Dissecting Android APK

•Download as PPTX, PDF•

2 likes•788 views

This document provides an overview of reversing Android applications. It discusses the Android security model including permissions and ARM TrustZone. It describes real world Android malware like ransomware and data stealing malware. The structure of an Android APK file is explained including the dex, resources, libraries and manifest. Tools for analyzing APKs are introduced, like APKTool for decompiling and Dex2Jar for extracting dex files. The document demonstrates decompiling an APK and analyzing the smali code. It provides a glossary of related terms and references for further reading.

Software

Dissecting Android APK
Reversing Android applications

/> self.me
- Final year undergraduate student at Amrita University, Amritapuri
- Love Android !
- Currently researching on Android security
- Play CTFs as a part of team bi0s

Index
- Why Android ?
- Android security implementations and issues
- Real world Android malwares
- Reversing Android apps
- Structure of an APK
- Analyzing the contents

Why Android ?
The Tale of Triumph
Open source - power to you!
User-friendly
Most used - more developers

Android security
- Sandboxing
- Permissions
- ASLR since Android 4.0 ICS
- ARM TrustZone
Implementations

Issues - Malwares
- Ransomwares
- Exploits

AccuTrack :
Turns an Android device into a GPS tracker
AckPost :
Steals contact information from the device and sends it to a remote server
BackFlash / Crosate :
Installs as a fake Flash plugin, registers as a Device administrator, and steals sensitive data
BankBot :
Particularly aims at stealing bank account information from dedicated apps
DroidDeluxe :
Exploits the device to gain root privilege and then modifies access permission of database files
and collects account information

APK
Android package : APK
Zip file with .apk extension
Playstore, Amazon Appstore, F-Droid
Java + res + XML + Libs
Android PacKage

Reversing Android apps
Tools and Methodologies

APKTOOL
Reversing APKs
- Compile/decompile apps
- Smali code
- To modify apps

assets - all the unmodified app contents
AndroidManifest.xml - Generic; The app-map
classes.dex - Java files’ package. The Dalvik executable [ yeah! the source ]
res - All the resources ( drawables, icons, values )
lib - External/custom native libraries
Resources.asrc - Compiled resources / binaries
META-INF - Certificates

Dalvik / ART
→ JVM redefined
→ Dalvik until 4.4.4 Kitkat. ART from 5.0 Lollipop
→ Executes dex
→ Dalvik - JIT, ART - AOT

DEX
Dalvik Executable
> Dalvik’s bytecode
> java classes
> Easy to debug

ADB
Android Debug Bridge
- Android tool
- Drop shells, files
- Access partitions
- Install applications

Dex2Jar
The source
- Small in size
- Any platform
- Extracts compiled classes out of the dex
- Easy to use

Workaround ? → Check permissions
→ Trusted app sources
→ Use ‘ anti-malware ’ apps

Glossary
- aapt : Android Asset Packaging Tool.
- dex : Dalvik executable.
- dx : Tool within the Android SDK used to convert the jar files into dex files.
- R.java : A class with static methods to reference all the resources.

In-depth Introduction to Android Permission Model
Android Internals by Karim Yaghmour
Logcat Security Issue
Dalvik and ART
Dex2jar, ADB, APK Tool
DexGuard obfuscator
Dalvik opcodes
OWASP Seraphimdroid
References

What's hot

Dll preloading-attack

Cysinfo Cyber Security Community

Advanced malware analysis training session8 introduction to android

Cysinfo Cyber Security Community

Hunting Rootkit From the Dark Corners Of Memory

securityxploded

Reversing & malware analysis training part 1 lab setup guide

securityxploded

Reversing malware analysis training part7 unpackingupx

Cysinfo Cyber Security Community

Reversing malware analysis training part2 introduction to windows internals

Cysinfo Cyber Security Community

Reversing & malware analysis training part 2 introduction to windows internals

securityxploded

Reversing malware analysis trainingpart9 advanced malware analysis

Cysinfo Cyber Security Community

Reversing & malware analysis training part 3 windows pe file format basics

securityxploded

Advanced Malware Analysis Training Session 7 - Malware Memory Forensics

securityxploded

Anti-Virus Evasion Techniques and Countermeasures

n|u - The Open Security Community

Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]

securityxploded

Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2

securityxploded

IOT Exploitation

Cysinfo Cyber Security Community

Reversing & Malware Analysis Training Part 13 - Future Roadmap

securityxploded

Introduction to iOS Penetration Testing

OWASP

Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis

securityxploded

Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...

securityxploded

Advanced Malware Analysis Training Session 1 - Detection and Removal of Malwares

securityxploded

Basic Malware Analysis

Albert Hui

What's hot (20)

Dll preloading-attack

Advanced malware analysis training session8 introduction to android

Hunting Rootkit From the Dark Corners Of Memory

Reversing & malware analysis training part 1 lab setup guide

Reversing malware analysis training part7 unpackingupx

Reversing malware analysis training part2 introduction to windows internals

Reversing & malware analysis training part 2 introduction to windows internals

Reversing malware analysis trainingpart9 advanced malware analysis

Reversing & malware analysis training part 3 windows pe file format basics

Advanced Malware Analysis Training Session 7 - Malware Memory Forensics

Anti-Virus Evasion Techniques and Countermeasures

Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]

Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2

IOT Exploitation

Reversing & Malware Analysis Training Part 13 - Future Roadmap

Introduction to iOS Penetration Testing

Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis

Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...

Advanced Malware Analysis Training Session 1 - Detection and Removal of Malwares

Basic Malware Analysis

Viewers also liked

Investigating Malicious Office Documents: Analyzing Macros Malwares used in C...

Cysinfo Cyber Security Community

Buffer overflow Attacks

Cysinfo Cyber Security Community

Watering hole attacks case study analysis

Cysinfo Cyber Security Community

Return address

Cysinfo Cyber Security Community

Dynamic Binary Instrumentation

Cysinfo Cyber Security Community

Format string vunerability

Cysinfo Cyber Security Community

Homomorphic encryption

Cysinfo Cyber Security Community

Advanced malware analysis training session11 part2 dissecting the heart beat ...

Cysinfo Cyber Security Community

Investigating Malware using Memory Forensics

Cysinfo Cyber Security Community

Introduction to Binary Exploitation

Cysinfo Cyber Security Community

Advanced malwareanalysis training session2 botnet analysis part1

Cysinfo Cyber Security Community

Advanced malware analysis training session3 botnet analysis part2

Cysinfo Cyber Security Community

Exploits & Mitigations - Memory Corruption Techniques

Cysinfo Cyber Security Community

POS Malware: Is your Debit/Credit Transcations Secure?

Cysinfo Cyber Security Community

Introduction to ICS/SCADA security

Cysinfo Cyber Security Community

Hunting rootkit from dark corners of memory

Cysinfo Cyber Security Community

Understanding APT1 malware techniques using malware analysis and reverse engi...

Cysinfo Cyber Security Community

XXE - XML External Entity Attack

Cysinfo Cyber Security Community

Linux Malware Analysis

Cysinfo Cyber Security Community

ATM Malware: Understanding the threat

Cysinfo Cyber Security Community

Viewers also liked (20)

Investigating Malicious Office Documents: Analyzing Macros Malwares used in C...

Buffer overflow Attacks

Watering hole attacks case study analysis

Return address

Dynamic Binary Instrumentation

Format string vunerability

Homomorphic encryption

Advanced malware analysis training session11 part2 dissecting the heart beat ...

Investigating Malware using Memory Forensics

Introduction to Binary Exploitation

Advanced malwareanalysis training session2 botnet analysis part1

Advanced malware analysis training session3 botnet analysis part2

Exploits & Mitigations - Memory Corruption Techniques

POS Malware: Is your Debit/Credit Transcations Secure?

Introduction to ICS/SCADA security

Hunting rootkit from dark corners of memory

Understanding APT1 malware techniques using malware analysis and reverse engi...

XXE - XML External Entity Attack

Linux Malware Analysis

ATM Malware: Understanding the threat

Similar to Dissecting Android APK

Android Reverse Engineering by Samrat Das Abstract • Intro to Reverse Engineering • Short walkthough with Windows RE • Introduction to Mobile Security Assessments • Dalvik Virtual Machine vs JVM • APK Walkthrough • Components of Android • Steps of Reverse Engineering Android Applications • Hands-on demos on manual reversing of android apps • Introduction to APPuse VM for droid assessments • Detecting developer backdoors • Creating Infected Android Applications • Anti-Reversing | Obfuscation

Null Mumbai Meet_Android Reverse Engineering by Samrat Das

nullowaspmumbai

Hacking your Droid (Aditya Gupta)

ClubHack

Getting started with Android pentesting

Minali Arora

Andriod Pentesting and Malware Analysis

n|u - The Open Security Community

Reverse Engineering (RE) is the art of taking an application apart and try to understand the internal mechanisms. There’s a positive side and a negative side to this approach. The positive side is the fact that RE gives us a means to research and understand malware. The negative side is that distributed binaries can be torn apart to look at intellectual property or to inject it with malicious code. The talk will guide you through the Android app build process and learn some countermeasures to make it harder for hackers to reverse engineer your Android code. Further more the talk will cover opensource tools that you can use to reverse engineer Android applications to inspect it for malware.

Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and Tools

Dario Incalza

Getting started with android

Vandana Verma

Building Custom Android Malware BruCON 2013

Stephan Chenette

Introduction to Android Development Part 1

Kainda Kiniel Daka

Manish Chasta - Securing Android Applications

Positive Hack Days

Pentesting iOS Applications

jasonhaddix

3. Android Architecture.pptx

HarshiniB11

Android Penetration testing - Day 2

Mohammed Adam

Android security by ravi-rai

Ravi Rai

Android For Java Developers

Mike Wolfson

Reading Group Presentation: Why Eve and Mallory Love Android

Michael Rushanan

Null mumbai-Android-Insecure-Data-Storage-Exploitation

Nitesh Malviya

In this presentation Stephan will discuss some recent research that emerged he was asked to build malicious applications that bypassed custom security controls. He will walk through some of the basics of reversing malicious apps for android as well as common android malware techniques and methodologies. From the analysis of the wild android malware, he will discuss techniques and functionality to include when penetration testing against 3rd-party android security controls. BIO Stephan Chenette is the Director of Security Research and Development at IOActive where he conducts ongoing research to support internal and external security initiatives within the IOActive Labs. Stephan has been in involved in security research for the last 10 years and has presented at numerous conferences including: Blackhat, CanSecWest, RSA, EkoParty, RECon, AusCERT, ToorCon, SecTor, SOURCE, OWASP, B-Sides and PacSec. His specialty is in writing research tools for both the offensive and defensive front as well as investigating next generation emerging threats. He has released public analyses on various vulnerabilities and malware. Prior to joining IOActive, Stephan was the head security researcher at Websense for 6 years and a security software engineer for 4 years working in research and product development at eEye Digital Security.

2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing

Stephan Chenette

Notes Unit2.pptx

MIT Autonomous Aurangabad

Android sandbox

Anusha Chavan

This talk shows the possibilities of reversing Android applications. After an introduction about Android issues in the past, Tobias Ospelt explains how he managed to download several thousand Android applications from the Google Market, and which security issues are present in various apps. Apps can be decompiled, altered and recompiled, which means that for most apps it is very easy to steal code or to include malware. Some of the apps use obfuscation to disguise the code, but for example encryption keys can easily be extracted. Small game developers, as well as big companies are not aware of the risk that their code can be decompiled to java and disassembled to smali code. This is how a lot of protection mechanisms can be circumvented, such as licensing (cracking a Game) or corporate solutions (enforcing policies on the mobile). The talk shows how easy everybody can reverse android apps and how encryption keys can be extracted, even when the code is obfuscated. The material is a nice follow-up to the Android talk of Jesse Burns from last year at #days, although this talk is more focused on the apps and shows some more hacks/code/encryption/obfuscation/reversing. Bio: Tobias Ospelt is working as a security expert and tester for Dreamlab Technologies AG in Bern. He is mainly involved in web application and mobile security penetration tests. Tobias Ospelt joined Dreamlab after having achieved his Master Degree focusing IT-Security, and after having worked as a Research Assistant at the Zurich University of Applied Sciences.

hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...

Area41

Similar to Dissecting Android APK (20)

Null Mumbai Meet_Android Reverse Engineering by Samrat Das

Hacking your Droid (Aditya Gupta)

Getting started with Android pentesting

Andriod Pentesting and Malware Analysis

Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and Tools

Getting started with android

Building Custom Android Malware BruCON 2013

Introduction to Android Development Part 1

Manish Chasta - Securing Android Applications

Pentesting iOS Applications

3. Android Architecture.pptx

Android Penetration testing - Day 2

Android security by ravi-rai

Android For Java Developers

Reading Group Presentation: Why Eve and Mallory Love Android

Null mumbai-Android-Insecure-Data-Storage-Exploitation

2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing

Notes Unit2.pptx

Android sandbox

hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...

Recently uploaded

Agnieszka Andrzejewska - BIM School Course in Kraków

bim.edu.pl

Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.

Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...

Shahin Sheidaei

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

WSO2

The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month. The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies. However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News. Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!

SOCRadar Research Team: Latest Activities of IntelBroker

SOCRadar

Using IESVE for Room Loads Analysis - Australia & New Zealand

IES VE

AI/ML Infra Meetup May. 23, 2024 Organized by Alluxio For more Alluxio Events: https://www.alluxio.io/events/ Speaker: - Junchen Jiang (Assistant Professor of Computer Science, @University of Chicago) Prefill in LLM inference is known to be resource-intensive, especially for long LLM inputs. While better scheduling can mitigate prefill’s impact, it would be fundamentally better to avoid (most of) prefill. This talk introduces our preliminary effort towards drastically minimizing prefill delay for LLM inputs that naturally reuse text chunks, such as in retrieval-augmented generation. While keeping the KV cache of all text chunks in memory is difficult, we show that it is possible to store them on cheaper yet slower storage. By improving the loading process of the reused KV caches, we can still significantly speed up prefill delay while maintaining the same generation quality.

AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG

Alluxio, Inc.

Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.

TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR

Tier1 app

Studiovity film pre-production and screenwriting software

info611746

A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1

KnowledgeSeed

Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload. Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.

Designing for Privacy in Amazon Web Services

KrzysztofKkol1

Skilrock is an igaming technology platform & lottery software provider to the Global Lottery & Gaming Industry with a strong presence across continents. As part of the $2.4 billion SUGAL & DAMANI GROUP, Skilrock leverages the group's extensive domain experience to offer the INFINITI gaming platform - a true Omni-Channel, Omni-Gaming Platform that can serve any lottery or gaming operator anywhere in the world. INFINITI serves Retail, iGaming & Self Service Channels with equal ease and at the same time supports a wide variety of games like Lotto, Keno, Bingo, Instant, Sports, Poker, Rummy, Casino and Slots. Our popular solutions are Scratch Lottery, Retail Lottery, Instant Lottery and other igaming and lottery solutions.

iGaming Platform & Lottery Solutions by Skilrock

Skilrock Technologies

This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.

top nidhi software solution freedownload

vrstrong314

AI/ML Infra Meetup May. 23, 2024 Organized by Alluxio For more Alluxio Events: https://www.alluxio.io/events/ Speaker: - Eric Wang (Software Engineer, @Uber) Uber has numerous deep learning models, most of which are highly complex with many layers and a vast number of features. Understanding how these models work is challenging and demands significant resources to experiment with various training algorithms and feature sets. With ML explainability, the ML team aims to bring transparency to these models, helping to clarify their predictions and behavior. This transparency also assists the operations and legal teams in explaining the reasons behind specific prediction outcomes. In this talk, Eric Wang will discuss the methods Uber used for explaining deep learning models and how we integrated these methods into the Uber AI Michelangelo ecosystem to support offline explaining.

AI/ML Infra Meetup | ML explainability in Michelangelo

Alluxio, Inc.

Breaking the Code : A Guide to WhatsApp Business API.pdf

Meon Technology

Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have. For more Tendenci AMS events, check out www.tendenci.com/events

Corporate Management | Session 3 of 3 | Tendenci AMS

Tendenci - The Open Source AMS (Association Management Software)

AI/ML Infra Meetup May. 23, 2024 Organized by Alluxio For more Alluxio Events: https://www.alluxio.io/events/ Speaker: - Lu Qiu (Data & AI Platform Tech Lead, @Alluxio) - Siyuan Sheng (Senior Software Engineer, @Alluxio) Speed and efficiency are two requirements for the underlying infrastructure for machine learning model development. Data access can bottleneck end-to-end machine learning pipelines as training data volume grows and when large model files are more commonly used for serving. For instance, data loading can constitute nearly 80% of the total model training time, resulting in less than 30% GPU utilization. Also, loading large model files for deployment to production can be slow because of slow network or storage read operations. These challenges are prevalent when using popular frameworks like PyTorch, Ray, or HuggingFace, paired with cloud object storage solutions like S3 or GCS, or downloading models from the HuggingFace model hub. In this presentation, Lu and Siyuan will offer comprehensive insights into improving speed and GPU utilization for model training and serving. You will learn: - The data loading challenges hindering GPU utilization - The reference architecture for running PyTorch and Ray jobs while reading data from S3, with benchmark results of training ResNet50 and BERT - Real-world examples of boosting model performance and GPU utilization through optimized data access

AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...

Alluxio, Inc.

CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.

Cyaniclab : Software Development Agency Portfolio.pdf

Cyanic lab

A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf

kalichargn70th171

"Introduction to Windows 7" serves as the foundational chapter in our guide, setting the stage for understanding the key features and functionalities of this operating system. Windows 7, released by Microsoft in 2009, quickly became one of the most popular and widely used versions of Windows due to its user-friendly interface, stability, and performance improvements over its predecessor, Windows Vista. This chapter begins by providing an overview of the Windows 7 operating system, highlighting its key attributes and improvements compared to earlier versions of Windows. It introduces users to the visual enhancements such as Aero Glass, the revamped taskbar (also known as the Superbar), and the redesigned Start menu, which all contribute to a more intuitive and streamlined user experience. Furthermore, "Introduction to Windows 7" delves into the architecture and system requirements of the operating system, helping users understand what hardware specifications are necessary for optimal performance. It covers topics such as processor requirements, RAM, disk space, and graphics capabilities, ensuring that readers have a clear 3 understanding of the hardware prerequisites for running Windows 7 smoothly. Additionally, this chapter explores the various editions of Windows 7, including Home Premium, Professional, Ultimate, and Enterprise, outlining the differences between them and helping users choose the edition that best suits their needs and requirements. Moreover, "Introduction to Windows 7" provides an overview of the installation process, guiding users through the steps required to install or upgrade to Windows 7 on their computers. It covers topics such as preparing for installation, choosing the installation type (upgrade or custom), partitioning disks, and configuring initial settings. In summary, "Introduction to Windows 7" serves as a comprehensive primer for users who are new to the operating system or seeking to refresh their understanding. By familiarizing themselves with the core concepts and features of Windows 7, readers can lay a solid foundation for exploring more advanced topics covered in subsequent chapters of this guide.

Mastering Windows 7 A Comprehensive Guide for Power Users .pdf

mbmh111980

Into the Box 2024 - Keynote Day 2 Slides.pdf

Ortus Solutions, Corp

Recently uploaded (20)

Agnieszka Andrzejewska - BIM School Course in Kraków

Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

SOCRadar Research Team: Latest Activities of IntelBroker

Using IESVE for Room Loads Analysis - Australia & New Zealand

AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG

TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR

Studiovity film pre-production and screenwriting software

A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1

Designing for Privacy in Amazon Web Services

iGaming Platform & Lottery Solutions by Skilrock

top nidhi software solution freedownload

AI/ML Infra Meetup | ML explainability in Michelangelo

Breaking the Code : A Guide to WhatsApp Business API.pdf

Corporate Management | Session 3 of 3 | Tendenci AMS

AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...

Cyaniclab : Software Development Agency Portfolio.pdf

A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf

Mastering Windows 7 A Comprehensive Guide for Power Users .pdf

Into the Box 2024 - Keynote Day 2 Slides.pdf

Dissecting Android APK

1. Dissecting Android APK Reversing Android applications

2. /> self.me - Final year undergraduate student at Amrita University, Amritapuri - Love Android ! - Currently researching on Android security - Play CTFs as a part of team bi0s

3. bi0s

4. Index - Why Android ? - Android security implementations and issues - Real world Android malwares - Reversing Android apps - Structure of an APK - Analyzing the contents

5. Why Android ? The Tale of Triumph Open source - power to you! User-friendly Most used - more developers

6. Mobile OS Global Market Share 2016

7. Android security - Sandboxing - Permissions - ASLR since Android 4.0 ICS - ARM TrustZone Implementations

8. Permissions

9. ARM TrustZone

10. Are we at risk ?

11. Issues - Malwares - Ransomwares - Exploits

12. Real world Android malwares

13. AccuTrack : Turns an Android device into a GPS tracker AckPost : Steals contact information from the device and sends it to a remote server BackFlash / Crosate : Installs as a fake Flash plugin, registers as a Device administrator, and steals sensitive data BankBot : Particularly aims at stealing bank account information from dedicated apps DroidDeluxe : Exploits the device to gain root privilege and then modifies access permission of database files and collects account information

14. APK Android package : APK Zip file with .apk extension Playstore, Amazon Appstore, F-Droid Java + res + XML + Libs Android PacKage

15. Making of an APK

16. Reversing Android apps Tools and Methodologies

17. APKTOOL Reversing APKs - Compile/decompile apps - Smali code - To modify apps

18. Structure of an APK

19. assets - all the unmodified app contents AndroidManifest.xml - Generic; The app-map classes.dex - Java files’ package. The Dalvik executable [ yeah! the source ] res - All the resources ( drawables, icons, values ) lib - External/custom native libraries Resources.asrc - Compiled resources / binaries META-INF - Certificates

20. Dalvik / ART → JVM redefined → Dalvik until 4.4.4 Kitkat. ART from 5.0 Lollipop → Executes dex → Dalvik - JIT, ART - AOT

21. DEX Dalvik Executable > Dalvik’s bytecode > java classes > Easy to debug

22. Tools

23. ADB Android Debug Bridge - Android tool - Drop shells, files - Access partitions - Install applications

24. Dex2Jar The source - Small in size - Any platform - Extracts compiled classes out of the dex - Easy to use

25. Demo

26. Workaround ? → Check permissions → Trusted app sources → Use ‘ anti-malware ’ apps

27. Glossary - aapt : Android Asset Packaging Tool. - dex : Dalvik executable. - dx : Tool within the Android SDK used to convert the jar files into dex files. - R.java : A class with static methods to reference all the resources.

28. In-depth Introduction to Android Permission Model Android Internals by Karim Yaghmour Logcat Security Issue Dalvik and ART Dex2jar, ADB, APK Tool DexGuard obfuscator Dalvik opcodes OWASP Seraphimdroid References

29. Thank You

Dissecting Android APK

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Dissecting Android APK

Similar to Dissecting Android APK (20)

More from Cysinfo Cyber Security Community

More from Cysinfo Cyber Security Community (20)

Recently uploaded

Recently uploaded (20)

Dissecting Android APK