The document discusses disassembling Dalvik bytecode on Android. It begins by providing background on Android, Dalvik VM, APK files, DEX files, and JIT compilation. It then discusses ways to hack at different levels: using macros to automate games, intercepting REST traffic, analyzing APK/DEX files by decompiling them and modifying bytecode, analyzing and modifying shared object libraries, and disassembling machine code. The key steps outlined are decompiling DEX to Smali bytecode, applying changes, recompiling to an APK, installing on a device, and analyzing shared object libraries by disassembling to machine code.
So you've reversed you're first Android APK; now what? Java pseduocode is nice, but how do we modify the app? This is a crash course in reading and understanding Davlik opcodes. It will go through some basics then we will jump into a couple case studies to demonstrate some of the concepts. This talk should help testers who are interested in or do Android application assessments to better understand how to mess with the underlying code.
How to implement a simple dalvik virtual machineChun-Yu Wang
This slide is an introduction to Android Dalvik Virtual Machine on a short course.
We use two hand-made JVM and DVM which called Simple JVM and Simple DVM respectively, to tell student how they work. A Foo Class was provided as a target for verifying the execution results of those VM. We hope it will help student to understand JVM and DVM quickly.
My session in Wearable DevCon 2014, Burlingame, CA
[Note: now the conference is called "Wearable Tech Con" ]
The session gives an introduction to using the Java Native Interface (JNI) in Java, and in particular in the Android Platform. The session then covers the use of the Native Development Kit (NDK) for developing Android applications.
Java 7 - New Features - by Mihail Stoynov and Svetlin NakovSvetlin Nakov
Java 7 - New Features
Introduction and Chronology
Compressed 64-bit Object Pointers
Garbage-First GC (G1)
Dynamic Languages in JVM
Java Modularity – Project Jigsaw
Language Enhancements (Project Coin)
Strings in Switch
Automatic Resource Management (ARM)
Improved Type Inference for Generic Instance Creation
Improved Type Inference for Generic Instance Creation
Simplified Varargs Method Invocation
Collection Literals
Indexing Access Syntax for Lists and Maps
Language Support for JSR 292
Underscores in Numbers
Binary Literals
Closures for Java
First-class Functions
Function Types
Lambda Expressions
Project Lambda
Extension Methods
Upgrade Class-Loader Architecture
Method to close a URLClassLoader
Unicode 5.1
JSR 203: NIO.2
SCTP (Stream Control Transmission Protocol)
SDP (Sockets Direct Protocol)
So you've reversed you're first Android APK; now what? Java pseduocode is nice, but how do we modify the app? This is a crash course in reading and understanding Davlik opcodes. It will go through some basics then we will jump into a couple case studies to demonstrate some of the concepts. This talk should help testers who are interested in or do Android application assessments to better understand how to mess with the underlying code.
How to implement a simple dalvik virtual machineChun-Yu Wang
This slide is an introduction to Android Dalvik Virtual Machine on a short course.
We use two hand-made JVM and DVM which called Simple JVM and Simple DVM respectively, to tell student how they work. A Foo Class was provided as a target for verifying the execution results of those VM. We hope it will help student to understand JVM and DVM quickly.
My session in Wearable DevCon 2014, Burlingame, CA
[Note: now the conference is called "Wearable Tech Con" ]
The session gives an introduction to using the Java Native Interface (JNI) in Java, and in particular in the Android Platform. The session then covers the use of the Native Development Kit (NDK) for developing Android applications.
Java 7 - New Features - by Mihail Stoynov and Svetlin NakovSvetlin Nakov
Java 7 - New Features
Introduction and Chronology
Compressed 64-bit Object Pointers
Garbage-First GC (G1)
Dynamic Languages in JVM
Java Modularity – Project Jigsaw
Language Enhancements (Project Coin)
Strings in Switch
Automatic Resource Management (ARM)
Improved Type Inference for Generic Instance Creation
Improved Type Inference for Generic Instance Creation
Simplified Varargs Method Invocation
Collection Literals
Indexing Access Syntax for Lists and Maps
Language Support for JSR 292
Underscores in Numbers
Binary Literals
Closures for Java
First-class Functions
Function Types
Lambda Expressions
Project Lambda
Extension Methods
Upgrade Class-Loader Architecture
Method to close a URLClassLoader
Unicode 5.1
JSR 203: NIO.2
SCTP (Stream Control Transmission Protocol)
SDP (Sockets Direct Protocol)
My session at AnDevCon, April 2014, Boston, MA
The session gives an introduction to using the Java Native Interface (JNI) in Java, and in particular in the Android Platform. The session then covers the use of the Native Development Kit (NDK) for developing Android applications.
@todo update description
(COSCUP 2015) A Beginner's Journey to Mozilla SpiderMonkey JS EngineZongXian Shen
This is my slides of COSCUP 2015 at Taipei, Taiwan.
The material is about the engine implementation overview from a 3 month experienced mentor bug contributor.
C++ CoreHard Autumn 2018. Создание пакетов для открытых библиотек через conan...corehard_by
Использование сторонних библиотек в языке C++ никогда не было простым - необходимо было правильно собрать их, имея дело с различными системами сборки, но с появлением пакетного менеджера conan.io процесс стал намного проще, так что теперь осталось только сделать пакеты для нужным библиотек, и в этом поможет команда bincrafter-ов.
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ZongXian Shen
The design memo and hack note of ProbeDroid
A dynamic binary instrumentation kit targeting Android(Lollipop) 5.0 and above
This is the first complete draft.
Improved version will be updated in a few days.
C++ is most often used programming language. This slide will help you to gain more knowledge on C++ programming. In this slide you will learn the fundamentals of C++ programming. The slide will also help you to fetch more details on Object Oriented Programming concepts. Each of the concept under Object Oriented Programming is explained in detail and in more smoother way as it will helpful for everyone to understand.
My session at AnDevCon, April 2014, Boston, MA
The session gives an introduction to using the Java Native Interface (JNI) in Java, and in particular in the Android Platform. The session then covers the use of the Native Development Kit (NDK) for developing Android applications.
@todo update description
(COSCUP 2015) A Beginner's Journey to Mozilla SpiderMonkey JS EngineZongXian Shen
This is my slides of COSCUP 2015 at Taipei, Taiwan.
The material is about the engine implementation overview from a 3 month experienced mentor bug contributor.
C++ CoreHard Autumn 2018. Создание пакетов для открытых библиотек через conan...corehard_by
Использование сторонних библиотек в языке C++ никогда не было простым - необходимо было правильно собрать их, имея дело с различными системами сборки, но с появлением пакетного менеджера conan.io процесс стал намного проще, так что теперь осталось только сделать пакеты для нужным библиотек, и в этом поможет команда bincrafter-ов.
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ZongXian Shen
The design memo and hack note of ProbeDroid
A dynamic binary instrumentation kit targeting Android(Lollipop) 5.0 and above
This is the first complete draft.
Improved version will be updated in a few days.
C++ is most often used programming language. This slide will help you to gain more knowledge on C++ programming. In this slide you will learn the fundamentals of C++ programming. The slide will also help you to fetch more details on Object Oriented Programming concepts. Each of the concept under Object Oriented Programming is explained in detail and in more smoother way as it will helpful for everyone to understand.
With growth in app market it is essential to guard our android apps against possible threats, in this presentation we will walk through various tools and techniques which some one can use to reverse engineer an android app, we will see how some one can get access to APP DB, CODE, API, PREFERENCES.
We will also see different tools and techniques to guard our app against possible threats from code obfuscation with tools like dexgaurd to newer methods like verification of api calls using google play services.
This session was taken in Barcamp 13 bangalore http://barcampbangalore.org/bcb/bcb13/reverse-engineering-an-android-app-securing-your-android-apps-against-attacks
and bangalore android user group meetup Jan meetup http://www.meetup.com/blrdroid/events/100360682/
These slides were presented at the 2nd Workshop on Software Engineering Methods in Spreadsheets co-located with ICSE ’15 in Florence.
We propose reverse engineering techniques aimed at supporting the comprehension of spreadsheet applications enhanced through the use of Visual Basic for Applications (VBA).
Powerpoint from CodepaLOUsa 2011.
Learn the various techniques bad guys can use to extract information from your .NET or Java applications or at least how you can recover the source code that your predecessor deleted before he quit. A demo filled session on how easy it is to extract information from virtually any .NET or Java application (yes, including Silverlight).
During one of my personal projects I decided to study the internals of Android and the potential of altering the Dalvik VM (e.g. Xposed framework and Cydia) and application behaviour. Not going into detail about runtime hooking of constructors and classes like these two tools provide, I also explored the possibility of reverse engineering and modifying existing applications.
In the web you can find multiple tutorials on Android reverse engineering of applications but not many that do it with real applications that are often subject to obfuscation or with complex execution flows. So in order to learn I decided to pick a common application such as Skype and do the following:
decompile it
study contents and completely remove some functionality (e.g. ads)
change some resources (not described in presentation bellow)
recompile, sign and install.
Used tools include :
apktool – for (de)compiling android applications
jarsigner – for signing android applications
xposed – for intercepting runtime execution flow (will make public in future)
The following presentation describes the steps taken in order to completely remove the ads from skype. This includes any computation or data plan usage the ads consume. Please note the disclaimer of the presentation as this information is for educational purposes only.
Check my website : www.marioalmeida.eu
How to reverse engineer Android applications—using a popular word game as an ...Christoph Matthies
Short introduction to the basic methods and techniques used in reverse engineering Android applications. A popular word game is used as an example app.
The slides describe obtaining the application code, decompiling it, debugging Android applications, using a proxy server (Man-in-the-Middle) to extract communication protocols and automating Android applications.
Published under CC BY-NC-SA 3.0
(Presentation at HITcon 2011) This talk introduces how to do Android application reverse engineering by real example. And, it covers the advanced topics like optimized DEX and JNI.
Inside Android's Dalvik VM - NEJUG Nov 2011Doug Hawkins
In this presentation, Doug Hawkins will discuss how the Dalvik VM is different from traditional Java VMs and the motivations behind those differences. Along the way, you'll learn about Android's service architecture, Dalvik's byte code format, and the surprising details of how Android installs, launches, and executes applications.
The new runtime which Google is started implementing as developers view to implement or not which has advantages over the previous Dalvik runtime and more...
http://fr.droidcon.com/2014/agenda/
http://fr.droidcon.com/2014/agenda/detail?title=The+Android+Native+Development+Kit
The Android NDK is used to integrate C/C++ code into Android applications and libraries.
Learn how you can use the NDK and NDK-based libraries with Eclipse and Android Studio, and how you can debug and optimize your code.
Discover what changes from the new Android Runtime may break your integration, and how you can target new 64-bit architectures with the upcoming android L-release.
Speaker : Alexander Weggerle, Intel
3. What is Android?
Android is an operating system by Google that uses a Linux kernel and runs its
applications on a VM, formerly known as Dalvik
The programs that run on Android are packaged and distributed as APK files
Inside each APK file, there is an executable DEX file which is what actually gets run
when the program starts
Android has the largest installed base of all operating systems of any kind
4. What is Dalvik?
It’s a VM but it’s not the Java VM
Register-based VM made more efficient when running on
battery-powered, relatively low CPU/RAM smartphones
You write Java source that compiles to Java bytecode which then
gets translated to Dalvik bytecode
Successor is Android Runtime (ART), introduced in KitKat (4.4+),
completely replaced Dalvik in Lollipop (5.0+), which
compiles-on-install rather than JIT
5. What is an APK?
Android Package
This is what you download and install
from the Google Play store
It’s really just a zip file containing an app
Holds the app’s assets and Dalvik
bytecode (in .dex or .odex format)
6. What is bytecode?
Not machine code
DEX = Dalvik Executable
Intermediate found in Java .class files and
Dalvik .dex files
Translated between .dex and .class using
the dx tool
Machine code is only created at runtime
by the Just-In-Time (JIT) compiler
7. What is JIT compilation?
Mix between traditional ahead-of-time compiling and interpreting
Machine code is generated during runtime
Combines the speed of compiled code with the flexibility of interpretation
At the cost of overhead of an interpreter + the additional overhead of compiling
Allows for adaptive optimization such as dynamic recompilation
Think re.compile() from Python
8. What is the Android NDK?
Android Native Development Kit
A set of tools that allow you to leverage C and C++ code in
your Android apps
Uses the Java Native Interface (JNI) to expose Java calls to
underlying system
Used by Cocos2d-x, game development tools written in C++
Cocos is compiled as a shared library and shipped inside the
APK
10. Use a Macro to “Bot” the Game
Was the goal of my last talk
Use macros or scripts to automate some
repeatable circuit to gain in-game
currencies all day every day
Prone to errors
Slow, human level gain
Too Bad It’s Not Really That Cool
12. Wireshark
Sniff the traffic to and from an Android emulator
Make a malicious imposter client
Replay the get/put/posts using curl or python
Fail: Google Play Services uses OAuth 2.0
Sends ephemeral Base64-URL-encoded token
15. Get the APK
Find on Google Play and use that URL at an APK Downloader website or
Enable USB Debugging, install Android SDK, connect your smartphone and:
adb shell pm list packages | grep khux
adb shell pm path com.square_enix.android_googleplay.khuxww
adb pull /data/app/com.square_enix.android_googleplay.khuxww-1/base.apk
16. DEX Bytecode Disassembling (Baksmaling)
Two ways, recommend doing both:
Directly: Convert to bytecode to a readable format (Baksmali, Jasmine, etc.)
apktool d -f “khux.apk” -o smali
Indirectly: Convert to Java first, then use Java’s decompiling tools
dex2jar -> Java Decompiler (JD-Core, JD-GUI, etc.)
18. Apply Changes
Change variables, convert to hex first!
const/16 v0, 9bff
Output variables to the Android log
const-string v0, "grep_for_this_breh:"
invoke-static {v0, p1}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
19. APK Reassembling
apktool b -f smali/ -o khux_rekt.apk
jarsigner (Android SDK) - sign the apk with your own keystore or..
https://github.com/appium/sign
java -jar sign.jar modded.apk
zipalign (Android SDK) - (optional) ensures that all uncompressed data starts with a
particular alignment relative to the start of the file, reducing app’s RAM footprint
zipalign 4 modded.s.apk aligned.apk
20. Reinstall the APK
Uninstall the original APK if it’s still on the device
Install the modded APK
adb install aligned.apk
Disable or uninstall Facebook if you’re having problems with Facebook login
Watch the logs
adb logcat | grep grep_for_this_breh
22. Shared Object Analysis
libcocos2dcpp.so was the only meaningful difference
When diff tells you “Binary files differ”, you can convert to hex and try again.
xxd hacked.so > hacked.hex
vimdiff hacked.hex unhacked.hex
You can also try a byte-for-byte comparison
cmp -l file1.so file2.so
This prints out the line number of the changes and their differences in octal
23.
24. Machine Code Disassembly
Get the Android NDK
Find the right objdump for your architecture
For Android smartphones, it’s usually ARM little
endian, arm-linux-androideabi
/path/to/arch/objdump -d haxt.so > haxt.asm
You can also use Hex-Keys IDA Pro (Interactive
Disassembler) for multiarch disassembly
25.
26. Machine Code Decompilation
Bring the .so all the way back up to the C level (Hex-Rays Decompiler)
Vs. disassembling, it’s more readable but it can be inaccurate and it takes much longer.