Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensics-rsa-conference-2014

968 views

Published on

Beginners' Guide to Reverse Engineering Android Apps - Pau Oliva Fora at RSA Conference 2014

Published in: Education
  • Be the first to comment

Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensics-rsa-conference-2014

  1. 1. SESSION ID: Beginners Guide to Reverse Engineering Android Apps STU-W02B Pau Oliva Fora Sr. Mobile Security Engineer viaForensics @pof
  2. 2. #RSAC Agenda  Anatomy of an Android app  Obtaining our target apps  Getting our hands dirty: reversing the target application  Demo using Santoku Linux 2
  3. 3. Anatomy of an Android app
  4. 4. #RSAC Anatomy of an Android app  Simple ZIP file, renamed to “APK” extension  App resources  Signature  Manifest (binary XML) 4
  5. 5. Obtaining our target apps
  6. 6. #RSAC Getting the APK from the phone  Backup to SD Card:  APKOptic  Astro file manager  etc… 6
  7. 7. #RSAC Getting the APK from the phone  Using ADB (Android Debug Bridge):  adb shell pm list packages  adb pull /data/app/package-name-1.apk 7
  8. 8. #RSAC Downloading the APK from Google Play  Using unofficial Google Play API:  https://github.com/egirault/googleplay-api  Using a web service or browser extension:  http://apps.evozi.com/apk-downloader/  http://apify.ifc0nfig.com/static/clients/apk-downloader/ 8
  9. 9. #RSAC Downloading the APK from Google Play  Using unofficial Google Play API:  https://github.com/egirault/googleplay-api  Using a web service or browser extension:  http://apps.evozi.com/apk-downloader/  http://apify.ifc0nfig.com/static/clients/apk-downloader/ 9
  10. 10. Getting our hands dirty: reversing the target application
  11. 11. #RSAC Disassembling DEX Smali 11
  12. 12. #RSAC Apktool  apktool - https://code.google.com/p/android-apktool/  Multi platform, Apache 2.0 license  Decode resources to original form (and rebuild after modification)  Transforms binary Dalvik bytecode (classes.dex) into Smali source 12
  13. 13. #RSAC Smali 13
  14. 14. #RSAC Decompiling – Java Decompiler DEX JAR JAVA 14
  15. 15. #RSAC Dex2Jar  dex2jar - https://code.google.com/p/dex2jar/  Multi platform, Apache 2.0 license  Converts Dalvik bytecode (DEX) to java bytecode (JAR)  Allows to use any existing Java decompiler with the resulting JAR file 15
  16. 16. #RSAC Java Decompilers  Jd-gui - http://jd.benow.ca/  Multi platform  closed source  JAD - http://varaneckas.com/jad/  Multi platform  closed source  Command line  Others: Dare, Mocha, Procyon, … 16
  17. 17. #RSAC Decompiling – Android (Dalvik) decompiler DEX JAVA 17
  18. 18. #RSAC Dalvik Decompilers  Transforming DEX to JAR looses important metadata that the decompiler could use.  Pure Dalvik decompilers skip this step, so they produce better output  Unfortunately there are not as many choices for Android decompilers as for Java decompilers:  Open Source: Androguard’s DAD - https://code.google.com/p/androguard/  Commercial: JEB - http://www.android-decompiler.com/  Others? 18
  19. 19. Demo – Santoku
  20. 20. #RSAC Demo – Santoku Linux  Santoku Linux - https://santoku-linux.com/  Mobile Forensics  Mobile Malware analysis  Mobile application assessment 20
  21. 21. #RSAC Summary  APK files are ZIP files, can be extracted with any unzip utility  Apktool helps extracting binary resources, and allows repacking  Dex2jar converts Dalvik Bytecode to Java Bytecode  Pure Android decompilers are better  Santoku Linux has all the tools you need to reverse engineering mobile apps 21
  22. 22. #RSAC Q&A | Contact | Feedback  Thanks for listening…  @pof  github.com/poliva  poliva@viaforensics.com 22

×