Upgrade to Pro — share decks privately, control downloads, hide ads and more …

[WeAreDevelopers World Conference] Reversing An...

[WeAreDevelopers World Conference] Reversing Android Apps

Marc Obrador

June 30, 2021
Tweet

More Decks by Marc Obrador

Other Decks in Programming

Transcript

  1. Protecting against static analysis ProGuard is a good start… for

    regular apps • It’s just method renaming and code shrinking • Tools for reversing ProGuard exist: http://apk-deguard.com/ Other (paid) alternatives exist for obfuscation Writing sensitve code in native (NDK) is a good idea
  2. • Use certificate pinning • Implement Root/Debugger/Emulator/Hooking Framework detection •

    Try to detect app tampering Protecting against dynamic analysis
  3. $ adb install “Downloads/Artà Beer Festival_v1.2.5_apkpure.com.apk” Performing Streamed Install Success

    $ adb shell am start com.marcobrador.android.artabeerfestival/.SplashActivity Starting: Intent { act=android.intent.action.MAIN cat=[android.intent.category .LAUNCHER] cmp=com.marcobrador.android.artabeerfestival/.SplashActivity }