com/store/apps/details?id=com.testsstore.app.peg0 • Freedom works perfectly… but you can do a try.

  13. Q&A

  14. THANK YOU!

More Related