Decompiling Android Workshop

907 views

Published on

Reverse Engineering APKs workshop at the Detroit Google DevFest Mar 2013

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
907
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
31
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Decompiling Android Workshop

  1. 1. Godfrey Nolan
  2. 2. Easy access to APKsAPK designSame trailer, different park
  3. 3. sdcardRooting phoneDownload from forums
  4. 4. Identify and protect sensitive data on the mobile deviceHandle password credentials securely on the deviceEnsure sensitive data is protected in transitImplement user authentication, authorization and sessionmanagement correctlyKeep the backend APIs (services) and the platform (server) secureSecure data integration with third party services and applicationsPay specific attention to the collection and storage of consent forthe collection and use of the user’s dataImplement controls to prevent unauthorized access to paid-forresources (wallet, SMS, phone calls etc.)Ensure secure distribution/provisioning of mobile applicationsCarefully check any runtime interpretation of code for errors
  5. 5. Download an APK adb pull /data/app/Dashboard.apkUnzip APKDisassemble an APK apktool d Dashboard.apkDecompile an APK dex2jar.bat Dashboard.apk, open in JD-GUISQLite investigation adb backup –noapk Dashboard.apk java –jar abe.jar unpack backup.ab backup.tar
  6. 6. https://code.google.com/p/dex2jar/http://java.decompiler.free.fr/?q=jdguihttp://www.netmite.com/android/mydroid/dalvik/docs/dex-format.htmlhttp://www.netmite.com/android/mydroid/dalvik/docs/instruction-formats.htmlhttps://code.google.com/p/android-apktool/http://sourceforge.net/projects/adbextractor/files/http://www.sweetscape.com/010editor/http://sqlitebrowser.sourceforge.net/
  7. 7. Giveaway
  8. 8. http://www.decompilingandroid.com@decompilinggodfrey@riis.comhttp://www.riis.com

×