SlideShare a Scribd company logo

Reverse engineering and instrumentation of android apps

Gaurav Lochan
Gaurav Lochan

The document discusses different approaches for instrumenting Android apps to add network monitoring capabilities. It describes choosing to modify the app's dex file by disassembling it to Smali code, inserting instrumentation code, and reassembling it. This allows intercepting HTTP calls without requiring access to the app's source code or build process. The key benefits are that it works on any app and Android version without the app's code needing changes.

Technology
1 of 20
Download to read offline
Reverse engineering and instrumenting android apps Gaurav Lochan Little Eye Labs Friday 13 December 13
Outline Motivation? Instrumentation Guts of an android app Instrumentation approaches Chosen approach Friday 13 December 13
Motivation? Little Eye Measures, Analyzes and helps optimize app resource usage on Android. But network stats are aggregates only Friday 13 December 13
Motivation (2) Needed granular network stats - each endpoint/URL, Latency, Data transferred Considered different approaches Implement a VPN client app Use a proxy Looked at OS stats - didn’t find anything Java debug wire protocol (JDWP) Instrumentation Friday 13 December 13
Instrumentation ie, Rewriting parts of a binary (in this case, android app) Allows us to intercept HTTP calls, with code-level context (parameters, errors) for each call Works on any app Works on practically any android version/device Opens up a lot of exciting possibilities... Friday 13 December 13
Instrumentation (2) Can be: Static or Runtime Examples Android Traceview (startMethodTracing) Android test automation framework iOS instruments Purify (Rational / IBM) JVM -javaagent option AspectJ Friday 13 December 13
Guts of an app Friday 13 December 13
classes.dx Dalvik is the custom android VM (different from JVM) Dex = Dalvik EXecutable format. It’s a custom bytecode format designed for android Build process: compile .java code into .class files dx converts each .class file into .dx representation, and stores them in the single classes.dx all ref’d library code also goes into classes.dex Friday 13 December 13
Reverse engineering tools Smali (by JesusFreke) - dex disassembler ApkTool - decodes resources, repackage app dex2jar - disassembles dex to .class format JD-GUI - Decompiles .class into .java Androguard - Tool for deep analysis of android app ApkAnalyzer - Tool for analysis of app, also supports instrumentation of the app. Friday 13 December 13
Smali: Before Friday 13 December 13
Smali: After Friday 13 December 13
Androguard Friday 13 December 13
ApkAnalyzer Friday 13 December 13
Instrumentation Approaches Explored the following approaches on android Runtime Instrument .class files during build process Instrument .dex file Friday 13 December 13
Runtime instrumentation A JVM allows this - pass in a java.lang.instrumentation (using the -javaagent flag) which can transform class at class-load time Dalvik doesn’t support this It supports passing in a android.app.instrumentation, but that has a limited set of methods, mostly for automated testing Friday 13 December 13
Instrumenting .class files Considered modifying .class files, in two ways: Using the JavaAssist tool/library AspectJ Both are well understood tools, but need to be done at build time Requires a process change, plus not all of our users have access to the build (e.g. 3rd party QA team) Friday 13 December 13
Instrumenting .dex file Found some tools - none of these looked solid enough dexpler - research project redexer - research project apkil - google summer of code project Tried dex2jar to convert .dx into .class - but this is not a reliable method. Fine for reading code (skip the failed conversions), but not for this use case. Friday 13 December 13
Instrumenting .dex file (2) Smali A simple tool that decompiles the .dx into an intermediate format (also known as smali) This is well-used (e.g. ApkTool, ApkAnalyzer, and apkil use it) Active project, well supported by JesusFreke I disassemble an app, modified the smali code, and reassembled and repackaged, and it just worked! Friday 13 December 13
Automating instrumentation Challenges: Need a way to find all the appropriate calls in the app to replace Need to do it without side-effects. Tried many approaches, JesusFreke pointed me to MutableMethod which did what i needed Called my approach Umbreyta (icelandic for transform). https://github.com/LittleEyeLabs/smali Friday 13 December 13
Voila! Friday 13 December 13

Recommended

Reverse engineering android apps
Reverse engineering android appsReverse engineering android apps
Reverse engineering android apps
Pranay Airan
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skype
Mário Almeida
 
Reverse Engineering Android Application
Reverse Engineering Android ApplicationReverse Engineering Android Application
Reverse Engineering Android Application
n|u - The Open Security Community
 
Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...
Internet Security Auditors
 
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ZongXian Shen
 
IEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationIEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationRufatet Babakishiyev
 
JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...
JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...
JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...
Jorge Hidalgo
 
Interpreter RPG to Java
Interpreter RPG to JavaInterpreter RPG to Java
Interpreter RPG to Java
farerobe
 

Recommended

Reverse engineering android apps
Reverse engineering android appsReverse engineering android apps
Reverse engineering android apps
Pranay Airan
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skype
Mário Almeida
 
Reverse Engineering Android Application
Reverse Engineering Android ApplicationReverse Engineering Android Application
Reverse Engineering Android Application
n|u - The Open Security Community
 
Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...
Internet Security Auditors
 
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ZongXian Shen
 
IEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationIEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationRufatet Babakishiyev
 
JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...
JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...
JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...
Jorge Hidalgo
 
Interpreter RPG to Java
Interpreter RPG to JavaInterpreter RPG to Java
Interpreter RPG to Java
farerobe
 
Extract source code from an Android apk file
Extract source code from an Android apk fileExtract source code from an Android apk file
Extract source code from an Android apk file
Biwin John
 
Gwt and JSR 269's Pluggable Annotation Processing API
Gwt and JSR 269's Pluggable Annotation Processing APIGwt and JSR 269's Pluggable Annotation Processing API
Gwt and JSR 269's Pluggable Annotation Processing API
Arnaud Tournier
 
Why the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID ArchitectureWhy the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID Architecture
Jorge Ortiz
 
[ApacheCon 2016] Advanced Apache Cordova
[ApacheCon 2016] Advanced Apache Cordova[ApacheCon 2016] Advanced Apache Cordova
[ApacheCon 2016] Advanced Apache Cordova
Hazem Saleh
 
Code Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCoCode Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCoEvgeny Mandrikov
 
Exploring the power of Gradle in android studio - Basics & Beyond
Exploring the power of Gradle in android studio - Basics & BeyondExploring the power of Gradle in android studio - Basics & Beyond
Exploring the power of Gradle in android studio - Basics & Beyond
Kaushal Dhruw
 
Qtp interview questions and answers
Qtp interview questions and answersQtp interview questions and answers
Qtp interview questions and answers
ITeLearn
 
Droidcon Summary 2021
Droidcon Summary 2021Droidcon Summary 2021
Droidcon Summary 2021
Bartosz Kosarzycki
 
JavaOne 2009 BOF-5189 Griffon In Depth
JavaOne 2009 BOF-5189 Griffon In DepthJavaOne 2009 BOF-5189 Griffon In Depth
JavaOne 2009 BOF-5189 Griffon In Depth
Danno Ferrin
 
Dependence day insurgence
Dependence day insurgenceDependence day insurgence
Dependence day insurgence
Jorge Ortiz
 
Functional Reactive Programming in the Netflix API
Functional Reactive Programming in the Netflix APIFunctional Reactive Programming in the Netflix API
Functional Reactive Programming in the Netflix API
C4Media
 
When Enterprise Java Micro Profile meets Angular
When Enterprise Java Micro Profile meets AngularWhen Enterprise Java Micro Profile meets Angular
When Enterprise Java Micro Profile meets Angular
Antonio Goncalves
 
Apache Cordova In Action
Apache Cordova In ActionApache Cordova In Action
Apache Cordova In Action
Hazem Saleh
 
Effective code reviews
Effective code reviewsEffective code reviews
Effective code reviews
Sebastian Marek
 
Java quick reference
Java quick referenceJava quick reference
Java quick reference
www.programmingarena.com
 
Effective code reviews
Effective code reviewsEffective code reviews
Effective code reviews
Sebastian Marek
 
From zero to hero with React Native!
From zero to hero with React Native!From zero to hero with React Native!
From zero to hero with React Native!
Commit University
 
基於 Flow & Path 的 MVP 架構
基於 Flow & Path 的 MVP 架構基於 Flow & Path 的 MVP 架構
基於 Flow & Path 的 MVP 架構
玄武 Wu
 
Programming in Java
Programming in JavaProgramming in Java
Programming in JavaAbhilash Nair
 
Apache Deltaspike the CDI Toolbox (Java One 2015)
Apache Deltaspike the CDI Toolbox (Java One 2015)Apache Deltaspike the CDI Toolbox (Java One 2015)
Apache Deltaspike the CDI Toolbox (Java One 2015)
Antoine Sabot-Durand
 
Carrers in instrumentation engineering
Carrers in instrumentation engineeringCarrers in instrumentation engineering
Carrers in instrumentation engineering
entranzz123
 
Mechanical, Electrical and Instrumentation Engineering for Non-Engineers
Mechanical, Electrical and Instrumentation Engineering for Non-EngineersMechanical, Electrical and Instrumentation Engineering for Non-Engineers
Mechanical, Electrical and Instrumentation Engineering for Non-Engineers
Living Online
 

More Related Content

What's hot

Extract source code from an Android apk file
Extract source code from an Android apk fileExtract source code from an Android apk file
Extract source code from an Android apk file
Biwin John
 
Gwt and JSR 269's Pluggable Annotation Processing API
Gwt and JSR 269's Pluggable Annotation Processing APIGwt and JSR 269's Pluggable Annotation Processing API
Gwt and JSR 269's Pluggable Annotation Processing API
Arnaud Tournier
 
Why the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID ArchitectureWhy the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID Architecture
Jorge Ortiz
 
[ApacheCon 2016] Advanced Apache Cordova
[ApacheCon 2016] Advanced Apache Cordova[ApacheCon 2016] Advanced Apache Cordova
[ApacheCon 2016] Advanced Apache Cordova
Hazem Saleh
 
Code Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCoCode Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCoEvgeny Mandrikov
 
Exploring the power of Gradle in android studio - Basics & Beyond
Exploring the power of Gradle in android studio - Basics & BeyondExploring the power of Gradle in android studio - Basics & Beyond
Exploring the power of Gradle in android studio - Basics & Beyond
Kaushal Dhruw
 
Qtp interview questions and answers
Qtp interview questions and answersQtp interview questions and answers
Qtp interview questions and answers
ITeLearn
 
Droidcon Summary 2021
Droidcon Summary 2021Droidcon Summary 2021
Droidcon Summary 2021
Bartosz Kosarzycki
 
JavaOne 2009 BOF-5189 Griffon In Depth
JavaOne 2009 BOF-5189 Griffon In DepthJavaOne 2009 BOF-5189 Griffon In Depth
JavaOne 2009 BOF-5189 Griffon In Depth
Danno Ferrin
 
Dependence day insurgence
Dependence day insurgenceDependence day insurgence
Dependence day insurgence
Jorge Ortiz
 
Functional Reactive Programming in the Netflix API
Functional Reactive Programming in the Netflix APIFunctional Reactive Programming in the Netflix API
Functional Reactive Programming in the Netflix API
C4Media
 
When Enterprise Java Micro Profile meets Angular
When Enterprise Java Micro Profile meets AngularWhen Enterprise Java Micro Profile meets Angular
When Enterprise Java Micro Profile meets Angular
Antonio Goncalves
 
Apache Cordova In Action
Apache Cordova In ActionApache Cordova In Action
Apache Cordova In Action
Hazem Saleh
 
Effective code reviews
Effective code reviewsEffective code reviews
Effective code reviews
Sebastian Marek
 
Java quick reference
Java quick referenceJava quick reference
Java quick reference
www.programmingarena.com
 
Effective code reviews
Effective code reviewsEffective code reviews
Effective code reviews
Sebastian Marek
 
From zero to hero with React Native!
From zero to hero with React Native!From zero to hero with React Native!
From zero to hero with React Native!
Commit University
 
基於 Flow & Path 的 MVP 架構
基於 Flow & Path 的 MVP 架構基於 Flow & Path 的 MVP 架構
基於 Flow & Path 的 MVP 架構
玄武 Wu
 
Apache Deltaspike the CDI Toolbox (Java One 2015)
Apache Deltaspike the CDI Toolbox (Java One 2015)Apache Deltaspike the CDI Toolbox (Java One 2015)
Apache Deltaspike the CDI Toolbox (Java One 2015)
Antoine Sabot-Durand
 

What's hot (20)

Extract source code from an Android apk file
Extract source code from an Android apk fileExtract source code from an Android apk file
Extract source code from an Android apk file
 
Gwt and JSR 269's Pluggable Annotation Processing API
Gwt and JSR 269's Pluggable Annotation Processing APIGwt and JSR 269's Pluggable Annotation Processing API
Gwt and JSR 269's Pluggable Annotation Processing API
 
Why the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID ArchitectureWhy the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID Architecture
 
[ApacheCon 2016] Advanced Apache Cordova
[ApacheCon 2016] Advanced Apache Cordova[ApacheCon 2016] Advanced Apache Cordova
[ApacheCon 2016] Advanced Apache Cordova
 
Code Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCoCode Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCo
 
Exploring the power of Gradle in android studio - Basics & Beyond
Exploring the power of Gradle in android studio - Basics & BeyondExploring the power of Gradle in android studio - Basics & Beyond
Exploring the power of Gradle in android studio - Basics & Beyond
 
Qtp interview questions and answers
Qtp interview questions and answersQtp interview questions and answers
Qtp interview questions and answers
 
Droidcon Summary 2021
Droidcon Summary 2021Droidcon Summary 2021
Droidcon Summary 2021
 
JavaOne 2009 BOF-5189 Griffon In Depth
JavaOne 2009 BOF-5189 Griffon In DepthJavaOne 2009 BOF-5189 Griffon In Depth
JavaOne 2009 BOF-5189 Griffon In Depth
 
Dependence day insurgence
Dependence day insurgenceDependence day insurgence
Dependence day insurgence
 
Functional Reactive Programming in the Netflix API
Functional Reactive Programming in the Netflix APIFunctional Reactive Programming in the Netflix API
Functional Reactive Programming in the Netflix API
 
When Enterprise Java Micro Profile meets Angular
When Enterprise Java Micro Profile meets AngularWhen Enterprise Java Micro Profile meets Angular
When Enterprise Java Micro Profile meets Angular
 
Apache Cordova In Action
Apache Cordova In ActionApache Cordova In Action
Apache Cordova In Action
 
Effective code reviews
Effective code reviewsEffective code reviews
Effective code reviews
 
Java quick reference
Java quick referenceJava quick reference
Java quick reference
 
Effective code reviews
Effective code reviewsEffective code reviews
Effective code reviews
 
From zero to hero with React Native!
From zero to hero with React Native!From zero to hero with React Native!
From zero to hero with React Native!
 
基於 Flow & Path 的 MVP 架構
基於 Flow & Path 的 MVP 架構基於 Flow & Path 的 MVP 架構
基於 Flow & Path 的 MVP 架構
 
Programming in Java
Programming in JavaProgramming in Java
Programming in Java
 
Apache Deltaspike the CDI Toolbox (Java One 2015)
Apache Deltaspike the CDI Toolbox (Java One 2015)Apache Deltaspike the CDI Toolbox (Java One 2015)
Apache Deltaspike the CDI Toolbox (Java One 2015)
 

Viewers also liked

Carrers in instrumentation engineering
Carrers in instrumentation engineeringCarrers in instrumentation engineering
Carrers in instrumentation engineering
entranzz123
 
Mechanical, Electrical and Instrumentation Engineering for Non-Engineers
Mechanical, Electrical and Instrumentation Engineering for Non-EngineersMechanical, Electrical and Instrumentation Engineering for Non-Engineers
Mechanical, Electrical and Instrumentation Engineering for Non-Engineers
Living Online
 
Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...
Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...
Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...
eeiej
 
Big picture of electronics and instrumentation engineering
Big picture of electronics and instrumentation engineeringBig picture of electronics and instrumentation engineering
Big picture of electronics and instrumentation engineering
RMK ENGINEERING COLLEGE, CHENNAI
 
Presentation on e&i supports
Presentation on e&i supportsPresentation on e&i supports
Presentation on e&i supports
syamdev1968
 
Jason Fong - Instrumentation Engineering Technologist update April 18
Jason Fong - Instrumentation Engineering Technologist update April 18Jason Fong - Instrumentation Engineering Technologist update April 18
Jason Fong - Instrumentation Engineering Technologist update April 18Jason Fong
 
instrumentation Engineering Cv
instrumentation Engineering Cvinstrumentation Engineering Cv
instrumentation Engineering Cv
sameer abdullah
 
Hacking for Fun and Profit
Hacking for Fun and ProfitHacking for Fun and Profit
Hacking for Fun and Profit
Apkudo
 
Lecture 10
Lecture 10Lecture 10
Lecture 10
Manipal Institute of Technology
 
Industrial training at Numaligarh Refinery Limited ( Instrumentation Engineer...
Industrial training at Numaligarh Refinery Limited ( Instrumentation Engineer...Industrial training at Numaligarh Refinery Limited ( Instrumentation Engineer...
Industrial training at Numaligarh Refinery Limited ( Instrumentation Engineer...
Alok Saikia
 
Hedland Variable Area Flow Meters
Hedland Variable Area Flow MetersHedland Variable Area Flow Meters
Hedland Variable Area Flow Meters
Bell Flow Systems
 
Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...
Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...
Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...SCADAmetrics
 
Blancett Turbine Flow Meters
Blancett Turbine Flow MetersBlancett Turbine Flow Meters
Blancett Turbine Flow Meters
Bell Flow Systems
 

Viewers also liked (14)

Carrers in instrumentation engineering
Carrers in instrumentation engineeringCarrers in instrumentation engineering
Carrers in instrumentation engineering
 
Mechanical, Electrical and Instrumentation Engineering for Non-Engineers
Mechanical, Electrical and Instrumentation Engineering for Non-EngineersMechanical, Electrical and Instrumentation Engineering for Non-Engineers
Mechanical, Electrical and Instrumentation Engineering for Non-Engineers
 
Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...
Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...
Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...
 
Big picture of electronics and instrumentation engineering
Big picture of electronics and instrumentation engineeringBig picture of electronics and instrumentation engineering
Big picture of electronics and instrumentation engineering
 
Instrumentation Engineering
Instrumentation EngineeringInstrumentation Engineering
Instrumentation Engineering
 
Presentation on e&i supports
Presentation on e&i supportsPresentation on e&i supports
Presentation on e&i supports
 
Jason Fong - Instrumentation Engineering Technologist update April 18
Jason Fong - Instrumentation Engineering Technologist update April 18Jason Fong - Instrumentation Engineering Technologist update April 18
Jason Fong - Instrumentation Engineering Technologist update April 18
 
instrumentation Engineering Cv
instrumentation Engineering Cvinstrumentation Engineering Cv
instrumentation Engineering Cv
 
Hacking for Fun and Profit
Hacking for Fun and ProfitHacking for Fun and Profit
Hacking for Fun and Profit
 
Lecture 10
Lecture 10Lecture 10
Lecture 10
 
Industrial training at Numaligarh Refinery Limited ( Instrumentation Engineer...
Industrial training at Numaligarh Refinery Limited ( Instrumentation Engineer...Industrial training at Numaligarh Refinery Limited ( Instrumentation Engineer...
Industrial training at Numaligarh Refinery Limited ( Instrumentation Engineer...
 
Hedland Variable Area Flow Meters
Hedland Variable Area Flow MetersHedland Variable Area Flow Meters
Hedland Variable Area Flow Meters
 
Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...
Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...
Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...
 
Blancett Turbine Flow Meters
Blancett Turbine Flow MetersBlancett Turbine Flow Meters
Blancett Turbine Flow Meters
 

Similar to Reverse engineering and instrumentation of android apps

Tools/Processes for serious android app development
Tools/Processes for serious android app developmentTools/Processes for serious android app development
Tools/Processes for serious android app development
Gaurav Lochan
 
Javascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and BackboneJavascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Deepu S Nath
 
TripCase Unit Testing with Jasmine
TripCase Unit Testing with JasmineTripCase Unit Testing with Jasmine
TripCase Unit Testing with JasmineStephen Pond
 
An Introduction to AngularJS
An Introduction to AngularJSAn Introduction to AngularJS
An Introduction to AngularJS
Falk Hartmann
 
Ruby meetup 7_years_in_testing
Ruby meetup 7_years_in_testingRuby meetup 7_years_in_testing
Ruby meetup 7_years_in_testing
Digital Natives
 
Use Ruby to Write (and Test) Your Next Android App
Use Ruby to Write (and Test) Your Next Android AppUse Ruby to Write (and Test) Your Next Android App
Use Ruby to Write (and Test) Your Next Android AppJoel Byler
 
Mobile development in 2020
Mobile development in 2020 Mobile development in 2020
Mobile development in 2020
Bogusz Jelinski
 
Google App Engine for Java
Google App Engine for JavaGoogle App Engine for Java
Google App Engine for Java
Lars Vogel
 
PhpStorm for WordPress
PhpStorm for WordPressPhpStorm for WordPress
PhpStorm for WordPress
East Bay WordPress Meetup
 
Plugin-based software design with Ruby and RubyGems
Plugin-based software design with Ruby and RubyGemsPlugin-based software design with Ruby and RubyGems
Plugin-based software design with Ruby and RubyGems
Sadayuki Furuhashi
 
OOP_chapter _1.pptx
OOP_chapter _1.pptxOOP_chapter _1.pptx
OOP_chapter _1.pptx
AbdexAliyi
 
Performance comparison on java technologies a practical approach
Performance comparison on java technologies a practical approachPerformance comparison on java technologies a practical approach
Performance comparison on java technologies a practical approach
csandit
 
PERFORMANCE COMPARISON ON JAVA TECHNOLOGIES - A PRACTICAL APPROACH
PERFORMANCE COMPARISON ON JAVA TECHNOLOGIES - A PRACTICAL APPROACHPERFORMANCE COMPARISON ON JAVA TECHNOLOGIES - A PRACTICAL APPROACH
PERFORMANCE COMPARISON ON JAVA TECHNOLOGIES - A PRACTICAL APPROACH
cscpconf
 
iOS Client Side Analysis
iOS Client Side AnalysisiOS Client Side Analysis
iOS Client Side Analysis
Aadarsh N
 
Droid con 2013 workshop unit testing in android [robolectirc]
Droid con 2013 workshop unit testing in android [robolectirc]Droid con 2013 workshop unit testing in android [robolectirc]
Droid con 2013 workshop unit testing in android [robolectirc]
Leena N
 
Towards SLA-based Scheduling on YARN Clusters
Towards SLA-based Scheduling on YARN ClustersTowards SLA-based Scheduling on YARN Clusters
Towards SLA-based Scheduling on YARN Clusters
DataWorks Summit
 
Javascript Frameworks Comparison
Javascript Frameworks ComparisonJavascript Frameworks Comparison
Javascript Frameworks Comparison
Deepu S Nath
 
Introduction to Android Development Part 1
Introduction to Android Development Part 1Introduction to Android Development Part 1
Introduction to Android Development Part 1
Kainda Kiniel Daka
 
Android For Java Developers
Android For Java DevelopersAndroid For Java Developers
Android For Java Developers
Mike Wolfson
 
Test automation
Test automationTest automation
Test automation
Xavier Yin
 

Similar to Reverse engineering and instrumentation of android apps (20)

Tools/Processes for serious android app development
Tools/Processes for serious android app developmentTools/Processes for serious android app development
Tools/Processes for serious android app development
 
Javascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and BackboneJavascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
 
TripCase Unit Testing with Jasmine
TripCase Unit Testing with JasmineTripCase Unit Testing with Jasmine
TripCase Unit Testing with Jasmine
 
An Introduction to AngularJS
An Introduction to AngularJSAn Introduction to AngularJS
An Introduction to AngularJS
 
Ruby meetup 7_years_in_testing
Ruby meetup 7_years_in_testingRuby meetup 7_years_in_testing
Ruby meetup 7_years_in_testing
 
Use Ruby to Write (and Test) Your Next Android App
Use Ruby to Write (and Test) Your Next Android AppUse Ruby to Write (and Test) Your Next Android App
Use Ruby to Write (and Test) Your Next Android App
 
Mobile development in 2020
Mobile development in 2020 Mobile development in 2020
Mobile development in 2020
 
Google App Engine for Java
Google App Engine for JavaGoogle App Engine for Java
Google App Engine for Java
 
PhpStorm for WordPress
PhpStorm for WordPressPhpStorm for WordPress
PhpStorm for WordPress
 
Plugin-based software design with Ruby and RubyGems
Plugin-based software design with Ruby and RubyGemsPlugin-based software design with Ruby and RubyGems
Plugin-based software design with Ruby and RubyGems
 
OOP_chapter _1.pptx
OOP_chapter _1.pptxOOP_chapter _1.pptx
OOP_chapter _1.pptx
 
Performance comparison on java technologies a practical approach
Performance comparison on java technologies a practical approachPerformance comparison on java technologies a practical approach
Performance comparison on java technologies a practical approach
 
PERFORMANCE COMPARISON ON JAVA TECHNOLOGIES - A PRACTICAL APPROACH
PERFORMANCE COMPARISON ON JAVA TECHNOLOGIES - A PRACTICAL APPROACHPERFORMANCE COMPARISON ON JAVA TECHNOLOGIES - A PRACTICAL APPROACH
PERFORMANCE COMPARISON ON JAVA TECHNOLOGIES - A PRACTICAL APPROACH
 
iOS Client Side Analysis
iOS Client Side AnalysisiOS Client Side Analysis
iOS Client Side Analysis
 
Droid con 2013 workshop unit testing in android [robolectirc]
Droid con 2013 workshop unit testing in android [robolectirc]Droid con 2013 workshop unit testing in android [robolectirc]
Droid con 2013 workshop unit testing in android [robolectirc]
 
Towards SLA-based Scheduling on YARN Clusters
Towards SLA-based Scheduling on YARN ClustersTowards SLA-based Scheduling on YARN Clusters
Towards SLA-based Scheduling on YARN Clusters
 
Javascript Frameworks Comparison
Javascript Frameworks ComparisonJavascript Frameworks Comparison
Javascript Frameworks Comparison
 
Introduction to Android Development Part 1
Introduction to Android Development Part 1Introduction to Android Development Part 1
Introduction to Android Development Part 1
 
Android For Java Developers
Android For Java DevelopersAndroid For Java Developers
Android For Java Developers
 
Test automation
Test automationTest automation
Test automation
 

Recently uploaded

The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 

Recently uploaded (20)

The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 

Reverse engineering and instrumentation of android apps

  • 1. Reverse engineering and instrumenting android apps Gaurav Lochan Little Eye Labs Friday 13 December 13
  • 2. Outline Motivation? Instrumentation Guts of an android app Instrumentation approaches Chosen approach Friday 13 December 13
  • 3. Motivation? Little Eye Measures, Analyzes and helps optimize app resource usage on Android. But network stats are aggregates only Friday 13 December 13
  • 4. Motivation (2) Needed granular network stats - each endpoint/URL, Latency, Data transferred Considered different approaches Implement a VPN client app Use a proxy Looked at OS stats - didn’t find anything Java debug wire protocol (JDWP) Instrumentation Friday 13 December 13
  • 5. Instrumentation ie, Rewriting parts of a binary (in this case, android app) Allows us to intercept HTTP calls, with code-level context (parameters, errors) for each call Works on any app Works on practically any android version/device Opens up a lot of exciting possibilities... Friday 13 December 13
  • 6. Instrumentation (2) Can be: Static or Runtime Examples Android Traceview (startMethodTracing) Android test automation framework iOS instruments Purify (Rational / IBM) JVM -javaagent option AspectJ Friday 13 December 13
  • 7. Guts of an app Friday 13 December 13
  • 8. classes.dx Dalvik is the custom android VM (different from JVM) Dex = Dalvik EXecutable format. It’s a custom bytecode format designed for android Build process: compile .java code into .class files dx converts each .class file into .dx representation, and stores them in the single classes.dx all ref’d library code also goes into classes.dex Friday 13 December 13
  • 9. Reverse engineering tools Smali (by JesusFreke) - dex disassembler ApkTool - decodes resources, repackage app dex2jar - disassembles dex to .class format JD-GUI - Decompiles .class into .java Androguard - Tool for deep analysis of android app ApkAnalyzer - Tool for analysis of app, also supports instrumentation of the app. Friday 13 December 13
  • 10. Smali: Before Friday 13 December 13
  • 11. Smali: After Friday 13 December 13
  • 14. Instrumentation Approaches Explored the following approaches on android Runtime Instrument .class files during build process Instrument .dex file Friday 13 December 13
  • 15. Runtime instrumentation A JVM allows this - pass in a java.lang.instrumentation (using the -javaagent flag) which can transform class at class-load time Dalvik doesn’t support this It supports passing in a android.app.instrumentation, but that has a limited set of methods, mostly for automated testing Friday 13 December 13
  • 16. Instrumenting .class files Considered modifying .class files, in two ways: Using the JavaAssist tool/library AspectJ Both are well understood tools, but need to be done at build time Requires a process change, plus not all of our users have access to the build (e.g. 3rd party QA team) Friday 13 December 13
  • 17. Instrumenting .dex file Found some tools - none of these looked solid enough dexpler - research project redexer - research project apkil - google summer of code project Tried dex2jar to convert .dx into .class - but this is not a reliable method. Fine for reading code (skip the failed conversions), but not for this use case. Friday 13 December 13
  • 18. Instrumenting .dex file (2) Smali A simple tool that decompiles the .dx into an intermediate format (also known as smali) This is well-used (e.g. ApkTool, ApkAnalyzer, and apkil use it) Active project, well supported by JesusFreke I disassemble an app, modified the smali code, and reassembled and repackaged, and it just worked! Friday 13 December 13
  • 19. Automating instrumentation Challenges: Need a way to find all the appropriate calls in the app to replace Need to do it without side-effects. Tried many approaches, JesusFreke pointed me to MutableMethod which did what i needed Called my approach Umbreyta (icelandic for transform). https://github.com/LittleEyeLabs/smali Friday 13 December 13