Dive deep into the internals of Android in this two-part, 150-minute class. You will explore the wonders of Dalvik bytecode, smali syntax, decompilation tools, patching techniques, and common methods you can use to (try to) protect your apps.
Extremely hands-on, you'll be downloading a very popular app, modifying it, and messing around with its behavior. Even if you're not that interested in APK hacking, you'll leave this class with the sort of deep appreciation for Dalvik that makes good Android developers great.
Hacking for Fun and Profit (Mostly for Fun). AnDevCon BostonApkudo
Dive deep into the internals of Android in this two-part, 150-minute class. You will explore the wonders of Dalvik bytecode, smali syntax, decompilation tools, patching techniques, and common methods you can use to (try to) protect your apps.
Extremely hands-on, you'll be downloading a very popular app, modifying it, and messing around with its behavior. Even if you're not that interested in APK hacking, you'll leave this class with the sort of deep appreciation for Dalvik that makes good Android developers great.
Who Needs Thumbs? Reverse Engineering Scramble With FriendsApkudo
Apkudo's AnDevCon III class, "Who Needs Thumbs? Reverse Engineering Scramble With Friends: Part 1" This class was presented on May 15, 2012 by Apkudo's App Analytics Engineer, David Teitelbaum, and CEO, Josh Matthews.
A lot of people use Docker/rkt, but very often we do not have time to actually understand how they work. So today in half-hour I will show you in a nutshell how that works. My hope is that even after you know how to build a container engine, I can still convince you that the existing tools are worth spending $MM to create and use.
During one of my personal projects I decided to study the internals of Android and the potential of altering the Dalvik VM (e.g. Xposed framework and Cydia) and application behaviour. Not going into detail about runtime hooking of constructors and classes like these two tools provide, I also explored the possibility of reverse engineering and modifying existing applications.
In the web you can find multiple tutorials on Android reverse engineering of applications but not many that do it with real applications that are often subject to obfuscation or with complex execution flows. So in order to learn I decided to pick a common application such as Skype and do the following:
decompile it
study contents and completely remove some functionality (e.g. ads)
change some resources (not described in presentation bellow)
recompile, sign and install.
Used tools include :
apktool – for (de)compiling android applications
jarsigner – for signing android applications
xposed – for intercepting runtime execution flow (will make public in future)
The following presentation describes the steps taken in order to completely remove the ads from skype. This includes any computation or data plan usage the ads consume. Please note the disclaimer of the presentation as this information is for educational purposes only.
Check my website : www.marioalmeida.eu
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1Ihu917.
Jafar Husain shows the Reactive Extensions (Rx) library which allows to treat events as collections, how Netflix uses Rx on the client and the server, allowing to build end-to-end reactive systems. Filmed at qconsf.com.
Jafar Husain developed software for companies like GE, Microsoft, and Netflix. He specializes in building web servers and clients using functional reactive programming, and was the first user of the Reactive Extensions Framework. He's also responsible for "Falkor", a RESTful data access framework that powers most Netflix clients.
Hacking for Fun and Profit (Mostly for Fun). AnDevCon BostonApkudo
Dive deep into the internals of Android in this two-part, 150-minute class. You will explore the wonders of Dalvik bytecode, smali syntax, decompilation tools, patching techniques, and common methods you can use to (try to) protect your apps.
Extremely hands-on, you'll be downloading a very popular app, modifying it, and messing around with its behavior. Even if you're not that interested in APK hacking, you'll leave this class with the sort of deep appreciation for Dalvik that makes good Android developers great.
Who Needs Thumbs? Reverse Engineering Scramble With FriendsApkudo
Apkudo's AnDevCon III class, "Who Needs Thumbs? Reverse Engineering Scramble With Friends: Part 1" This class was presented on May 15, 2012 by Apkudo's App Analytics Engineer, David Teitelbaum, and CEO, Josh Matthews.
A lot of people use Docker/rkt, but very often we do not have time to actually understand how they work. So today in half-hour I will show you in a nutshell how that works. My hope is that even after you know how to build a container engine, I can still convince you that the existing tools are worth spending $MM to create and use.
During one of my personal projects I decided to study the internals of Android and the potential of altering the Dalvik VM (e.g. Xposed framework and Cydia) and application behaviour. Not going into detail about runtime hooking of constructors and classes like these two tools provide, I also explored the possibility of reverse engineering and modifying existing applications.
In the web you can find multiple tutorials on Android reverse engineering of applications but not many that do it with real applications that are often subject to obfuscation or with complex execution flows. So in order to learn I decided to pick a common application such as Skype and do the following:
decompile it
study contents and completely remove some functionality (e.g. ads)
change some resources (not described in presentation bellow)
recompile, sign and install.
Used tools include :
apktool – for (de)compiling android applications
jarsigner – for signing android applications
xposed – for intercepting runtime execution flow (will make public in future)
The following presentation describes the steps taken in order to completely remove the ads from skype. This includes any computation or data plan usage the ads consume. Please note the disclaimer of the presentation as this information is for educational purposes only.
Check my website : www.marioalmeida.eu
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1Ihu917.
Jafar Husain shows the Reactive Extensions (Rx) library which allows to treat events as collections, how Netflix uses Rx on the client and the server, allowing to build end-to-end reactive systems. Filmed at qconsf.com.
Jafar Husain developed software for companies like GE, Microsoft, and Netflix. He specializes in building web servers and clients using functional reactive programming, and was the first user of the Reactive Extensions Framework. He's also responsible for "Falkor", a RESTful data access framework that powers most Netflix clients.
Functional Reactive Programming in the Netflix APIC4Media
Video and slides synchronized, mp3 and slide download available at http://bit.ly/XRdkqc.
Ben Christensen describes how Neflix has optimized their API using a functional reactive programming (modeled after Rx) in a polyglot Java stack. Filmed at qconlondon.com.
Ben Christensen is a software engineer on the Netflix API Platform team responsible for fault tolerance, performance, architecture and scale while enabling millions of customers to access the Netflix experience across more than 800 different device types. Prior to Netflix, Ben was at Apple in the iTunes division making iOS apps and media available to the world. Twitter: @benjchristensen
Android applications are an interesting target for
reverse engineering. They are written in Java, which is tradi-
tionally good to decompile and are executed by Google’s custom
Java virtual machine, making them interesting to study. In this
paper we present the basic methods and approaches as well as
the necessary tools to reverse engineer Android applications. We
discuss how to change Android applications and show alternative
approaches including man-in-the-middle attacks and automation.
(Presentation at HITcon 2011) This talk introduces how to do Android application reverse engineering by real example. And, it covers the advanced topics like optimized DEX and JNI.
With growth in app market it is essential to guard our android apps against possible threats, in this presentation we will walk through various tools and techniques which some one can use to reverse engineer an android app, we will see how some one can get access to APP DB, CODE, API, PREFERENCES.
We will also see different tools and techniques to guard our app against possible threats from code obfuscation with tools like dexgaurd to newer methods like verification of api calls using google play services.
This session was taken in Barcamp 13 bangalore http://barcampbangalore.org/bcb/bcb13/reverse-engineering-an-android-app-securing-your-android-apps-against-attacks
and bangalore android user group meetup Jan meetup http://www.meetup.com/blrdroid/events/100360682/
Understanding and extending p2 for fun and profitPascal Rapicault
In a tutorial style, this detailed presentation covers all the major aspects of p2. It ranges from the simple usage of product delivery to an in-depth presentation of the p2 concepts.
Java Bytecode Crash Course [Code One 2019]David Buck
Java bytecode lies at the foundation of the the entire Java ecosystem. Regardless of what language and tools you use, if you run on the JVM, you’re using Java bytecode. Although understanding bytecode is not a requirement for all developers, a deeper understanding of how your code runs on the JVM can make understanding and resolving certain types of issues much easier. Understanding bytecode also opens the door to more-advanced techniques such as bytecode instrumentation via JVMTI and writing your own Java agent. This session starts at the very beginning and covers all the basics, with a heavy emphasis on examples.
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ZongXian Shen
The design memo and hack note of ProbeDroid
A dynamic binary instrumentation kit targeting Android(Lollipop) 5.0 and above
This is the first complete draft.
Improved version will be updated in a few days.
Reverse engineering and instrumentation of android appsGaurav Lochan
Our product (Little Eye Labs) is a performance monitoring and optimization tool for Android apps.
We wanted to expose detailed network usage information from the app, and we explored binary instrumentation as a way to do this.
The presentation covers many learnings from the process - what are different reverse engineering tools on android, which ones specifically help with instrumentation, and a link to some of the source code from this process.
Functional Reactive Programming in the Netflix APIC4Media
Video and slides synchronized, mp3 and slide download available at http://bit.ly/XRdkqc.
Ben Christensen describes how Neflix has optimized their API using a functional reactive programming (modeled after Rx) in a polyglot Java stack. Filmed at qconlondon.com.
Ben Christensen is a software engineer on the Netflix API Platform team responsible for fault tolerance, performance, architecture and scale while enabling millions of customers to access the Netflix experience across more than 800 different device types. Prior to Netflix, Ben was at Apple in the iTunes division making iOS apps and media available to the world. Twitter: @benjchristensen
Android applications are an interesting target for
reverse engineering. They are written in Java, which is tradi-
tionally good to decompile and are executed by Google’s custom
Java virtual machine, making them interesting to study. In this
paper we present the basic methods and approaches as well as
the necessary tools to reverse engineer Android applications. We
discuss how to change Android applications and show alternative
approaches including man-in-the-middle attacks and automation.
(Presentation at HITcon 2011) This talk introduces how to do Android application reverse engineering by real example. And, it covers the advanced topics like optimized DEX and JNI.
With growth in app market it is essential to guard our android apps against possible threats, in this presentation we will walk through various tools and techniques which some one can use to reverse engineer an android app, we will see how some one can get access to APP DB, CODE, API, PREFERENCES.
We will also see different tools and techniques to guard our app against possible threats from code obfuscation with tools like dexgaurd to newer methods like verification of api calls using google play services.
This session was taken in Barcamp 13 bangalore http://barcampbangalore.org/bcb/bcb13/reverse-engineering-an-android-app-securing-your-android-apps-against-attacks
and bangalore android user group meetup Jan meetup http://www.meetup.com/blrdroid/events/100360682/
Understanding and extending p2 for fun and profitPascal Rapicault
In a tutorial style, this detailed presentation covers all the major aspects of p2. It ranges from the simple usage of product delivery to an in-depth presentation of the p2 concepts.
Java Bytecode Crash Course [Code One 2019]David Buck
Java bytecode lies at the foundation of the the entire Java ecosystem. Regardless of what language and tools you use, if you run on the JVM, you’re using Java bytecode. Although understanding bytecode is not a requirement for all developers, a deeper understanding of how your code runs on the JVM can make understanding and resolving certain types of issues much easier. Understanding bytecode also opens the door to more-advanced techniques such as bytecode instrumentation via JVMTI and writing your own Java agent. This session starts at the very beginning and covers all the basics, with a heavy emphasis on examples.
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ZongXian Shen
The design memo and hack note of ProbeDroid
A dynamic binary instrumentation kit targeting Android(Lollipop) 5.0 and above
This is the first complete draft.
Improved version will be updated in a few days.
Reverse engineering and instrumentation of android appsGaurav Lochan
Our product (Little Eye Labs) is a performance monitoring and optimization tool for Android apps.
We wanted to expose detailed network usage information from the app, and we explored binary instrumentation as a way to do this.
The presentation covers many learnings from the process - what are different reverse engineering tools on android, which ones specifically help with instrumentation, and a link to some of the source code from this process.
It's not about dagger. It's about putting your source code to an Android binary. Yes the compiled dex code! During the presentation I will show in steps how to inject aar to apk without having original source code nor resources.
This manual is “How to Build” manual for OpenCV with OpenCL for Android.
If you want to “Use OpenCL on OpenCV” ONLY,
Please see
http://github.com/noritsuna/OpenCVwithOpenCL4AndroidNDKSample
Reverse engineering Java et contournement du mécanisme de paiement inapp AndroidJUG Lausanne
Session du 28 Septembre 2017
Android fournit une API Java pour la facturation d'achats in-app, permettant aux développeurs de vendre des fonctionnalités supplémentaires directement depuis l'application. Ce mécanisme est très souvent utilisé dans les jeux pour acheter des crédits donnant accès à du contenu supplémentaire, des bonus, etc ... Mais l'intégration du paiement est souvent mal comprise: on ne peut pas faire confiance au code tournant sur le smartphone. Ainsi, toutes les vérifications et l'obtention du contenu doivent s'effectuer côté serveur. Comme ce n'est pas très clair dans la documentation de Google, beaucoup de jeux continuent de faire la gestion côté client.
Nous allons exploiter une véritable application Android du Playstore pour obtenir des crédits gratuits. Et constater à quel point il est facile d'en faire son reverse engineering et d'identifier les validations effectuées côté client. Puis grâce au framework de hooking Xposed, nous allons écrire un hook tenant en une seule ligne de code Java permettant de contourner le paiement. Enfin, nous verrons comment patcher le bytecode de l'application (afin d'y injecter le hook) pour être ensuite capable de la distribuer très facilement.
Pour conclure, des recommandations pratiques seront données pour se prémunir de ce genre de problème en utilisant Angry Birds comme exemple.
Speaker
Jeremy Matos (@SecuringApps) a travaillé dans le domaine de la sécurité logicielle depuis plus de 10 ans en Suisse Romande. Avec une formation académique de développeur, il a conçu et participé à l'implémentation d'une solution innovante d'authentification forte mobile.
Il a également effectué des revues de code et des audits sécurité pour des sociétés dont l'utilisateur interne était l'ennemi ou craignant pour leur réputation.
Il fournit désormais des services en sécurité applicative au sein de sa propre société. Il a présenté l'année dernière au Crypto Village de la DefCon un nouveau vecteur d'attaque contre les messageries mobiles chiffrées appelé Man In The Contacts.
Il enseigne également la sécurité logicielle et les technologies blockchain pour des formations d'ingénieur en Suisse et en France.
Meetup : https://www.meetup.com/JUGL-the-Java-User-Group-of-Lausanne/events/242895293/
YouTube : https://youtu.be/mSYuM-PrCaw
https://github.com/leobenkel/Zparkio
Slides presented during the ScalaSF meetup on Thursday, March 26, 2020.
https://www.meetup.com/SF-Scala/events/268998404/
ZparkIO was on version 0.7.0 at the time, so things might be out of date.
I bet, it's not a first time when you meet a word 'serverless', but I still hope that this time I persuade you to try it out. And for those who are familiar with AWS lambdas already I have a few handy tricks and tools to share. In my presentation, I'll show how to render and deploy an isomorphic React Redux application on AWS Lambda step by step.
An OpenShift Primer for Developers to get your Code into the Cloud (PTJUG)Eric D. Schabell
Session given at the PTJUG (Portugal JUG):
Whether you're a seasoned Java developer looking to start hacking on EE6 or you just wrote your first line of Ruby yesterday, the cloud is turning out to be the perfect environment for developing applications in just about any modern language or framework. There are plenty of clouds and platform-as-a-services to choose from, but where to start? Join us for an action-packed hour of power where we'll show you how to deploy an application written in the language of your choice - Java, Ruby, PHP, Perl or Python, with the framework of your choice - EE6, CDI, Seam, Spring, Zend, Cake, Rails, Sinatra, PerlDancer or Django to the OpenShift PaaS in just minutes. And without having to rewrite your app to get it to work the way the cloud provider thinks your app should work.
Check the command-line fu as we leverage Git to onboard apps onto OpenShift Express in seconds, while also making use of the web browser do the heavy-lifting of provisioning clusters, deploying, monitoring and auto-scaling apps in OpenShift Flex.
If you want to learn how the OpenShift PaaS and investing an hour of your time can change everything you thought you knew about developing applications in the cloud, this session is for you!
Building a SMS based application involves dealing with 3rd party service providers and mobile network operators. As you can imagine, this is time consuming and, given the cost structures in place, expensive. For quick prototypes it isn't worth the hassle. While waiting for your own short code, only hope would keep you together. However, we've seen the tremendous power and reach of SMS - especially for applications around a social theme at ThoughtWorks' Social Impact Program.
EzSMS is our attempt at providing a SMS gateway that can be setup in minutes. Of course it runs on Ruby! All you need is an Android powered phone, a sim-card and data access. Thus it is very easy to prototype your apps. Gone are the days when we, Android owners, would feel alone. With Android activations outpacing births it seems that a hundred billion phones have found homes.
In this talk we'll explore Ruboto and JRuby and quickly explain how to create a simple Android application. We'll explore the internals of our application and then compare Ruboto and other Ruby flavoured mobile app development frameworks. We'll also apologize to Sting for mishearing his song "Message in a bottle" .
Liferay Italy Symposium 2015 Liferay Mobile SDK and Liferay ScreensDenis Signoretto
Liferay Italy Symposium 2015 Liferay Mobile SDK and Liferay Screens, Building and Android App with Liferay (Using Liferay as Mobile Backend and Screens for reusable mobile compoents)
This is the presentation I made at NSLondon meetup in may 2023.
Learn how to structure a full-stack mobile app using Swift and a Serverless REST API. The talk covers the fundamentals of serverless application based on APIGateway, Lambda and DynamoDB and provide a quick start guide for developing a Serverless REST API with Breeze, a Swift package developed specifically for this purpose.
Talk given at Devoxx Belgium 2018
Spring Boot is awesome. Docker is awesome. Together you can do great things. But, are you doing it the right way? We'll walk you through, in detail, the optimal way to structure Docker images for Spring Boot applications for iterative development. Structuring your Docker images correctly is really important for teams doing continuous integration and continuous delivery. Using Docker best practices, we'll show you the code and the technologies used to optimize Docker images for Spring Boot apps!
Serverless applications in Python sounds, strange isn’t? In this talk I’ll explain how to build not only crop images or select data from DynamoDB, but build real application, what kind of troubles are we should expect, how to make decision is your task fit into serverless architecture in Python or may be you should use, general approach. How fast serverless applications written in Python, and more important how to scale it.
Serverless Beyond Functions - CTO Club Made in JLMBoaz Ziniman
Serverless is changing the way businesses think about speed and cost of innovation but today, Serverless is not limited to the code running as a Lambda function.
In this session we will look into what it takes to run a full serverless application in production. We will cover additional services such as Serverless application management, storage solution for Serverless Apps, Step Functions for App orchestration and CI/CD and Monitoring for your full application lifecycle.
In an ideal world, you would write Python code and then it would work perfectly. But unfortunately, it doesn't work in this manner. In my talk, I'll cover how to efficiently debug your programs, especially in cloud environments or inside Kubernetes.