Xiaoping Feng, profile picture
Uploaded byXiaoping Feng
PPTX, PDF570 views

Apk explorer2

The document discusses various techniques for analyzing and modifying Android APK files, including decompiling them using ApkTool and Dex2Jar, modifying the Smali code, and repacking the APK. It provides examples of Java code and corresponding Smali op-codes for displaying an alert dialog. It also discusses potential malicious behaviors of the Geinimi Android trojan and lists several malicious domain names and apps.

Embed presentation

Download to read offline
恶意软件 Apk Explorer Series .2 1
恶意软件@Android 2
N多做的 Nduo Nduo Apk 3
如何实现 .apk .dex .smali new.apk • Unzip • Decompile • Modify • Repack • ApkTool[1] • Smali[4] • ApkTool • Dex2Jar[2] 4
Wet feet AlertDialog Java Code AlertDialog alertDialog = new AlertDialog.Builder(this).create(); alertDialog.setTitle("LALALA"); alertDialog.setMessage("You should see me!!!!!!!"); alertDialog.show(); 5
Wet feet cont. AlertDialog Op-code new-instance v1, Landroid/app/AlertDialog$Builder; new-instance #v1=(UninitRef); v1, Landroid/app/AlertDialog$Builder; #v1=(UninitRef); invoke-direct {v1, p0}, Landroid/app/AlertDialog$Builder;- invoke-direct {v1, p0}, Landroid/app/AlertDialog$Builder;- ><init>(Landroid/content/Context;)V ><init>(Landroid/content/Context;)V #v1=(Reference); #v1=(Reference); invoke-virtual Landroid/app/AlertDialog$Builder;->create()Landroid/app/AlertDialog; invoke-virtual {v1}, {v1}, Landroid/app/AlertDialog$Builder;- move-result-object v0 >create()Landroid/app/AlertDialog; move-result-object v0 .local v0, alertDialog:Landroid/app/AlertDialog; .local v0, alertDialog:Landroid/app/AlertDialog; #v0=(Reference); #v0=(Reference); const-string "LALALA" const-string v1, v1, "LALALA" invoke-virtual {v0, v1}, Landroid/app/AlertDialog;->setTitle(Ljava/lang/CharSequence;)V invoke-virtual {v0, v1}, Landroid/app/AlertDialog;->setTitle(Ljava/lang/CharSequence;)V const-string "You should see me!!!!!!!"see me!!!!!!!" const-string v1, v1, "You should invoke-virtual {v0, v1}, Landroid/app/AlertDialog;->setMessage(Ljava/lang/CharSequence;)V invoke-virtual {v0, v1}, Landroid/app/AlertDialog;- >setMessage(Ljava/lang/CharSequence;)V invoke-virtual {v0}, Landroid/app/AlertDialog;->show()V invoke-virtual {v0}, Landroid/app/AlertDialog;->show()V 6
Wet feet cont. .method public onCreate(Landroid/os/Bundle;)V Yingyonghui Java code .locals 12 .parameter "savedInstanceState" SplashActivity.java .prologue const/16 v11, 0x400 #v11=(PosShort); AlertDialog Op-code const/4 v10, 0x0 #v10=(Null); const/4 v9, 0x1 #v9=(One); invoke-super {p0, p1}, Landroid/app/Activity;->onCreate(Landroid/os/Bundle;)V 7
Wet feet cont. HideFile Java code HideFiles.java a.a("http://market.nduoa.com/update/nDuoaMarket.apk", str2); 8
Geinimi [6] 9
Geinimi cont. Board Product Brand PTID www.widifu.com CPID SALESID CPU ABI SDK version www.udaore.com Geinimi Device Shell www.frijd.com DID SIM Country ISO Display SIM Operator www.islpast.com Fingerprint SIM Operator www.piajesj.com Host Name www.qoewsl.com Line1 Number SIM Serial Number Access the user's geo-location based on Manufacturer SIM State www.weolir.com coordinates given by Model the GPS Software Version www.uisoa.com Send or receive Network Country Subscriber ID SMS messages www.riusdu.com ISO Tags Access the user's mailbox Network Operator Time www.aiucr.com Read and modify the user's phonebook contacts Network Operator Type Read and modify the user's browsing history Name User 117.135.134.185 Network Type memorymail Number Check running processes in Voice 180.168.68.34 Phone Type Terminate legitimate running process in the device Install shortcuts Perform web queries Change the wallpaper of the device 10
PJApp 泡椒[3][5] "content://browser/bookmarks" MEEGO91.COM com.uc.browser SEND ALL Bookmarks com.tencent.mtt IMEI / SIM / IMSI / ICCID com.opera.mini.android Pdus ADD mobi.mgeek.TunnyBrowser …… android.paojiao.cn com.skyfire.browser ct2.paojiao.cn com.kolbysoft.steel g3g3.cn Default Browser com.android.browser 渠道激活 11
MEEGO91.COM Registrant: nduo demi nanchang jiangxi sicA501 nanchang, jiangxi 444001 China Registered through: GoDaddy.com Created on: 05-Sep-10 Expires on: 05-Sep-11 Administrative Contact: demi, nduo wangluoxing@163.com nanchang jiangxi sicA501 nanchang, jiangxi 444001 China +86.861363345678 12
Reference 1. http://code.google.com/p/android-apktool/ 2. http://code.google.com/p/dex2jar/ 3. http://www.itnews.tk/archives/4761 4. http://code.google.com/p/smali/ 5. http://globalthreatcenter.com/?cat=18 6. http://blog.mylookout.com/_media/Geinimi_Trojan _Teardown.pdf 13
Question ? 14

More Related Content

PPTX
Basic reverse engineering steps about .apk file
byCarl Lu
 
PPTX
Decompiling Android
byGodfrey Nolan
 
PDF
Lightweight Collection and Storage of Software Repository Data with DataRover
byChristoph Matthies
 
PPTX
Modifying Android Apps Without Source Codes
byRonillo Ang
 
PDF
Who Needs Thumbs? Reverse Engineering Scramble With Friends
byApkudo
 
PDF
AnDevCon: Android Reverse Engineering
byEnrique López Mañas
 
PPTX
Hacking for Fun and Profit
byApkudo
 
PDF
DefCamp 2013 - Android hacking techniques
byDefCamp
 
Basic reverse engineering steps about .apk file
byCarl Lu
 
Decompiling Android
byGodfrey Nolan
 
Lightweight Collection and Storage of Software Repository Data with DataRover
byChristoph Matthies
 
Modifying Android Apps Without Source Codes
byRonillo Ang
 
Who Needs Thumbs? Reverse Engineering Scramble With Friends
byApkudo
 
AnDevCon: Android Reverse Engineering
byEnrique López Mañas
 
Hacking for Fun and Profit
byApkudo
 
DefCamp 2013 - Android hacking techniques
byDefCamp
 

Similar to Apk explorer2

PDF
最先端の利用シーンからみるセキュリティリスク
byAkira Sasaki
 
PDF
Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...
byRootedCON
 
PDF
Wtf is happening_inside_my_android_phone_public
byJaime Blasco
 
PDF
Hacking your Droid (Aditya Gupta)
byClubHack
 
PPTX
Social and Mobile and Cloud - OH MY!
byTyler Shields
 
PDF
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
byArea41
 
PDF
Android Hacking
byantitree
 
PDF
Android jumpstart at ESC Boston 2011
byOpersys inc.
 
PDF
Android
byLeo Liang
 
PDF
Open Android
byMarko Gargenta
 
PDF
Hacking your Android (slides)
byJustin Hoang
 
ODP
Android. behind the scenes_programatica 2012
byAgora Group
 
PDF
Software Analytics for Mobile Applications – Insights & Lessons Learned [CSMR...
byRoberto Minelli
 
PDF
Android Jumpstart ESC SV 2012 Part I
byOpersys inc.
 
PDF
Androidアプリを公開する前にやっておきたい事
byIkuo Tansho
 
PDF
Deep Dive Into Android Security
byMarakana Inc.
 
PDF
Embedded Android Workshop at Embedded Linux Conference Europe 2011
byOpersys inc.
 
PDF
Android for Java Developers at OSCON 2010
byMarko Gargenta
 
PDF
Opera mobile 9.7 & Mobile Widgets
byManyoung Cho
 
PDF
Android for Java Developers
byMarko Gargenta
 
最先端の利用シーンからみるセキュリティリスク
byAkira Sasaki
 
Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...
byRootedCON
 
Wtf is happening_inside_my_android_phone_public
byJaime Blasco
 
Hacking your Droid (Aditya Gupta)
byClubHack
 
Social and Mobile and Cloud - OH MY!
byTyler Shields
 
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
byArea41
 
Android Hacking
byantitree
 
Android jumpstart at ESC Boston 2011
byOpersys inc.
 
Android
byLeo Liang
 
Open Android
byMarko Gargenta
 
Hacking your Android (slides)
byJustin Hoang
 
Android. behind the scenes_programatica 2012
byAgora Group
 
Software Analytics for Mobile Applications – Insights & Lessons Learned [CSMR...
byRoberto Minelli
 
Android Jumpstart ESC SV 2012 Part I
byOpersys inc.
 
Androidアプリを公開する前にやっておきたい事
byIkuo Tansho
 
Deep Dive Into Android Security
byMarakana Inc.
 
Embedded Android Workshop at Embedded Linux Conference Europe 2011
byOpersys inc.
 
Android for Java Developers at OSCON 2010
byMarko Gargenta
 
Opera mobile 9.7 & Mobile Widgets
byManyoung Cho
 
Android for Java Developers
byMarko Gargenta
 

More from Xiaoping Feng

PDF
Idea4hack
byXiaoping Feng
 
PDF
ibeacon changes museum
byXiaoping Feng
 
PPTX
Ibeacon 是什么 能做什么
byXiaoping Feng
 
PDF
Senz+ contextual application solution
byXiaoping Feng
 
PDF
Ibeacon basic (1)
byXiaoping Feng
 
PDF
Web App 调试基础 (1)
byXiaoping Feng
 
PDF
Ibeacon 101 基本常识
byXiaoping Feng
 
PDF
阳光书屋技术架构介绍
byXiaoping Feng
 
PDF
Biogenous 中学生的linkedin
byXiaoping Feng
 
PDF
当我们谈论WebApp - Openparty
byXiaoping Feng
 
PPTX
In app search 2
byXiaoping Feng
 
PPTX
In app search 1
byXiaoping Feng
 
PDF
App+ 1
byXiaoping Feng
 
PPTX
Apk explorer1
byXiaoping Feng
 
PPTX
Android apk证书安全机制
byXiaoping Feng
 
PPT
Ppt功能演示
byXiaoping Feng
 
PPT
连通器出行分享平台
byXiaoping Feng
 
Idea4hack
byXiaoping Feng
 
ibeacon changes museum
byXiaoping Feng
 
Ibeacon 是什么 能做什么
byXiaoping Feng
 
Senz+ contextual application solution
byXiaoping Feng
 
Ibeacon basic (1)
byXiaoping Feng
 
Web App 调试基础 (1)
byXiaoping Feng
 
Ibeacon 101 基本常识
byXiaoping Feng
 
阳光书屋技术架构介绍
byXiaoping Feng
 
Biogenous 中学生的linkedin
byXiaoping Feng
 
当我们谈论WebApp - Openparty
byXiaoping Feng
 
In app search 2
byXiaoping Feng
 
In app search 1
byXiaoping Feng
 
App+ 1
byXiaoping Feng
 
Apk explorer1
byXiaoping Feng
 
Android apk证书安全机制
byXiaoping Feng
 
Ppt功能演示
byXiaoping Feng
 
连通器出行分享平台
byXiaoping Feng
 

Apk explorer2

  • 1.
  • 2.
  • 3.
  • 4.
    如何实现 .apk .dex .smali new.apk • Unzip • Decompile • Modify • Repack • ApkTool[1] • Smali[4] • ApkTool • Dex2Jar[2] 4
  • 5.
    Wet feet AlertDialog JavaCode AlertDialog alertDialog = new AlertDialog.Builder(this).create(); alertDialog.setTitle("LALALA"); alertDialog.setMessage("You should see me!!!!!!!"); alertDialog.show(); 5
  • 6.
    Wet feet cont. AlertDialog Op-code new-instance v1, Landroid/app/AlertDialog$Builder; new-instance #v1=(UninitRef); v1, Landroid/app/AlertDialog$Builder; #v1=(UninitRef); invoke-direct {v1, p0}, Landroid/app/AlertDialog$Builder;- invoke-direct {v1, p0}, Landroid/app/AlertDialog$Builder;- ><init>(Landroid/content/Context;)V ><init>(Landroid/content/Context;)V #v1=(Reference); #v1=(Reference); invoke-virtual Landroid/app/AlertDialog$Builder;->create()Landroid/app/AlertDialog; invoke-virtual {v1}, {v1}, Landroid/app/AlertDialog$Builder;- move-result-object v0 >create()Landroid/app/AlertDialog; move-result-object v0 .local v0, alertDialog:Landroid/app/AlertDialog; .local v0, alertDialog:Landroid/app/AlertDialog; #v0=(Reference); #v0=(Reference); const-string "LALALA" const-string v1, v1, "LALALA" invoke-virtual {v0, v1}, Landroid/app/AlertDialog;->setTitle(Ljava/lang/CharSequence;)V invoke-virtual {v0, v1}, Landroid/app/AlertDialog;->setTitle(Ljava/lang/CharSequence;)V const-string "You should see me!!!!!!!"see me!!!!!!!" const-string v1, v1, "You should invoke-virtual {v0, v1}, Landroid/app/AlertDialog;->setMessage(Ljava/lang/CharSequence;)V invoke-virtual {v0, v1}, Landroid/app/AlertDialog;- >setMessage(Ljava/lang/CharSequence;)V invoke-virtual {v0}, Landroid/app/AlertDialog;->show()V invoke-virtual {v0}, Landroid/app/AlertDialog;->show()V 6
  • 7.
    Wet feet cont. .methodpublic onCreate(Landroid/os/Bundle;)V Yingyonghui Java code .locals 12 .parameter "savedInstanceState" SplashActivity.java .prologue const/16 v11, 0x400 #v11=(PosShort); AlertDialog Op-code const/4 v10, 0x0 #v10=(Null); const/4 v9, 0x1 #v9=(One); invoke-super {p0, p1}, Landroid/app/Activity;->onCreate(Landroid/os/Bundle;)V 7
  • 8.
    Wet feet cont. HideFile Java code HideFiles.java a.a("http://market.nduoa.com/update/nDuoaMarket.apk", str2); 8
  • 9.
  • 10.
    Geinimi cont. Board Product Brand PTID www.widifu.com CPID SALESID CPU ABI SDK version www.udaore.com Geinimi Device Shell www.frijd.com DID SIM Country ISO Display SIM Operator www.islpast.com Fingerprint SIM Operator www.piajesj.com Host Name www.qoewsl.com Line1 Number SIM Serial Number Access the user's geo-location based on Manufacturer SIM State www.weolir.com coordinates given by Model the GPS Software Version www.uisoa.com Send or receive Network Country Subscriber ID SMS messages www.riusdu.com ISO Tags Access the user's mailbox Network Operator Time www.aiucr.com Read and modify the user's phonebook contacts Network Operator Type Read and modify the user's browsing history Name User 117.135.134.185 Network Type memorymail Number Check running processes in Voice 180.168.68.34 Phone Type Terminate legitimate running process in the device Install shortcuts Perform web queries Change the wallpaper of the device 10
  • 11.
    PJApp 泡椒[3][5] "content://browser/bookmarks" MEEGO91.COM com.uc.browser SEND ALL Bookmarks com.tencent.mtt IMEI / SIM / IMSI / ICCID com.opera.mini.android Pdus ADD mobi.mgeek.TunnyBrowser …… android.paojiao.cn com.skyfire.browser ct2.paojiao.cn com.kolbysoft.steel g3g3.cn Default Browser com.android.browser 渠道激活 11
  • 12.
    MEEGO91.COM Registrant: nduo demi nanchang jiangxisicA501 nanchang, jiangxi 444001 China Registered through: GoDaddy.com Created on: 05-Sep-10 Expires on: 05-Sep-11 Administrative Contact: demi, nduo wangluoxing@163.com nanchang jiangxi sicA501 nanchang, jiangxi 444001 China +86.861363345678 12
  • 13.
    Reference 1. http://code.google.com/p/android-apktool/ 2. http://code.google.com/p/dex2jar/ 3. http://www.itnews.tk/archives/4761 4. http://code.google.com/p/smali/ 5. http://globalthreatcenter.com/?cat=18 6. http://blog.mylookout.com/_media/Geinimi_Trojan _Teardown.pdf 13
  • 14.