Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Reverse engineering android apps

38 views

Published on

Slides for the CSPC 2018 march chapter
https://udnisap.js.org/talks.html

Published in: Technology
  • Be the first to like this

Reverse engineering android apps

  1. 1. Smartphone app security Pasindu Perera
  2. 2. How to hack phones?
  3. 3. apps How to hack phones?
  4. 4. Applications are compiled
  5. 5. Android Application Java Source code Smali Java Byte code (dalvik)
  6. 6. Motivation ● Translate apps ● Security Research (Malware) ● Unlock Perks / Unlock features ● Piracy ● Steal Intellectual Property ● Backdoors
  7. 7. Tools 1. Apk Tool 2. Jarsigner -- comes standard with Java 3. Metasploit 4. Simplify
  8. 8. Exploit 1 Level hack / Feature hack
  9. 9. ● Open source ● Lots of known exploits ● Keep Access ● Use as a hub ● Use features in the victim
  10. 10. Exploit 2 Inject a backdoor into an application
  11. 11. Tool ● Decompile both the exploit and the original apks ● Random renaming of exploit file names ● Inject the meterpreter into the original apk ● Pack the original ● Sign
  12. 12. Meterpreter features Anything an app can do ● Record Audio ● Record Video ● Take screenshots ● Steal passwords ● Impersonate SMS ● Read call / sms logs
  13. 13. How to be aware ● Only use app store to download apps ● Use only the apps that are well known ● Look at their permissions before installing ● Use sandboxing techniques to try out applications
  14. 14. Q&A

×