This document provides an overview of reversing Android applications. It discusses the Android security model including permissions and ARM TrustZone. It describes real world Android malware like ransomware and data stealing malware. The structure of an Android APK file is explained including the dex, resources, libraries and manifest. Tools for analyzing APKs are introduced, like APKTool for decompiling and Dex2Jar for extracting dex files. The document demonstrates decompiling an APK and analyzing the smali code. It provides a glossary of related terms and references for further reading.

1. Dissecting Android APK
Reversing Android applications

2. /> self.me
- Final year undergraduate student at Amrita University, Amritapuri
- Love Android !
- Currently researching on Android security
- Play CTFs as a part of team bi0s

3. bi0s

4. Index
- Why Android ?
- Android security implementations and issues
- Real world Android malwares
- Reversing Android apps
- Structure of an APK
- Analyzing the contents

5. Why Android ?
The Tale of Triumph
Open source - power to you!
User-friendly
Most used - more developers

6. Mobile OS Global Market Share 2016

7. Android security
- Sandboxing
- Permissions
- ASLR since Android 4.0 ICS
- ARM TrustZone
Implementations

8. Permissions

9. ARM TrustZone

10. Are we at risk ?

11. Issues - Malwares
- Ransomwares
- Exploits

12. Real world Android malwares

13. AccuTrack :
Turns an Android device into a GPS tracker
AckPost :
Steals contact information from the device and sends it to a remote server
BackFlash / Crosate :
Installs as a fake Flash plugin, registers as a Device administrator, and steals sensitive data
BankBot :
Particularly aims at stealing bank account information from dedicated apps
DroidDeluxe :
Exploits the device to gain root privilege and then modifies access permission of database files
and collects account information

14. APK
Android package : APK
Zip file with .apk extension
Playstore, Amazon Appstore, F-Droid
Java + res + XML + Libs
Android PacKage

15. Making of an APK

16. Reversing Android apps
Tools and Methodologies

17. APKTOOL
Reversing APKs
- Compile/decompile apps
- Smali code
- To modify apps

18. Structure of an APK

19. assets - all the unmodified app contents
AndroidManifest.xml - Generic; The app-map
classes.dex - Java files’ package. The Dalvik executable [ yeah! the source ]
res - All the resources ( drawables, icons, values )
lib - External/custom native libraries
Resources.asrc - Compiled resources / binaries
META-INF - Certificates

20. Dalvik / ART
→ JVM redefined
→ Dalvik until 4.4.4 Kitkat. ART from 5.0 Lollipop
→ Executes dex
→ Dalvik - JIT, ART - AOT

21. DEX
Dalvik Executable
> Dalvik’s bytecode
> java classes
> Easy to debug

22. Tools

23. ADB
Android Debug Bridge
- Android tool
- Drop shells, files
- Access partitions
- Install applications

24. Dex2Jar
The source
- Small in size
- Any platform
- Extracts compiled classes out of the dex
- Easy to use

25. Demo

26. Workaround ? → Check permissions
→ Trusted app sources
→ Use ‘ anti-malware ’ apps

27. Glossary
- aapt : Android Asset Packaging Tool.
- dex : Dalvik executable.
- dx : Tool within the Android SDK used to convert the jar files into dex files.
- R.java : A class with static methods to reference all the resources.

28. In-depth Introduction to Android Permission Model
Android Internals by Karim Yaghmour
Logcat Security Issue
Dalvik and ART
Dex2jar, ADB, APK Tool
DexGuard obfuscator
Dalvik opcodes
OWASP Seraphimdroid
References

29. Thank You