From Reversing to Exploitation: Android Application Security in Essence
xathrya
92 views
32 slides
Jan 19, 2018
Slide 1 of 32
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
About This Presentation
Seminar on Explicit's Art of Hacking
Telkom University Bandung
Bandung, 2017-11-04
Android security mostly seen as only "exploiting the device with RAT" and some of it. Here, I want to show that there are more than that.
Slide Content
From Reversing to Exploitation Android Application Security in Essence Reversing.ID Revealing the Truth through Breaking Things
H i ! I am Satria Ady Pradana Cyber Security Consultant @ Mitra Integrasi Informatika xathrya @xathrya Reversing.ID Revealing the Truth through Breaking Things
First of All, Why Security ?
Cyberspace Around You It’s hard to not depend on IT technology .
(Y)our Dependency to Digital Technology Communication Entertainment Financial Education News
Digital Age Has Came. Mobile Device Is the Key. It means most of your activity will have to interact with smartphone.
http://www.businessinsider.sg/smartphone-market-share-android-ios-windows-blackberry-2016-8
Android is Dominating, but … With the great userbase comes great threats
Focus on Android Application Can we pwn the application?
The Joy of Android Apps Exploitation Application is in your possession . Basically it means we can do anything . Modify, bypass, etc. Your Code is Mine “Your code is not stolen, you give it in binary.”
Remember this Mantra! APK is just a zip . Everything inside is in binary form. Java can be decompiled . No software is free of bug . Exploitation is not always about taking over devices .
What Do You Need? Proper goals . Proper knowledge . Proper tools and environment .
Our Goal (Mostly) Obtain the Sensitive Information / Data Get the Algorithm Bypass restriction Manipulate the application.
Proper Knowledge Basic understanding of programming. Know what process involved in building an APK. What should I do for start hacking? Common penetration methodology.
Analysis Lab Anything you need to prepare Android Device / Emulator Disassembler Decompiler HTTP / TCP Proxy for MITM Packet Sniffer Dynamic Binary Instrumentation
Reversing Extracting knowledge, structures, and mechanics of a system. Reversing.ID Komunitas Reverse Engineering Indonesia
Think of him YES!!!
About Reverse Engineering Reveal the secret mechanism or components that makes something. Formally it described as “ Extracting knowledge or design information from anything man-made and reproducing it or reproduce anything based on the extracted information.” Basically we want to know what secrets behind the application are.
How APK is Made?
Code in Java / Kotlin VS
Behind the “Build” command* *Simplified build process How to Get the Code Back?
Peeking Under the APK Classes.dex , the code in binary AndroidManifest.xml , the manifest META-INF , directory Res , directory, contain resource used by APK
Step by Step Use ApkTool to extract and decompile the APK to readable code and data. https://ibotpeaches.github.io/Apktool/ $ apktool d the_file.apk Enter the newly created directory. But the code is decompiled to smali , not java (yet) Use Dex2Jar to decompile classes.dex to Java .jar https://github.com/pxb1988/dex2jar $ d2j-dex2jar classes.dex Code in jar, still not in source code
Step by Step cont’d Use any java decompiler to decompile java bytecode to source code. JD-GUI Procyon CFR FernFlower Or use the all-in-one solution, such as: ByteCodeViewer , JEB Android.
Step by Step cont’d Use MITM proxy to intercept request made by application. Burp Suite ZAProxy Use DBI to manipulate application behavior. Frida
Intercepting with Burp Suite Create an MITM proxy Force application to send all request via MITM proxy. Setting the proxy option on Android device. Forward / Reject the request from application to server. Tamper the content, modify anything before forwarding.
What Scenario? Practically, like web hacking or web service hacking. Change ID or parameter, can we access something that should not be accessed? Is sensitive data encrypted? Do we have hardcoded credentials (API key) to access service? etc
Dynamic Binary Analysis (with Frida) Relatively new approach for analysis. DBI is a method of analyzing the behavior of a binary application at runtime through the injection of instrumentation code. In short: manipulate application behavior by a script ( javascript ).
What Frida Can Do? Access process memory Overwrite functions while the application is running Call functions from imported classes Find object instance on the heap and use them Hook, trace, and intercept function. https://www.slideshare.net/satriapradana1/bypass-security-checking-with-frida
What Scenario? Bypass security checking Root checker SSL pinning Get encryption process, what is the plaintext processed by this function? Modify function as wish, want to make this function always return true.
Demo …
End of Game.
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 92
- Slides 32
- Favorites 1
- Age 2875 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
31 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
31 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
31 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
27 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
29 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
32 views