• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Reverse engineering and instrumentation of android apps
 

Reverse engineering and instrumentation of android apps

on

  • 1,328 views

Our product (Little Eye Labs) is a performance monitoring and optimization tool for Android apps. ...

Our product (Little Eye Labs) is a performance monitoring and optimization tool for Android apps.

We wanted to expose detailed network usage information from the app, and we explored binary instrumentation as a way to do this.

The presentation covers many learnings from the process - what are different reverse engineering tools on android, which ones specifically help with instrumentation, and a link to some of the source code from this process.

Statistics

Views

Total Views
1,328
Views on SlideShare
1,315
Embed Views
13

Actions

Likes
1
Downloads
21
Comments
0

1 Embed 13

https://twitter.com 13

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Reverse engineering and instrumentation of android apps Reverse engineering and instrumentation of android apps Presentation Transcript

    • Reverse engineering and instrumenting android apps Gaurav Lochan Little Eye Labs Friday 13 December 13
    • Outline Motivation? Instrumentation Guts of an android app Instrumentation approaches Chosen approach Friday 13 December 13
    • Motivation? Little Eye Measures, Analyzes and helps optimize app resource usage on Android. But network stats are aggregates only Friday 13 December 13
    • Motivation (2) Needed granular network stats - each endpoint/URL, Latency, Data transferred Considered different approaches Implement a VPN client app Use a proxy Looked at OS stats - didn’t find anything Java debug wire protocol (JDWP) Instrumentation Friday 13 December 13
    • Instrumentation ie, Rewriting parts of a binary (in this case, android app) Allows us to intercept HTTP calls, with code-level context (parameters, errors) for each call Works on any app Works on practically any android version/device Opens up a lot of exciting possibilities... Friday 13 December 13
    • Instrumentation (2) Can be: Static or Runtime Examples Android Traceview (startMethodTracing) Android test automation framework iOS instruments Purify (Rational / IBM) JVM -javaagent option AspectJ Friday 13 December 13
    • Guts of an app Friday 13 December 13
    • classes.dx Dalvik is the custom android VM (different from JVM) Dex = Dalvik EXecutable format. It’s a custom bytecode format designed for android Build process: compile .java code into .class files dx converts each .class file into .dx representation, and stores them in the single classes.dx all ref’d library code also goes into classes.dex Friday 13 December 13
    • Reverse engineering tools Smali (by JesusFreke) - dex disassembler ApkTool - decodes resources, repackage app dex2jar - disassembles dex to .class format JD-GUI - Decompiles .class into .java Androguard - Tool for deep analysis of android app ApkAnalyzer - Tool for analysis of app, also supports instrumentation of the app. Friday 13 December 13
    • Smali: Before Friday 13 December 13
    • Smali: After Friday 13 December 13
    • Androguard Friday 13 December 13
    • ApkAnalyzer Friday 13 December 13
    • Instrumentation Approaches Explored the following approaches on android Runtime Instrument .class files during build process Instrument .dex file Friday 13 December 13
    • Runtime instrumentation A JVM allows this - pass in a java.lang.instrumentation (using the -javaagent flag) which can transform class at class-load time Dalvik doesn’t support this It supports passing in a android.app.instrumentation, but that has a limited set of methods, mostly for automated testing Friday 13 December 13
    • Instrumenting .class files Considered modifying .class files, in two ways: Using the JavaAssist tool/library AspectJ Both are well understood tools, but need to be done at build time Requires a process change, plus not all of our users have access to the build (e.g. 3rd party QA team) Friday 13 December 13
    • Instrumenting .dex file Found some tools - none of these looked solid enough dexpler - research project redexer - research project apkil - google summer of code project Tried dex2jar to convert .dx into .class - but this is not a reliable method. Fine for reading code (skip the failed conversions), but not for this use case. Friday 13 December 13
    • Instrumenting .dex file (2) Smali A simple tool that decompiles the .dx into an intermediate format (also known as smali) This is well-used (e.g. ApkTool, ApkAnalyzer, and apkil use it) Active project, well supported by JesusFreke I disassemble an app, modified the smali code, and reassembled and repackaged, and it just worked! Friday 13 December 13
    • Automating instrumentation Challenges: Need a way to find all the appropriate calls in the app to replace Need to do it without side-effects. Tried many approaches, JesusFreke pointed me to MutableMethod which did what i needed Called my approach Umbreyta (icelandic for transform). https://github.com/LittleEyeLabs/smali Friday 13 December 13
    • Voila! Friday 13 December 13