Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Analysis of android apk using adhrit by Abhishek J.M

435 views

Published on

Analysis of android apk using adhrit by Abhishek J.M

Published in: Software
  • Be the first to comment

Analysis of android apk using adhrit by Abhishek J.M

  1. 1. Team bi0s Amrita Center for Cybersecurity, Amritapuri Analysis of Android APK using Adhrit Abhishek J M bi0s | Cysinfo
  2. 2. Team bi0s Amrita Center for Cybersecurity, Amritapuri self.me /> → Android security aficionado → Member @ Team bi0s | Cysinfo → CTF enthusiast → Open source love! → Workshops - CTFs - Meetups - Sleep → From Amrita Vishwa Vidyapeetham and India’s #1 CTF team.
  3. 3. Team bi0s Amrita Center for Cybersecurity, Amritapuri Really? Android Security? But, Why?
  4. 4. Team bi0s Amrita Center for Cybersecurity, Amritapuri Source: businesstoday.in Source: zdnet.com
  5. 5. Team bi0s Amrita Center for Cybersecurity, Amritapuri
  6. 6. Team bi0s Amrita Center for Cybersecurity, Amritapuri Issues? → High obfuscation == Bouncer escape → Third-party sources with malwares → Benign vs masked-benign → Write it in C++, and leave them miles behind from analysis → Just applications? How about 3xpl0its?
  7. 7. Team bi0s Amrita Center for Cybersecurity, Amritapuri What Next?
  8. 8. Team bi0s Amrita Center for Cybersecurity, Amritapuri Motivation → Make a thorough analysis process → Automate redundant tasks → Have the freedom to render intermediate results manually → Extract only as much as needed → Easy tailoring
  9. 9. Team bi0s Amrita Center for Cybersecurity, Amritapuri Adhrit CTFs | Analysis
  10. 10. Team bi0s Amrita Center for Cybersecurity, Amritapuri The APK Lifecycle
  11. 11. Team bi0s Amrita Center for Cybersecurity, Amritapuri Reminder! .java R.java res/* Manifest javac .jar classes.dex dx Manifest bin aapt
  12. 12. Team bi0s Amrita Center for Cybersecurity, Amritapuri What Is This? → Adhrit is an open source Android APK reversing and analysis tool that can help security researchers and CTF enthusiasts alike → An effort to simplify the reversing and analysis process → Long-term and subject to continual updation → Built with many little wonderful open source libraries and tools <3 → Isolated tools from Android SDK → Open source and licensed under GPLv3 →
  13. 13. Team bi0s Amrita Center for Cybersecurity, Amritapuri What Can It Do? → Extract source in both Java and smali → Extract manifest details → Check for malware footprints → Check for native libraries → Dump the disassembly of the shared objects/libraries → Check for simple bytecode injections → Extract certificate details
  14. 14. Team bi0s Amrita Center for Cybersecurity, Amritapuri Demo
  15. 15. Team bi0s Amrita Center for Cybersecurity, Amritapuri Where Can I Use It? (examples) → Certificate unipinning → Simple edits in the APK. (Bytecode injections) → A quick overview of the APK → Check if it’s already on malware databases → Reusage of the isolated tools (saves a lot of time!)
  16. 16. Team bi0s Amrita Center for Cybersecurity, Amritapuri Precisely For? → APK reversing beginners → Reversing enthusiasts with minimal requirements → Intermediate results → CTFs → Malware analysis
  17. 17. Team bi0s Amrita Center for Cybersecurity, Amritapuri Season 2 → Dynamic analysis → More specific pattern searches (URL, API keys etc.) → SSL pinning identification → Log dive → MonkeyRunner to simulate clicks → Network connection dump → Suggestions always welcome :)
  18. 18. Team bi0s Amrita Center for Cybersecurity, Amritapuri References → github.com/abhi-r3v0/Adhrit → blog | bi0s → Dissecting Google Bouncer → Smali Code Injection

×