LINE Game Security II by AIR ARMOR Chung Sang Min 20180405

•

1 like•438 views

In the 2nd lecture, several technological factors that LINE considered for mobile client protection and difficulties during development and operation and the solutions on them will be explained.

Mobile

Who should you fight?
Abuser, Cheater, Reverser, Hacker, …

No, security solution vs abuser.
Do not trust security solutions.
There is no complete security solution.
Developer vs Abuser

Abusers among Abusers
Hacker
Manageable Hobby, Interest, Beginner
Business

Find exceptional situation (bug).
Network, Time
Scanning Phase

Combine
Bypass Hide
Xposed + Xline Bypasser + xLINE Games + GameGuardian

Outside
File
Crypto
Network
TLS
Resource
Validation
Bug
Test
Interesting

Inside
Binary
?
Binary
?
Binary
?
Binary
?
Boring

IDA, JEB, Cydia Substrate, Xposed, FRIDA, apktool, dex2jar, HexRay ...
Symbol, Constant, Debug Info, Swizzling, Hooking, Vulnerability, …
Binary == Code

User(= abuser) friendly secure environment,
Permission, Private API, Identification, Serial, MAC
Sandboxing

Platform Version,
armeabi, armeabi-v7a, arm64-v8a, x86, x86_64, mips, mips64
Supporting Target

x86 s/w emulator,
Intel, ASUS, Taiwan
libhoudini.so

Dalvik, ART, App thinning , bitcode, …
Jailbreak is a threat,
Rooting is not a threat, Thailand
iOS vs Android

PoC, Rough, Aggressive, Experimental, ...
Crash? No problem!

Custom Encoder, Mix Table, Rotate Byte
Make Custom Encoder

WebViewClient onReceivedSslError
WebViewClient

Try something and Try something,
Try something again, still Try something,
Try again the next day, Try again the next week,
Try so on.
Hacker Mentality

Similar to LINE Game Security II by AIR ARMOR Chung Sang Min 20180405

How AI used in cybersecurity

ArjitDas2

CrowdSec - Smart Money Round deck

CrowdSec

Learn how MongoDB on LinuxONE and IBM Cloud Hyper Protect Services can be used to manage highly sensitive and confidential data – pervasively encrypting and securing your environments, consolidating thousands of database instances while serving hundreds of billions of queries a day. At the end of this session you will better understand how managing and scaling large amounts of critical business data can be achieved easily with automatic pervasive encryption of code and data in-flight and at-rest. If you're a Developer, Architect, DBA or a Business Stakeholder, and your organization is using or planning to use MongoDB on-premise or in the cloud, this session will help you to gain insights into the best way to run MongoDB to keep your business safe and scaling holistically.

MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically...

MongoDB

MIKE SHEMA Effective appsec emerges from DevSecOps tactics like feedback loops, automation, and the flexibility to respond to situations quickly. These tactics emphasize process and tools, sometimes neglecting the knowledge and skills of working with others to build and maintain apps. And the solutions they strive for don’t always catch the importance of how different users can have different threat models. On the technology side of appsec we have clouds, top 10 lists, and tools. But we haven’t built up equivalent resources, references, or models for the people we build apps with and who we build them for. This presentation dives into specific techniques and references for working with people and building threat models that go beyond basic technical concerns. Tabletop role-playing games are a great model for understanding and building skills that are important to DevSecOps teams. They encourage communication, collaboration, and the achievement of shared goals. And they also face the same challenges in solving conflicts, avoiding derailing behaviors, and ensuring everyone participates. Come discover how RPGs can positively influence your security teams. Security is an integral part of DevSecOps. And, yes, it’s made of people.

DevSecCon London 2018: Building effective DevSecOps teams through role-playin...

DevSecCon

Mobile Game Hacking: Defense Against the Dark Arts | James Ahn

Jessica Tams

ShadyRAT: Anatomy of targeted attack

Vladyslav Radetsky

Intro to Android, IOT, Hacking & Web Designinng

I am Cipher

Ransomware is a type of malware that prevents or restricts user from accessing their system, either by locking the system's screen or by locking the users' files in the system unless a ransom is paid. More modern ransomware families, individually categorize as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through online payment methods to get a decrypt key. The analysis shows that there has been a significant improvement in encryption techniques used by ransomware. The careful analysis of ransomware behavior can produce an effective detection system that significantly reduces the amount of victim data loss.

A comprehensive survey ransomware attacks prevention, monitoring and damage c...

RSIS International

A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...

AshishDPatel1

A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...

RSIS International

2. Cyber Intelligence in online gambling final

MARIUS EUGEN OPRAN

Ethi mini - ethical hacking

Being Uniq Sonu

Oh... that's ransomware and... look behind you a three-headed Monkey

Stefano Maccaglia

SecTor '09 - When Web 2.0 Attacks!

Rafal Los

Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...

HITCON GIRLS

E security and payment 2013-1

Abdelfatah hegazy

Webinar: Securing Mobile Banking Apps

Wultra

DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence

Andris Soroka

Do you think your home-based enterprise is too small to attract attention of hackers and cyber criminals? A hacker would be sitting behind you and follow your password over your shoulder as you are using a public Wi-Fi at Starbucks! Did you know that a pacemaker could be hacked to get personal and medical information to exploit against you for vandalism or monetary gain? The more you are unsuspecting and off-the-guard, the more you are prone to fall prey to devious schemes of cyber attacks. That’s why we created this presentation to present you everything you need to know to detect signs of cyber attacks including - all possible risks of cyber attacks - what’s your chances of getting hit by a hacker, - who is targeting you - What hackers can do? - what type of information they are trying to steal - Are you an Instagram addict? Get to know how your favorite social networking sites and other web-based services are exposing you to hackers - Different types of cyber attacks - Different types of baits, techniques and tools used by hackers - How each type of cyber attacks works - Do you know group of password crackers are at work in cracking your netbanking password? Check out if your password is strong and hard to crack - What tools are they using to crack your password? - How to verify all those banking email communications are NOT FROM YOUR BANK, but cyber attackers? Look out for these signs to distinguish between a phishing and a genuine email message. - Are you choosing the right browser? Is your browser a staple target of hackers – here is how to choose the right browser before you get online - Is your router doubling as a gateway for hackers to pass your information? Here is how to spot and prevent cyber attacks carried out through the router - How to identify if you are opening a genuine or fake website? Here is how you can safeguard yourself before revealing your personal or financial data on a genuine-looking fake website. And many more scary facts and trends of cyber attacks covered in this presentation which can be a small handy 101 guide to keep you alert and safe online. In addition to the information and tips, we have a powerful and really effective tool to help you dodge and combat against hackers as you use Internet. If you needed an active watchdog to monitor, block and guard you from all types of online malicious activities in the background, then you cannot possibly give this a miss to find the best online safety partner for you. Surf through the slides to find out everything you need to know and never thought you actually need… and let us know what you think. We are waiting!

You think you are safe online. Are You?

TechGenie

There is no debate that companies large or small are more or less have put a lot of efforts in protect digital security and privacy with “best practice” recommendations, often use solutions from branded security vendors or built by best in-house/outsourced experts, yet they are falling prey of cyber and insider attacks, because “compliance” or “best practice” do not equal to security. The reality has shown us that traditional security approaches have fall behind the increased system complexity and advanced technical capabilities that have been mastered by adversaries. The key weakness in our security defenses lies with the weakness of digital identities systems have been used to authenticate users (no system could defends against attacker impersonates legitimate user); follow by inability to validate the authenticity and integrity of communication (If attacker can temper with the data freely, then no need to crack the one time password) and finally incapable of protecting information from unauthorized accesses in an event of inevitable security breach because unknown system or application security vulnerabilities. FrontOne’s information security solution addresses all security weakness listed above: First, FrontOne uses its own digital identity that is harden to withstand advanced hackers using sophisticated real time attacks and help all its users from falling prey of identity thieves from phishing and malware attacks at client side to advanced persistent threats at the server side, because FrontOne’s digital identity is dynamic and non-transferable. Second, FrontOne provides 100% message integrity by using dedicated and destination aware messaging system and ensure each and every message is completely unique; reducing the chance of attackers from being able to identifying and manipulating it for their benefit. Finally, FrontOne uses its own method of protecting information at rest, in transit or in use, by focusing our innovation at the security and integrity of encryption key while using industry standardized cryptography. FrontOne’s user centric data protection solution uses dual control for its encryption keys. Random encryption key is protected with security key that has two parts, one part from the client side and other from the centralized key server. This arrangement ensures that access to protected data is available with the presence of the user device of the authorized user. The security approaches FrontOne have taken above are further strengthened with its own patented technologies that introduce a dynamic element is each and every message and transaction, mutually authenticate both parties before a request is served and providing user with ultimate control that is not accessible digitally.

FrontOne our new and different solutions

frontone

Similar to LINE Game Security II by AIR ARMOR Chung Sang Min 20180405 (20)

How AI used in cybersecurity

CrowdSec - Smart Money Round deck

MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically...

DevSecCon London 2018: Building effective DevSecOps teams through role-playin...

Mobile Game Hacking: Defense Against the Dark Arts | James Ahn

ShadyRAT: Anatomy of targeted attack

Intro to Android, IOT, Hacking & Web Designinng

A comprehensive survey ransomware attacks prevention, monitoring and damage c...

A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage ...

2. Cyber Intelligence in online gambling final

Ethi mini - ethical hacking

Oh... that's ransomware and... look behind you a three-headed Monkey

SecTor '09 - When Web 2.0 Attacks!

Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...

E security and payment 2013-1

Webinar: Securing Mobile Banking Apps

DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence

You think you are safe online. Are You?

FrontOne our new and different solutions

LINE Game Security II by AIR ARMOR Chung Sang Min 20180405

1. LINE Game Security Mobile Client Protect By AIR ARMOR Lead Sang Min, Chung 20180405

2. LINE Game Security Mobile Client Protect Sang Min, Chung April 2018

3. Who should you fight? Abuser, Cheater, Reverser, Hacker, …

4. No, security solution vs abuser. Do not trust security solutions. There is no complete security solution. Developer vs Abuser

5. Abusers among Abusers Hacker Manageable Hobby, Interest, Beginner Business

6. Business Distribution Community

7. Hacking Steps Abusing

8. Find exceptional situation (bug). Network, Time Scanning Phase

9. Combine Bypass Hide Xposed + Xline Bypasser + xLINE Games + GameGuardian

10. Outside File Crypto Network TLS Resource Validation Bug Test Interesting

11. Time-consuming Reversing Phase

12. Inside Binary ? Binary ? Binary ? Binary ? Boring

13. IDA, JEB, Cydia Substrate, Xposed, FRIDA, apktool, dex2jar, HexRay ... Symbol, Constant, Debug Info, Swizzling, Hooking, Vulnerability, … Binary == Code

14. Symbols and Focus No time-consuming

15. Difficulty by Difference Disadvantage

16. User(= abuser) friendly secure environment, Permission, Private API, Identification, Serial, MAC Sandboxing

17. Platform Version, armeabi, armeabi-v7a, arm64-v8a, x86, x86_64, mips, mips64 Supporting Target

18. x86 s/w emulator, Intel, ASUS, Taiwan libhoudini.so

19. Dalvik, ART, App thinning , bitcode, … Jailbreak is a threat, Rooting is not a threat, Thailand iOS vs Android

20. PoC, Rough, Aggressive, Experimental, ... Crash? No problem!

21. Self-Defense catch_.me_.if_.you_.can_

22. How do we do? Security

23. Honeypot, Trap Detection, Obfuscation

24. Hunt Monitoring

25. Don’t request! Blocking != Security

26. Try to monitor Security == Management

27. Developers can do Symbols

28. Human-Readable, Printable Hide Symbols

29. No Base64 No! Base64

30. Use Local Variable Hide Strings

31. Use Local Variable Hide Strings

32. Custom Encoder, Mix Table, Rotate Byte Make Custom Encoder

33. Use Local Variable Use Stack

34. Use Byte Array Encode to Byte Array

35. dlopen, dlsym Dynamic Linking

36. Java Reflection

37. Jni RegisterNative No! Export JNI

38. Jni RegisterNative Register JNI

39. Sample Code Sample

40. Sample Code Sample

41. Sample Code Sample

42. Sample Code Sample

43. - Hide Variable

44. Common mistake leak

45. curl curl

46. X509TurstManager TrustManager

47. HostnameVerifier HostnameVerifier

48. WebViewClient onReceivedSslError WebViewClient

49. strncpy string.h

50. #define Log

51. Proguard Log

52. os_log Log

53. Closing Remark Developer vs Abuser

54. Try something and Try something, Try something again, still Try something, Try again the next day, Try again the next week, Try so on. Hacker Mentality

55. Remember it Anti-symbols

56. Check grep –rn ”.*” *

57. THANK YOU https://air.line.me/

LINE Game Security II by AIR ARMOR Chung Sang Min 20180405

Recommended

Recommended

More Related Content

Similar to LINE Game Security II by AIR ARMOR Chung Sang Min 20180405

Similar to LINE Game Security II by AIR ARMOR Chung Sang Min 20180405 (20)

LINE Game Security II by AIR ARMOR Chung Sang Min 20180405