Downloaded 21 times
![assets - all the unmodified app contents
AndroidManifest.xml - Generic; The app-map
classes.dex - Java files’ package. The Dalvik executable [ yeah! the source ]
res - All the resources ( drawables, icons, values )
lib - External/custom native libraries
Resources.asrc - Compiled resources / binaries
META-INF - Certificates](https://image.slidesharecdn.com/dissectingandroidapk-160918120101/75/Dissecting-Android-APK-19-2048.jpg)
More Related Content
![Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]](https://cdn.slidesharecdn.com/ss_thumbnails/reversingmalwareanalysistrainingpart11-exploitdevelopmentadvanced-120908121200-phpapp02-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Wroclaw #1] Android Security Workshop](https://cdn.slidesharecdn.com/ss_thumbnails/owaspplwroclaw1-160225150939-thumbnail.jpg?width=640&height=640&fit=bounds)
More from Cysinfo Cyber Security Community
Dissecting Android APK
- 1. Dissecting Android APK ReversingAndroid applications
- 2. /> self.me - Finalyear undergraduate student at Amrita University, Amritapuri - Love Android ! - Currently researching on Android security - Play CTFs as a part of team bi0s
- 3.
- 4. Index - Why Android? - Android security implementations and issues - Real world Android malwares - Reversing Android apps - Structure of an APK - Analyzing the contents
- 5. Why Android ? TheTale of Triumph Open source - power to you! User-friendly Most used - more developers
- 6. Mobile OS GlobalMarket Share 2016
- 7. Android security - Sandboxing -Permissions - ASLR since Android 4.0 ICS - ARM TrustZone Implementations
- 8.
- 9.
- 10. Are we atrisk ?
- 11. Issues - Malwares -Ransomwares - Exploits
- 12. Real world Androidmalwares
- 13. AccuTrack : Turns anAndroid device into a GPS tracker AckPost : Steals contact information from the device and sends it to a remote server BackFlash / Crosate : Installs as a fake Flash plugin, registers as a Device administrator, and steals sensitive data BankBot : Particularly aims at stealing bank account information from dedicated apps DroidDeluxe : Exploits the device to gain root privilege and then modifies access permission of database files and collects account information
- 14. APK Android package :APK Zip file with .apk extension Playstore, Amazon Appstore, F-Droid Java + res + XML + Libs Android PacKage
- 15. Making of anAPK
- 16. Reversing Android apps Toolsand Methodologies
- 17. APKTOOL Reversing APKs - Compile/decompileapps - Smali code - To modify apps
- 18.
- 19. assets - allthe unmodified app contents AndroidManifest.xml - Generic; The app-map classes.dex - Java files’ package. The Dalvik executable [ yeah! the source ] res - All the resources ( drawables, icons, values ) lib - External/custom native libraries Resources.asrc - Compiled resources / binaries META-INF - Certificates
- 20. Dalvik / ART →JVM redefined → Dalvik until 4.4.4 Kitkat. ART from 5.0 Lollipop → Executes dex → Dalvik - JIT, ART - AOT
- 21. DEX Dalvik Executable > Dalvik’sbytecode > java classes > Easy to debug
- 22.
- 23. ADB Android Debug Bridge -Android tool - Drop shells, files - Access partitions - Install applications
- 24. Dex2Jar The source - Smallin size - Any platform - Extracts compiled classes out of the dex - Easy to use
- 25.
- 26. Workaround ? →Check permissions → Trusted app sources → Use ‘ anti-malware ’ apps
- 27. Glossary - aapt :Android Asset Packaging Tool. - dex : Dalvik executable. - dx : Tool within the Android SDK used to convert the jar files into dex files. - R.java : A class with static methods to reference all the resources.
- 28. In-depth Introduction toAndroid Permission Model Android Internals by Karim Yaghmour Logcat Security Issue Dalvik and ART Dex2jar, ADB, APK Tool DexGuard obfuscator Dalvik opcodes OWASP Seraphimdroid References
- 29.