SlideShare a Scribd company logo

Experimental android hacking using reflection

SeongJae Park
SeongJae Park

This document discusses using reflection in Android to access hidden and restricted features. It describes how Android separates interfaces for third-party and built-in apps. It then explains how reflection can be used to change the interface and allow third-party apps to access features usually only available to built-in apps, with examples of how to end a call via reflection. However, it notes reflection has limitations like performance overhead and may not work on all devices.

TechnologyEducation
1 of 10
Download to read offline
Experimental Android Hacking Using Reflection SeongJae Park, Heon Yeom, Seoul National University
Hidden Android Features Unsecure, Or Unmatured Features Hidden From Developers Need Such Features On Lots Of Researching
Rooting / System Modification ● Pros ○ Able to Use Hidden Features ○ No Limitation At All ● Cons ○ Environment Is Different With Real Market Device
How Android Hide Features 3rd Party Application Use SDK Framework Interface Built-in Application Uses Built-in Framework Interface SDK Framework Interface != Built-in Framework Interface
Android Basic Structure 3rd Party Developer Application Built-in Application SDK Framework Interface Built-in Framework Interface On-Device Framework Binder System Process System Process Device System Process
Java Reflection ● Examine or Modify Behavior Of Application ○ Type Checking ○ Debugging ○ Test
Java Reflection ● Pros ○ Unlimited Freedom ● Cons ○ Performance Overhead ○ Weak Security Available ○ Unexpected Side-Effect
Android Hacking Using Reflection Change SDK Framework Interface into OnDevice Framework Interface 3rd Party Developer Application Built-in Application SDK Framework Interface Built-in Framework Interface Reflection On-Device Framework
Android Hacking Using Reflection TelephonyMaanger telephonyManager = (TelephonyManager)getSystemService( Context.TELEPHONY_SERVICE); try { Class c = Class.forName(telephonyManager. getClass().getName()); Method m = c.getDeclaredMethod("getITelephony"); m.setAccessible(true); ITelephony telephony = (ITelephony)m.invoke( telephonyManager); telephony.endCall(); } catch (Throwable e) {}
Restriction Of Reflection Using Hack ● Performance Overhead ● May Not Success On Every Machine ○ Manufacturer’s Device Use Modified Android ● May Not Success On Latest Android

Recommended

Android reverse engineering
Android reverse engineeringAndroid reverse engineering
Android reverse engineering
Muhammad Dzikri Ramdhani
 
Software Testing and Quality Assurance (Error, Bug, Fault)
Software Testing and Quality Assurance (Error, Bug, Fault)Software Testing and Quality Assurance (Error, Bug, Fault)
Software Testing and Quality Assurance (Error, Bug, Fault)
Yogesh Late
 
Software testing
Software testing Software testing
Software testing
MadeEasyCTC
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android Security
Asanka Dilruk
 
expBSIT (1) (1)
expBSIT (1) (1)expBSIT (1) (1)
expBSIT (1) (1)Tilli Buchanan
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depth
Sander Alberink
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security model
Pragati Rai
 
Why do we test software?
Why do we test software?Why do we test software?
Why do we test software?
Md. Shafiuzzaman Hira
 

Recommended

Android reverse engineering
Android reverse engineeringAndroid reverse engineering
Android reverse engineering
Muhammad Dzikri Ramdhani
 
Software Testing and Quality Assurance (Error, Bug, Fault)
Software Testing and Quality Assurance (Error, Bug, Fault)Software Testing and Quality Assurance (Error, Bug, Fault)
Software Testing and Quality Assurance (Error, Bug, Fault)
Yogesh Late
 
Software testing
Software testing Software testing
Software testing
MadeEasyCTC
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android Security
Asanka Dilruk
 
expBSIT (1) (1)
expBSIT (1) (1)expBSIT (1) (1)
expBSIT (1) (1)Tilli Buchanan
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depth
Sander Alberink
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security model
Pragati Rai
 
Why do we test software?
Why do we test software?Why do we test software?
Why do we test software?
Md. Shafiuzzaman Hira
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and Security
Kelwin Yang
 
Android security
Android securityAndroid security
Android security
Mobile Rtpl
 
Testing Android apps with Robotium
Testing Android apps with RobotiumTesting Android apps with Robotium
Testing Android apps with RobotiumStephen Gilmore
 
Android security
Android securityAndroid security
Android securityMidhun P Gopi
 
Resume jyoti gupta
Resume jyoti guptaResume jyoti gupta
Resume jyoti gupta
Er Jyoti Gupta
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Stephan Chenette
 
Issue Tracking
Issue TrackingIssue Tracking
Issue TrackingSoftware Sustainability Institute
 
Android Security
Android SecurityAndroid Security
Android Security
Suminda Gunawardhana
 
5 Ways to Reduce 3rd Party Developer Risk
5 Ways to Reduce 3rd Party Developer Risk5 Ways to Reduce 3rd Party Developer Risk
5 Ways to Reduce 3rd Party Developer Risk
Security Innovation
 
Deep or dark web
Deep or dark webDeep or dark web
Deep or dark web
Shubham .
 
Learning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorialLearning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorial
Landice Fu
 
Hyperloop
HyperloopHyperloop
Hyperloop
manikanta malla
 
Kali Linux
Kali LinuxKali Linux
Kali Linux
Chanchal Dabriya
 
Search Engine Powerpoint
Search Engine PowerpointSearch Engine Powerpoint
Search Engine Powerpoint201014161
 
My Top 10 slides on presentations
My Top 10 slides on presentationsMy Top 10 slides on presentations
My Top 10 slides on presentations
Alexei Kapterev
 
The Minimum Loveable Product
The Minimum Loveable ProductThe Minimum Loveable Product
The Minimum Loveable Product
The Happy Startup School
 
How I got 2.5 Million views on Slideshare (by @nickdemey - Board of Innovation)
How I got 2.5 Million views on Slideshare (by @nickdemey - Board of Innovation)How I got 2.5 Million views on Slideshare (by @nickdemey - Board of Innovation)
How I got 2.5 Million views on Slideshare (by @nickdemey - Board of Innovation)
Board of Innovation
 
The Seven Deadly Social Media Sins
The Seven Deadly Social Media SinsThe Seven Deadly Social Media Sins
The Seven Deadly Social Media Sins
XPLAIN
 
Five Killer Ways to Design The Same Slide
Five Killer Ways to Design The Same SlideFive Killer Ways to Design The Same Slide
Five Killer Ways to Design The Same SlideCrispy Presentations
 
How People Really Hold and Touch (their Phones)
How People Really Hold and Touch (their Phones)How People Really Hold and Touch (their Phones)
How People Really Hold and Touch (their Phones)
Steven Hoober
 
Upworthy: 10 Ways To Win The Internets
Upworthy: 10 Ways To Win The InternetsUpworthy: 10 Ways To Win The Internets
Upworthy: 10 Ways To Win The Internets
Upworthy
 
What 33 Successful Entrepreneurs Learned From Failure
What 33 Successful Entrepreneurs Learned From FailureWhat 33 Successful Entrepreneurs Learned From Failure
What 33 Successful Entrepreneurs Learned From Failure
ReferralCandy
 

More Related Content

What's hot

Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and Security
Kelwin Yang
 
Android security
Android securityAndroid security
Android security
Mobile Rtpl
 
Testing Android apps with Robotium
Testing Android apps with RobotiumTesting Android apps with Robotium
Testing Android apps with RobotiumStephen Gilmore
 
Resume jyoti gupta
Resume jyoti guptaResume jyoti gupta
Resume jyoti gupta
Er Jyoti Gupta
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Stephan Chenette
 
Android Security
Android SecurityAndroid Security
Android Security
Suminda Gunawardhana
 
5 Ways to Reduce 3rd Party Developer Risk
5 Ways to Reduce 3rd Party Developer Risk5 Ways to Reduce 3rd Party Developer Risk
5 Ways to Reduce 3rd Party Developer Risk
Security Innovation
 

What's hot (9)

Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and Security
 
Android security
Android securityAndroid security
Android security
 
Testing Android apps with Robotium
Testing Android apps with RobotiumTesting Android apps with Robotium
Testing Android apps with Robotium
 
Android security
Android securityAndroid security
Android security
 
Resume jyoti gupta
Resume jyoti guptaResume jyoti gupta
Resume jyoti gupta
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013
 
Issue Tracking
Issue TrackingIssue Tracking
Issue Tracking
 
Android Security
Android SecurityAndroid Security
Android Security
 
5 Ways to Reduce 3rd Party Developer Risk
5 Ways to Reduce 3rd Party Developer Risk5 Ways to Reduce 3rd Party Developer Risk
5 Ways to Reduce 3rd Party Developer Risk
 

Viewers also liked

Deep or dark web
Deep or dark webDeep or dark web
Deep or dark web
Shubham .
 
Learning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorialLearning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorial
Landice Fu
 
Hyperloop
HyperloopHyperloop
Hyperloop
manikanta malla
 
Kali Linux
Kali LinuxKali Linux
Kali Linux
Chanchal Dabriya
 
Search Engine Powerpoint
Search Engine PowerpointSearch Engine Powerpoint
Search Engine Powerpoint201014161
 
My Top 10 slides on presentations
My Top 10 slides on presentationsMy Top 10 slides on presentations
My Top 10 slides on presentations
Alexei Kapterev
 
The Minimum Loveable Product
The Minimum Loveable ProductThe Minimum Loveable Product
The Minimum Loveable Product
The Happy Startup School
 
How I got 2.5 Million views on Slideshare (by @nickdemey - Board of Innovation)
How I got 2.5 Million views on Slideshare (by @nickdemey - Board of Innovation)How I got 2.5 Million views on Slideshare (by @nickdemey - Board of Innovation)
How I got 2.5 Million views on Slideshare (by @nickdemey - Board of Innovation)
Board of Innovation
 
The Seven Deadly Social Media Sins
The Seven Deadly Social Media SinsThe Seven Deadly Social Media Sins
The Seven Deadly Social Media Sins
XPLAIN
 
Five Killer Ways to Design The Same Slide
Five Killer Ways to Design The Same SlideFive Killer Ways to Design The Same Slide
Five Killer Ways to Design The Same SlideCrispy Presentations
 
How People Really Hold and Touch (their Phones)
How People Really Hold and Touch (their Phones)How People Really Hold and Touch (their Phones)
How People Really Hold and Touch (their Phones)
Steven Hoober
 
Upworthy: 10 Ways To Win The Internets
Upworthy: 10 Ways To Win The InternetsUpworthy: 10 Ways To Win The Internets
Upworthy: 10 Ways To Win The Internets
Upworthy
 
What 33 Successful Entrepreneurs Learned From Failure
What 33 Successful Entrepreneurs Learned From FailureWhat 33 Successful Entrepreneurs Learned From Failure
What 33 Successful Entrepreneurs Learned From Failure
ReferralCandy
 
Design Your Career 2018
Design Your Career 2018Design Your Career 2018
Design Your Career 2018
Slides That Rock
 
Why Content Marketing Fails
Why Content Marketing FailsWhy Content Marketing Fails
Why Content Marketing FailsRand Fishkin
 
The History of SEO
The History of SEOThe History of SEO
The History of SEO
HubSpot
 
How To (Really) Get Into Marketing
How To (Really) Get Into MarketingHow To (Really) Get Into Marketing
How To (Really) Get Into Marketing
Ed Fry
 
The What If Technique presented by Motivate Design
The What If Technique presented by Motivate DesignThe What If Technique presented by Motivate Design
The What If Technique presented by Motivate Design
Motivate Design
 
Displaying Data
Displaying DataDisplaying Data
Displaying Data
Bipul Deb Nath
 
10 Powerful Body Language Tips for your next Presentation
10 Powerful Body Language Tips for your next Presentation10 Powerful Body Language Tips for your next Presentation
10 Powerful Body Language Tips for your next Presentation
SOAP Presentations
 

Viewers also liked (20)

Deep or dark web
Deep or dark webDeep or dark web
Deep or dark web
 
Learning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorialLearning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorial
 
Hyperloop
HyperloopHyperloop
Hyperloop
 
Kali Linux
Kali LinuxKali Linux
Kali Linux
 
Search Engine Powerpoint
Search Engine PowerpointSearch Engine Powerpoint
Search Engine Powerpoint
 
My Top 10 slides on presentations
My Top 10 slides on presentationsMy Top 10 slides on presentations
My Top 10 slides on presentations
 
The Minimum Loveable Product
The Minimum Loveable ProductThe Minimum Loveable Product
The Minimum Loveable Product
 
How I got 2.5 Million views on Slideshare (by @nickdemey - Board of Innovation)
How I got 2.5 Million views on Slideshare (by @nickdemey - Board of Innovation)How I got 2.5 Million views on Slideshare (by @nickdemey - Board of Innovation)
How I got 2.5 Million views on Slideshare (by @nickdemey - Board of Innovation)
 
The Seven Deadly Social Media Sins
The Seven Deadly Social Media SinsThe Seven Deadly Social Media Sins
The Seven Deadly Social Media Sins
 
Five Killer Ways to Design The Same Slide
Five Killer Ways to Design The Same SlideFive Killer Ways to Design The Same Slide
Five Killer Ways to Design The Same Slide
 
How People Really Hold and Touch (their Phones)
How People Really Hold and Touch (their Phones)How People Really Hold and Touch (their Phones)
How People Really Hold and Touch (their Phones)
 
Upworthy: 10 Ways To Win The Internets
Upworthy: 10 Ways To Win The InternetsUpworthy: 10 Ways To Win The Internets
Upworthy: 10 Ways To Win The Internets
 
What 33 Successful Entrepreneurs Learned From Failure
What 33 Successful Entrepreneurs Learned From FailureWhat 33 Successful Entrepreneurs Learned From Failure
What 33 Successful Entrepreneurs Learned From Failure
 
Design Your Career 2018
Design Your Career 2018Design Your Career 2018
Design Your Career 2018
 
Why Content Marketing Fails
Why Content Marketing FailsWhy Content Marketing Fails
Why Content Marketing Fails
 
The History of SEO
The History of SEOThe History of SEO
The History of SEO
 
How To (Really) Get Into Marketing
How To (Really) Get Into MarketingHow To (Really) Get Into Marketing
How To (Really) Get Into Marketing
 
The What If Technique presented by Motivate Design
The What If Technique presented by Motivate DesignThe What If Technique presented by Motivate Design
The What If Technique presented by Motivate Design
 
Displaying Data
Displaying DataDisplaying Data
Displaying Data
 
10 Powerful Body Language Tips for your next Presentation
10 Powerful Body Language Tips for your next Presentation10 Powerful Body Language Tips for your next Presentation
10 Powerful Body Language Tips for your next Presentation
 

Similar to Experimental android hacking using reflection

Code Obfuscation for Android & WP7
Code Obfuscation for Android & WP7Code Obfuscation for Android & WP7
Code Obfuscation for Android & WP7
Jeff Bollinger
 
Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...
Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...
Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...
DicodingEvent
 
YuryMakedonov_TesTrek2013_AndroidTesting_12u_slides
YuryMakedonov_TesTrek2013_AndroidTesting_12u_slidesYuryMakedonov_TesTrek2013_AndroidTesting_12u_slides
YuryMakedonov_TesTrek2013_AndroidTesting_12u_slidesYury M
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android Infections
Aditya K Sood
 
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Codemotion
 
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
Ron Munitz
 
MyFacebook (social Networking )
MyFacebook (social Networking )MyFacebook (social Networking )
MyFacebook (social Networking )
Shalikram Patel
 
CNIT 128: 7. Attacking Android Applications (Part 1 of 3)
CNIT 128: 7. Attacking Android Applications (Part 1 of 3)CNIT 128: 7. Attacking Android Applications (Part 1 of 3)
CNIT 128: 7. Attacking Android Applications (Part 1 of 3)
Sam Bowne
 
Hierarchy Viewer Internals
Hierarchy Viewer InternalsHierarchy Viewer Internals
Hierarchy Viewer Internals
Kyungmin Lee
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentesting
Minali Arora
 
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...
AliAlwesabi
 
Fight back android fragmentation
Fight back android fragmentationFight back android fragmentation
Fight back android fragmentation
Bitbar
 
CNIT 128 7. Attacking Android Applications (Part 1)
CNIT 128 7. Attacking Android Applications (Part 1)CNIT 128 7. Attacking Android Applications (Part 1)
CNIT 128 7. Attacking Android Applications (Part 1)
Sam Bowne
 
Final year project proposal
Final year project proposalFinal year project proposal
Final year project proposal
qadeer khan
 
Clean architecture on android
Clean architecture on androidClean architecture on android
Clean architecture on android
Benjamin Cheng
 
Pooran singh profile
Pooran singh profilePooran singh profile
Pooran singh profile
Pooran Singh Rathore
 
Getting started with android
Getting started with androidGetting started with android
Getting started with android
Vandana Verma
 
Android Jump Start
Android Jump StartAndroid Jump Start
Android Jump Start
Haim Michael
 
The Ultimate Android Security Checklist (Mdevcon 2014)
The Ultimate Android Security Checklist (Mdevcon 2014)The Ultimate Android Security Checklist (Mdevcon 2014)
The Ultimate Android Security Checklist (Mdevcon 2014)
Ron Munitz
 
Ppt of tutorial android app
Ppt of tutorial android appPpt of tutorial android app
Ppt of tutorial android app
Dharmendra Saini
 

Similar to Experimental android hacking using reflection (20)

Code Obfuscation for Android & WP7
Code Obfuscation for Android & WP7Code Obfuscation for Android & WP7
Code Obfuscation for Android & WP7
 
Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...
Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...
Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...
 
YuryMakedonov_TesTrek2013_AndroidTesting_12u_slides
YuryMakedonov_TesTrek2013_AndroidTesting_12u_slidesYuryMakedonov_TesTrek2013_AndroidTesting_12u_slides
YuryMakedonov_TesTrek2013_AndroidTesting_12u_slides
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android Infections
 
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
 
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
 
MyFacebook (social Networking )
MyFacebook (social Networking )MyFacebook (social Networking )
MyFacebook (social Networking )
 
CNIT 128: 7. Attacking Android Applications (Part 1 of 3)
CNIT 128: 7. Attacking Android Applications (Part 1 of 3)CNIT 128: 7. Attacking Android Applications (Part 1 of 3)
CNIT 128: 7. Attacking Android Applications (Part 1 of 3)
 
Hierarchy Viewer Internals
Hierarchy Viewer InternalsHierarchy Viewer Internals
Hierarchy Viewer Internals
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentesting
 
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...
 
Fight back android fragmentation
Fight back android fragmentationFight back android fragmentation
Fight back android fragmentation
 
CNIT 128 7. Attacking Android Applications (Part 1)
CNIT 128 7. Attacking Android Applications (Part 1)CNIT 128 7. Attacking Android Applications (Part 1)
CNIT 128 7. Attacking Android Applications (Part 1)
 
Final year project proposal
Final year project proposalFinal year project proposal
Final year project proposal
 
Clean architecture on android
Clean architecture on androidClean architecture on android
Clean architecture on android
 
Pooran singh profile
Pooran singh profilePooran singh profile
Pooran singh profile
 
Getting started with android
Getting started with androidGetting started with android
Getting started with android
 
Android Jump Start
Android Jump StartAndroid Jump Start
Android Jump Start
 
The Ultimate Android Security Checklist (Mdevcon 2014)
The Ultimate Android Security Checklist (Mdevcon 2014)The Ultimate Android Security Checklist (Mdevcon 2014)
The Ultimate Android Security Checklist (Mdevcon 2014)
 
Ppt of tutorial android app
Ppt of tutorial android appPpt of tutorial android app
Ppt of tutorial android app
 

More from SeongJae Park

Biscuit: an operating system written in go
Biscuit: an operating system written in goBiscuit: an operating system written in go
Biscuit: an operating system written in go
SeongJae Park
 
GCMA: Guaranteed Contiguous Memory Allocator
GCMA: Guaranteed Contiguous Memory AllocatorGCMA: Guaranteed Contiguous Memory Allocator
GCMA: Guaranteed Contiguous Memory Allocator
SeongJae Park
 
Linux Kernel Memory Model
Linux Kernel Memory ModelLinux Kernel Memory Model
Linux Kernel Memory Model
SeongJae Park
 
An Introduction to the Formalised Memory Model for Linux Kernel
An Introduction to the Formalised Memory Model for Linux KernelAn Introduction to the Formalised Memory Model for Linux Kernel
An Introduction to the Formalised Memory Model for Linux Kernel
SeongJae Park
 
Design choices of golang for high scalability
Design choices of golang for high scalabilityDesign choices of golang for high scalability
Design choices of golang for high scalability
SeongJae Park
 
Brief introduction to kselftest
Brief introduction to kselftestBrief introduction to kselftest
Brief introduction to kselftest
SeongJae Park
 
Understanding of linux kernel memory model
Understanding of linux kernel memory modelUnderstanding of linux kernel memory model
Understanding of linux kernel memory model
SeongJae Park
 
Let the contribution begin (EST futures)
Let the contribution begin (EST futures)Let the contribution begin (EST futures)
Let the contribution begin (EST futures)
SeongJae Park
 
Porting golang development environment developed with golang
Porting golang development environment developed with golangPorting golang development environment developed with golang
Porting golang development environment developed with golang
SeongJae Park
 
gcma: guaranteed contiguous memory allocator
gcma: guaranteed contiguous memory allocatorgcma: guaranteed contiguous memory allocator
gcma: guaranteed contiguous memory allocator
SeongJae Park
 
An introduction to_golang.avi
An introduction to_golang.aviAn introduction to_golang.avi
An introduction to_golang.avi
SeongJae Park
 
Develop Android/iOS app using golang
Develop Android/iOS app using golangDevelop Android/iOS app using golang
Develop Android/iOS app using golang
SeongJae Park
 
Develop Android app using Golang
Develop Android app using GolangDevelop Android app using Golang
Develop Android app using Golang
SeongJae Park
 
Sw install with_without_docker
Sw install with_without_dockerSw install with_without_docker
Sw install with_without_docker
SeongJae Park
 
Git inter-snapshot public
Git inter-snapshot publicGit inter-snapshot public
Git inter-snapshot public
SeongJae Park
 
(Live) build and run golang web server on android.avi
(Live) build and run golang web server on android.avi(Live) build and run golang web server on android.avi
(Live) build and run golang web server on android.avi
SeongJae Park
 
Deep dark-side of git: How git works internally
Deep dark-side of git: How git works internallyDeep dark-side of git: How git works internally
Deep dark-side of git: How git works internally
SeongJae Park
 
Deep dark side of git - prologue
Deep dark side of git - prologueDeep dark side of git - prologue
Deep dark side of git - prologueSeongJae Park
 
DO YOU WANT TO USE A VCS
DO YOU WANT TO USE A VCSDO YOU WANT TO USE A VCS
DO YOU WANT TO USE A VCS
SeongJae Park
 
ash
ashash
ash
SeongJae Park
 

More from SeongJae Park (20)

Biscuit: an operating system written in go
Biscuit: an operating system written in goBiscuit: an operating system written in go
Biscuit: an operating system written in go
 
GCMA: Guaranteed Contiguous Memory Allocator
GCMA: Guaranteed Contiguous Memory AllocatorGCMA: Guaranteed Contiguous Memory Allocator
GCMA: Guaranteed Contiguous Memory Allocator
 
Linux Kernel Memory Model
Linux Kernel Memory ModelLinux Kernel Memory Model
Linux Kernel Memory Model
 
An Introduction to the Formalised Memory Model for Linux Kernel
An Introduction to the Formalised Memory Model for Linux KernelAn Introduction to the Formalised Memory Model for Linux Kernel
An Introduction to the Formalised Memory Model for Linux Kernel
 
Design choices of golang for high scalability
Design choices of golang for high scalabilityDesign choices of golang for high scalability
Design choices of golang for high scalability
 
Brief introduction to kselftest
Brief introduction to kselftestBrief introduction to kselftest
Brief introduction to kselftest
 
Understanding of linux kernel memory model
Understanding of linux kernel memory modelUnderstanding of linux kernel memory model
Understanding of linux kernel memory model
 
Let the contribution begin (EST futures)
Let the contribution begin (EST futures)Let the contribution begin (EST futures)
Let the contribution begin (EST futures)
 
Porting golang development environment developed with golang
Porting golang development environment developed with golangPorting golang development environment developed with golang
Porting golang development environment developed with golang
 
gcma: guaranteed contiguous memory allocator
gcma: guaranteed contiguous memory allocatorgcma: guaranteed contiguous memory allocator
gcma: guaranteed contiguous memory allocator
 
An introduction to_golang.avi
An introduction to_golang.aviAn introduction to_golang.avi
An introduction to_golang.avi
 
Develop Android/iOS app using golang
Develop Android/iOS app using golangDevelop Android/iOS app using golang
Develop Android/iOS app using golang
 
Develop Android app using Golang
Develop Android app using GolangDevelop Android app using Golang
Develop Android app using Golang
 
Sw install with_without_docker
Sw install with_without_dockerSw install with_without_docker
Sw install with_without_docker
 
Git inter-snapshot public
Git inter-snapshot publicGit inter-snapshot public
Git inter-snapshot public
 
(Live) build and run golang web server on android.avi
(Live) build and run golang web server on android.avi(Live) build and run golang web server on android.avi
(Live) build and run golang web server on android.avi
 
Deep dark-side of git: How git works internally
Deep dark-side of git: How git works internallyDeep dark-side of git: How git works internally
Deep dark-side of git: How git works internally
 
Deep dark side of git - prologue
Deep dark side of git - prologueDeep dark side of git - prologue
Deep dark side of git - prologue
 
DO YOU WANT TO USE A VCS
DO YOU WANT TO USE A VCSDO YOU WANT TO USE A VCS
DO YOU WANT TO USE A VCS
 
ash
ashash
ash
 

Recently uploaded

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 

Recently uploaded (20)

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 

Experimental android hacking using reflection

  • 1. Experimental Android Hacking Using Reflection SeongJae Park, Heon Yeom, Seoul National University
  • 2. Hidden Android Features Unsecure, Or Unmatured Features Hidden From Developers Need Such Features On Lots Of Researching
  • 3. Rooting / System Modification ● Pros ○ Able to Use Hidden Features ○ No Limitation At All ● Cons ○ Environment Is Different With Real Market Device
  • 4. How Android Hide Features 3rd Party Application Use SDK Framework Interface Built-in Application Uses Built-in Framework Interface SDK Framework Interface != Built-in Framework Interface
  • 5. Android Basic Structure 3rd Party Developer Application Built-in Application SDK Framework Interface Built-in Framework Interface On-Device Framework Binder System Process System Process Device System Process
  • 6. Java Reflection ● Examine or Modify Behavior Of Application ○ Type Checking ○ Debugging ○ Test
  • 7. Java Reflection ● Pros ○ Unlimited Freedom ● Cons ○ Performance Overhead ○ Weak Security Available ○ Unexpected Side-Effect
  • 8. Android Hacking Using Reflection Change SDK Framework Interface into OnDevice Framework Interface 3rd Party Developer Application Built-in Application SDK Framework Interface Built-in Framework Interface Reflection On-Device Framework
  • 9. Android Hacking Using Reflection TelephonyMaanger telephonyManager = (TelephonyManager)getSystemService( Context.TELEPHONY_SERVICE); try { Class c = Class.forName(telephonyManager. getClass().getName()); Method m = c.getDeclaredMethod("getITelephony"); m.setAccessible(true); ITelephony telephony = (ITelephony)m.invoke( telephonyManager); telephony.endCall(); } catch (Throwable e) {}
  • 10. Restriction Of Reflection Using Hack ● Performance Overhead ● May Not Success On Every Machine ○ Manufacturer’s Device Use Modified Android ● May Not Success On Latest Android