Dmitry Matyukhin, profile picture
Uploaded byDmitry Matyukhin
PDF, PPTX4,209 views

Native code in Android applications

This document discusses using native code in Android applications. It covers compiling C/C++ code into native shared libraries (.so files) using the Android NDK, mapping native functions to Java using the Java Native Interface (JNI), and some performance and security considerations for using native code. Specifically, it addresses loading native libraries from Java, calling Java methods from native code, and accessing Java strings from native code using JNI functions.

Embed presentation

Download as PDF, PPTX
Native code in Android applications
My projects using NDK
Yumm Low memory overhead for image decoding
Hudriks Math cocos2d-x; cross-platform: iOS and Android
Secure Video Player Critical DRM code; cross-platform code (iOS/Android/Linux/OS X/Windows); high-performance
Overview
Your Java Application Java code /libs/armeabi/ Android Runtime Core Libraries (Java) JVM (Dalvik) Libraries OpenSL ES SQLite OpenGL Linux Platform Media
Android NDK • Documentation • Toolchain - ndk-build, gcc/clang, gdbserver, … • NDK framework headers • Build system
NDK frameworks android-4 (1.6) • dl, zlib, math, log • OpenGL ES 1.x android-14 (4.0) android-5 (2.0) • OpenMAX OpenGL ES 2.0 android-8 (2.2) • • JNI Graphics - java Bitmaps on low level android-9 (2.3) • EGL • OpenSL ES - audio library • Native Applications - native activity, etc android-18 (4.3) • OpenGL ES 3.0
Compilation process source .c/.c++ .o .o objects compiler .o .o .o shared library linker .so static library .a (archive) .so .o .o .o
Application structure • jni/ (source code) • Android.mk • [Application.mk] • module1/ • • Android.mk libs/armeabi/libnative.so - compiled shared library
CPU specific • Application Binary Interface (ABI): • armeabi - at least ARMv5TE • armeabi-v7a - Thumb-2; VFP hardware FPU; NEON • x86 • mips • Application.mk: • APP_ABI := all • APP_ABI := armeabi armeabi-v7a
Java Native Interface
JNI in C and C++ #include <jni.h> C struct JNINativeInterface { jclass (*FindClass)(JNIEnv*, const char*); } typedef const struct JNINativeInterface* JNIEnv; ! JNIEnv* env; (*env)->FindClass(env, “classname”);
JNI in C and C++ C++ struct _JNIEnv { jclass FindClass(const char* name) { return functions->FindClass(this, name); } } ! JNIEnv* env; env->FindClass(“classname”);
Mapping native functions libnative.so Java.class - function_1() - function_1() - function_2() - function_2() - function_3() - function_3() - function_4() - function_4() - function_5() - function_5()
Mapping native functions .java public native static int testNative(int a, int b); .c jint Java_com_example_jnibasics_NativeDemo_testNative(JNIEnv *env, jclass obj, jint a, jint b) package name javah > javah com.example.jnibasics.NativeDemo
Mapping native functions jint RegisterNatives(JNIEnv *env, jclass clazz, const JNINativeMethod *methods, jint nMethods); typedef struct { char *name; char *signature; void *fnPtr; } JNINativeMethod; jint addVals(JNIEnv *env, jclass obj, jint a, jint b) {…}
Mapping native functions static JNINativeMethod sMethods[] = { {"testNative", "(II)I", (void*)addVals} }; jint JNI_OnLoad(JavaVM* vm, void* reserved) { JNIEnv *env = NULL; jclass klass; if((*vm)->GetEnv(vm, (void**)&env, JNI_VERSION_1_6) != JNI_OK) return -1; ! klass = (*env)->FindClass(env, “com/example/jnibasics/NativeDemo”);   (*env)->RegisterNatives(env, klass, gMethods, 1); ! return JNI_VERSION_1_6; }
Loading .so from Java static { static { System.loadLibrary("Dependency"); System.loadLibrary("JNIBasics"); System.loadLibrary("JNIBasics"); } } JNIBasics Dependency
Demo
References jobject gObject = NULL; ! void function(JNIEnv* jobject obj) { gObject = (*env)->NewGlobalRef(env, obj); } ! void finish(JNIEnv* env) { (*env)->DeleteGlobalRef(env, gObject); }
Calling Java methods from native jclass clz = (*env)->FindClass(env, “com/example/jnibasics/NativeDemo"); ! jmethodID method = (*env)->GetMethodID(env, clz, "methodName", “(II)Ljava/lang/String;"); ! jstring result = (*env)->CallObjectMethod(env, obj, method, 5, 6);
Accessing java strings jstring jstr; const char* str; ! str = (*env)->GetStringUTFChars(env, jstr, NULL); ! ... ! (*env)->ReleaseStringUTFChars(env, jstr, str);
Further reading • Attaching Java threads • Creating new Java objects from native code • Distinguish between virtual and non virtual methods • Exception handling • Accessing Java arrays
Using native code
Performance • Most applications don’t need native code! • Only for extensive calculations: games, rich media • Take advantage of NEON CPU instructions • Avoiding Java Garbage Collection
Cross-platform architecture platform dependant libraries (network, UI, etc) Application (Java/UIKit) platform independent code (no JNI) external interface (JNI/Objective-C)
Cross-platform examples VLC
Security
1. 2. 3. 4. Register as a developer (£60 per year) Add device UUID to dev account Generate Provisioning Profile Sign APK with developer’s certificate ! or Submit to Apple Store or Jailbreak device Binary is encrypted Decryption is on OS level Self-signed APK or not-signed at all Decompiled Objective C: Decompiled Java: class structures assembly code readable code
Demo DISCLAIMER: For educational purposes only; I’m not encouraging to hack somebody else’s applications;
Summary • Always obfuscate Java code! • Never save passwords, use session key or hash instead • Never keep encryption keys in clear data in memory • Keep all critical code in native
Further protection • Hide non-public symbols from .so files • Strip debug information into separate files • Expose only high-level APIs to Java
Tips • Debugging native code is tricky • • • Linux or OSX as dev platform Use ARM DS-5 Community Edition in Eclipse Android fragmentation • separate .so files for different version
Questions? Dmitry Matyukhin dmitry@fancygames.net

More Related Content

PPT
Android JNI
bySiva Ramakrishna kv
 
PPTX
Android ndk
byKhiem-Kim Ho Xuan
 
PDF
2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)
byJiandSon
 
PDF
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...
byChristopher Frohoff
 
PPT
Project Coin
byBalamurugan Soundararajan
 
PPTX
Java and OpenJDK: disecting the ecosystem
byRafael Winterhalter
 
PDF
Bytecode manipulation with Javassist and ASM
byashleypuls
 
PDF
HexRaysCodeXplorer: object oriented RE for fun and profit
byAlex Matrosov
 
Android JNI
bySiva Ramakrishna kv
 
Android ndk
byKhiem-Kim Ho Xuan
 
2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)
byJiandSon
 
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...
byChristopher Frohoff
 
Project Coin
byBalamurugan Soundararajan
 
Java and OpenJDK: disecting the ecosystem
byRafael Winterhalter
 
Bytecode manipulation with Javassist and ASM
byashleypuls
 
HexRaysCodeXplorer: object oriented RE for fun and profit
byAlex Matrosov
 

What's hot

PDF
HexRaysCodeXplorer: make object-oriented RE easier
byAlex Matrosov
 
PPTX
Static code analysis: what? how? why?
byAndrey Karpov
 
PPTX
Making Java more dynamic: runtime code generation for the JVM
byRafael Winterhalter
 
PDF
NDK Primer (Wearable DevCon 2014)
byRon Munitz
 
PDF
Flutter 是什麼?用 Flutter 會省到時間嗎? @ GDG Devfest2020
byJohnny Sung
 
PPT
core java
byVinodh Kumar
 
PPTX
Java 10, Java 11 and beyond
byRafael Winterhalter
 
PDF
Java Deserialization Vulnerabilities - The Forgotten Bug Class
byCODE WHITE GmbH
 
PPT
C++ programming with jni
byPeter Hagemeyer
 
PDF
Tips and tricks for building high performance android apps using native code
byKenneth Geisshirt
 
PDF
Building High Performance Android Applications in Java and C++
byKenneth Geisshirt
 
PDF
Understanding the Dalvik bytecode with the Dedexer tool
byGabor Paller
 
PPTX
Fixing the Java Serialization Mess
bySalesforce Engineering
 
PPTX
The definitive guide to java agents
byRafael Winterhalter
 
PDF
Inc0gnito 2015 Android DEX Analysis Technique
by남준 김
 
PPT
Building a java tracer
byrahulrevo
 
PDF
JVM Mechanics: When Does the JVM JIT & Deoptimize?
byDoug Hawkins
 
PDF
C++ Advanced Features
byMichael Redlich
 
PPTX
Java concurrency
byHithem Ahmed
 
PDF
C++ Advanced Features
byMichael Redlich
 
HexRaysCodeXplorer: make object-oriented RE easier
byAlex Matrosov
 
Static code analysis: what? how? why?
byAndrey Karpov
 
Making Java more dynamic: runtime code generation for the JVM
byRafael Winterhalter
 
NDK Primer (Wearable DevCon 2014)
byRon Munitz
 
Flutter 是什麼?用 Flutter 會省到時間嗎? @ GDG Devfest2020
byJohnny Sung
 
core java
byVinodh Kumar
 
Java 10, Java 11 and beyond
byRafael Winterhalter
 
Java Deserialization Vulnerabilities - The Forgotten Bug Class
byCODE WHITE GmbH
 
C++ programming with jni
byPeter Hagemeyer
 
Tips and tricks for building high performance android apps using native code
byKenneth Geisshirt
 
Building High Performance Android Applications in Java and C++
byKenneth Geisshirt
 
Understanding the Dalvik bytecode with the Dedexer tool
byGabor Paller
 
Fixing the Java Serialization Mess
bySalesforce Engineering
 
The definitive guide to java agents
byRafael Winterhalter
 
Inc0gnito 2015 Android DEX Analysis Technique
by남준 김
 
Building a java tracer
byrahulrevo
 
JVM Mechanics: When Does the JVM JIT & Deoptimize?
byDoug Hawkins
 
C++ Advanced Features
byMichael Redlich
 
Java concurrency
byHithem Ahmed
 
C++ Advanced Features
byMichael Redlich
 

Viewers also liked

PDF
Madeleine H Vedel CV 2015
byMadeleine Hill Vedel
 
PPTX
Solidos cristalinos hcsc
byTOMYRYAM2014
 
PDF
SOLOPRENEUR
byNAGESHWAR RAO PATHAKOTI
 
PDF
Industria Petroquímica Mexicana. Problemática, Diagnóstico y Propuestas de So...
byAcademia de Ingeniería de México
 
PDF
Eso1128
bySérgio Sacani
 
PPTX
Spsbe 18-04-15 - should i move my network folders to office 365
byBIWUG
 
PPTX
1.1 memahami gelombang (b)
byAmb Jerome
 
PPT
Competencia Imperfecta
byMiguel Altuve
 
PPSX
Oracle - Simplificación y Administración de TI
byRefundation
 
PPT
Parish Leadership 2014: Insurance and Risk Management
byAnglican Diocese of Toronto
 
PDF
The 9 Criteria for Brand Essence (TM)
byKirk Phillips
 
PPT
Tca
byGuisela Mena Mora
 
PDF
Contrato ventas Marelli
byAmalia Pando
 
PDF
07-02-2013 eraikune-boma
byEraikune
 
PDF
06 salida 23_03_2013
bychouffe
 
PDF
N20
byLe National
 
PDF
Rapport: Utprøving av iPad i alternative opplæringarenaer
byFrode Kyrkjebø
 
PDF
The JOBS Act Implementation Update
byMarketNexus Media
 
PDF
New Age Cleaning Solutions, Kolkata, Cleaning Machine and Garden Equipment
byindiamartsupplier
 
PDF
Gramática del Curso 1 Inglés
byguadalinfo sayalonga
 
Madeleine H Vedel CV 2015
byMadeleine Hill Vedel
 
Solidos cristalinos hcsc
byTOMYRYAM2014
 
SOLOPRENEUR
byNAGESHWAR RAO PATHAKOTI
 
Industria Petroquímica Mexicana. Problemática, Diagnóstico y Propuestas de So...
byAcademia de Ingeniería de México
 
Eso1128
bySérgio Sacani
 
Spsbe 18-04-15 - should i move my network folders to office 365
byBIWUG
 
1.1 memahami gelombang (b)
byAmb Jerome
 
Competencia Imperfecta
byMiguel Altuve
 
Oracle - Simplificación y Administración de TI
byRefundation
 
Parish Leadership 2014: Insurance and Risk Management
byAnglican Diocese of Toronto
 
The 9 Criteria for Brand Essence (TM)
byKirk Phillips
 
Tca
byGuisela Mena Mora
 
Contrato ventas Marelli
byAmalia Pando
 
07-02-2013 eraikune-boma
byEraikune
 
06 salida 23_03_2013
bychouffe
 
N20
byLe National
 
Rapport: Utprøving av iPad i alternative opplæringarenaer
byFrode Kyrkjebø
 
The JOBS Act Implementation Update
byMarketNexus Media
 
New Age Cleaning Solutions, Kolkata, Cleaning Machine and Garden Equipment
byindiamartsupplier
 
Gramática del Curso 1 Inglés
byguadalinfo sayalonga
 

Similar to Native code in Android applications

PDF
Introduction to the Android NDK
byBeMyApp
 
PDF
Using the Android Native Development Kit (NDK)
byXavier Hallade
 
PDF
Using the Android Native Development Kit (NDK)
byDroidConTLV
 
PDF
Ndk
byRuslan Novikov
 
PPTX
Using the android ndk - DroidCon Paris 2014
byParis Android User Group
 
PDF
NDK Programming in Android
byArvind Devaraj
 
PDF
NDK Primer (AnDevCon Boston 2014)
byRon Munitz
 
PPTX
Advance Android Application Development
byRamesh Prasad
 
PPTX
Android NDK Intro
byGiles Payne
 
PPTX
Android ndk
bySentinel Solutions Ltd
 
PPTX
Android NDK
bySentinel Solutions Ltd
 
PPTX
Android ndk - Introduction
byRakesh Jha
 
PPTX
Native development kit (ndk) introduction
byRakesh Jha
 
PPTX
Getting started with the NDK
byKirill Kounik
 
PPTX
Let's talk about jni
byYongqiang Li
 
PDF
Running native code on Android #OSDCfr 2012
byCédric Deltheil
 
PPT
Native Android for Windows Developers
byYoss Cohen
 
PDF
109842496 jni
byVishal Singh
 
PDF
Android Internals
byMarko Gargenta
 
PDF
Android Native Development Kit
byPeter R. Egli
 
Introduction to the Android NDK
byBeMyApp
 
Using the Android Native Development Kit (NDK)
byXavier Hallade
 
Using the Android Native Development Kit (NDK)
byDroidConTLV
 
Ndk
byRuslan Novikov
 
Using the android ndk - DroidCon Paris 2014
byParis Android User Group
 
NDK Programming in Android
byArvind Devaraj
 
NDK Primer (AnDevCon Boston 2014)
byRon Munitz
 
Advance Android Application Development
byRamesh Prasad
 
Android NDK Intro
byGiles Payne
 
Android ndk
bySentinel Solutions Ltd
 
Android NDK
bySentinel Solutions Ltd
 
Android ndk - Introduction
byRakesh Jha
 
Native development kit (ndk) introduction
byRakesh Jha
 
Getting started with the NDK
byKirill Kounik
 
Let's talk about jni
byYongqiang Li
 
Running native code on Android #OSDCfr 2012
byCédric Deltheil
 
Native Android for Windows Developers
byYoss Cohen
 
109842496 jni
byVishal Singh
 
Android Internals
byMarko Gargenta
 
Android Native Development Kit
byPeter R. Egli
 

Recently uploaded

PDF
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
PDF
GenerationAI Paris 2025 | City of Light (COL)
byapidays
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PDF
AI and Zero Trust: What it takes to do it right
byMark Simos
 
PDF
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
PDF
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
PDF
Python Automation in Action: Real-World Use Cases and Practical Implementation
byDenys Smirnov
 
PDF
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PDF
Configure and Manage Systemd Timers- RHCSA (RH134).pdf
byLinuxCert Guru
 
PDF
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 
PPTX
TravelTech Paris 2025 | Beyond the pipes: Why Channel Management isn’t really...
byapidays
 
PPTX
NTG - Data Center Management System Software
byMustafa Kuğu
 
PDF
Advanced SELinux Management - RHCSA (RH134).pdf
byLinuxCert Guru
 
PPTX
WEEK 1-introduction of industrial arts grade 7.pptx
byrosierufinomaliongan
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
PPTX
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
PDF
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
PDF
Track Phone Location by Number (2026)_ What’s Actually Possible for Free (and...
byEmily Woods
 
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
GenerationAI Paris 2025 | City of Light (COL)
byapidays
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
AI and Zero Trust: What it takes to do it right
byMark Simos
 
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
Python Automation in Action: Real-World Use Cases and Practical Implementation
byDenys Smirnov
 
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
Configure and Manage Systemd Timers- RHCSA (RH134).pdf
byLinuxCert Guru
 
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 
TravelTech Paris 2025 | Beyond the pipes: Why Channel Management isn’t really...
byapidays
 
NTG - Data Center Management System Software
byMustafa Kuğu
 
Advanced SELinux Management - RHCSA (RH134).pdf
byLinuxCert Guru
 
WEEK 1-introduction of industrial arts grade 7.pptx
byrosierufinomaliongan
 
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
Track Phone Location by Number (2026)_ What’s Actually Possible for Free (and...
byEmily Woods
 

Native code in Android applications

  • 1.
    Native code inAndroid applications
  • 2.
  • 3.
    Yumm Low memory overheadfor image decoding
  • 4.
  • 5.
    Secure Video Player CriticalDRM code; cross-platform code (iOS/Android/Linux/OS X/Windows); high-performance
  • 6.
  • 7.
    Your Java Application Javacode /libs/armeabi/ Android Runtime Core Libraries (Java) JVM (Dalvik) Libraries OpenSL ES SQLite OpenGL Linux Platform Media
  • 8.
    Android NDK • Documentation • Toolchain -ndk-build, gcc/clang, gdbserver, … • NDK framework headers • Build system
  • 9.
    NDK frameworks android-4 (1.6) • dl,zlib, math, log • OpenGL ES 1.x android-14 (4.0) android-5 (2.0) • OpenMAX OpenGL ES 2.0 android-8 (2.2) • • JNI Graphics - java Bitmaps on low level android-9 (2.3) • EGL • OpenSL ES - audio library • Native Applications - native activity, etc android-18 (4.3) • OpenGL ES 3.0
  • 10.
  • 11.
    Application structure • jni/ (sourcecode) • Android.mk • [Application.mk] • module1/ • • Android.mk libs/armeabi/libnative.so - compiled shared library
  • 12.
    CPU specific • Application BinaryInterface (ABI): • armeabi - at least ARMv5TE • armeabi-v7a - Thumb-2; VFP hardware FPU; NEON • x86 • mips • Application.mk: • APP_ABI := all • APP_ABI := armeabi armeabi-v7a
  • 13.
  • 14.
    JNI in Cand C++ #include <jni.h> C struct JNINativeInterface { jclass (*FindClass)(JNIEnv*, const char*); } typedef const struct JNINativeInterface* JNIEnv; ! JNIEnv* env; (*env)->FindClass(env, “classname”);
  • 15.
    JNI in Cand C++ C++ struct _JNIEnv { jclass FindClass(const char* name) { return functions->FindClass(this, name); } } ! JNIEnv* env; env->FindClass(“classname”);
  • 16.
    Mapping native functions libnative.so Java.class -function_1() - function_1() - function_2() - function_2() - function_3() - function_3() - function_4() - function_4() - function_5() - function_5()
  • 17.
    Mapping native functions .java publicnative static int testNative(int a, int b); .c jint Java_com_example_jnibasics_NativeDemo_testNative(JNIEnv *env, jclass obj, jint a, jint b) package name javah > javah com.example.jnibasics.NativeDemo
  • 18.
    Mapping native functions jintRegisterNatives(JNIEnv *env, jclass clazz, const JNINativeMethod *methods, jint nMethods); typedef struct { char *name; char *signature; void *fnPtr; } JNINativeMethod; jint addVals(JNIEnv *env, jclass obj, jint a, jint b) {…}
  • 19.
    Mapping native functions staticJNINativeMethod sMethods[] = { {"testNative", "(II)I", (void*)addVals} }; jint JNI_OnLoad(JavaVM* vm, void* reserved) { JNIEnv *env = NULL; jclass klass; if((*vm)->GetEnv(vm, (void**)&env, JNI_VERSION_1_6) != JNI_OK) return -1; ! klass = (*env)->FindClass(env, “com/example/jnibasics/NativeDemo”);   (*env)->RegisterNatives(env, klass, gMethods, 1); ! return JNI_VERSION_1_6; }
  • 20.
    Loading .so fromJava static { static { System.loadLibrary("Dependency"); System.loadLibrary("JNIBasics"); System.loadLibrary("JNIBasics"); } } JNIBasics Dependency
  • 21.
  • 22.
    References jobject gObject =NULL; ! void function(JNIEnv* jobject obj) { gObject = (*env)->NewGlobalRef(env, obj); } ! void finish(JNIEnv* env) { (*env)->DeleteGlobalRef(env, gObject); }
  • 23.
    Calling Java methodsfrom native jclass clz = (*env)->FindClass(env, “com/example/jnibasics/NativeDemo"); ! jmethodID method = (*env)->GetMethodID(env, clz, "methodName", “(II)Ljava/lang/String;"); ! jstring result = (*env)->CallObjectMethod(env, obj, method, 5, 6);
  • 24.
    Accessing java strings jstringjstr; const char* str; ! str = (*env)->GetStringUTFChars(env, jstr, NULL); ! ... ! (*env)->ReleaseStringUTFChars(env, jstr, str);
  • 25.
    Further reading • Attaching Javathreads • Creating new Java objects from native code • Distinguish between virtual and non virtual methods • Exception handling • Accessing Java arrays
  • 26.
  • 27.
    Performance • Most applications don’tneed native code! • Only for extensive calculations: games, rich media • Take advantage of NEON CPU instructions • Avoiding Java Garbage Collection
  • 28.
    Cross-platform architecture platform dependant libraries (network,UI, etc) Application (Java/UIKit) platform independent code (no JNI) external interface (JNI/Objective-C)
  • 29.
  • 30.
  • 31.
    1. 2. 3. 4. Register as adeveloper (£60 per year) Add device UUID to dev account Generate Provisioning Profile Sign APK with developer’s certificate ! or Submit to Apple Store or Jailbreak device Binary is encrypted Decryption is on OS level Self-signed APK or not-signed at all Decompiled Objective C: Decompiled Java: class structures assembly code readable code
  • 32.
    Demo DISCLAIMER: For educationalpurposes only; I’m not encouraging to hack somebody else’s applications;
  • 33.
    Summary • Always obfuscate Javacode! • Never save passwords, use session key or hash instead • Never keep encryption keys in clear data in memory • Keep all critical code in native
  • 34.
    Further protection • Hide non-publicsymbols from .so files • Strip debug information into separate files • Expose only high-level APIs to Java
  • 35.
    Tips • Debugging native codeis tricky • • • Linux or OSX as dev platform Use ARM DS-5 Community Edition in Eclipse Android fragmentation • separate .so files for different version
  • 36.