Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
FRAUG - Point sécu Android 2020
Search
Michaël Ohayon
March 18, 2020
Technology
0
69
FRAUG - Point sécu Android 2020
Michaël Ohayon
March 18, 2020
Tweet
Share
More Decks by Michaël Ohayon
See All by Michaël Ohayon
Bringing your Flutter App to the Web
mikklfr
0
67
KED - Prompt Security
mikklfr
0
22
Sécuriser ses appels réseau Android, de 2009 à 2019
mikklfr
0
20
Android et qualité logicielle
mikklfr
0
19
Securing Network Calls on Android, from 2009 to 2019
mikklfr
0
110
Other Decks in Technology
See All in Technology
CursorによるPMO業務の代替 / Automating PMO Tasks with Cursor
motoyoshi_kakaku
2
910
タイミーのデータモデリング事例と今後のチャレンジ
ttccddtoki
6
2.3k
高速なプロダクト開発を実現、創業期から掲げるエンタープライズアーキテクチャ
kawauso
2
7.6k
OPENLOGI Company Profile for engineer
hr01
1
33k
Lazy application authentication with Tailscale
bluehatbrit
0
150
Zephyr RTOSを使った開発コンペに参加した件
iotengineer22
1
190
Tech-Verse 2025 Keynote
lycorptech_jp
PRO
0
1.7k
2025-07-06 QGIS初級ハンズオン「はじめてのQGIS」
kou_kita
0
150
「良さそう」と「とても良い」の間には 「良さそうだがホンマか」がたくさんある / 2025.07.01 LLM品質Night
smiyawaki0820
1
490
第4回Snowflake 金融ユーザー会 Snowflake summit recap
tamaoki
0
200
Should Our Project Join the CNCF? (Japanese Recap)
whywaita
PRO
0
320
Connect 100+を支える技術
kanyamaguc
0
180
Featured
See All Featured
A designer walks into a library…
pauljervisheath
207
24k
Adopting Sorbet at Scale
ufuk
77
9.4k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.3k
Become a Pro
speakerdeck
PRO
28
5.4k
Making the Leap to Tech Lead
cromwellryan
134
9.4k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
181
53k
Testing 201, or: Great Expectations
jmmastey
42
7.6k
Six Lessons from altMBA
skipperchong
28
3.9k
Bash Introduction
62gerente
614
210k
Building Adaptive Systems
keathley
43
2.6k
What's in a price? How to price your products and services
michaelherold
246
12k
Into the Great Unknown - MozCon
thekraken
39
1.9k
Transcript
Point sécu Android 2020 fenrir.pro
AMSELLEM JÉRÉMIE Consultant / Formateur en sécurité informatique Freelance @Fenrir.pro
@lp1eu fenrir.pro
OHAYON MICHAËL Consultant / Manager chez Publicis Sapient Engineering @mikkL
fenrir.pro
"Tu peux jeter un oeil à mon téléphone ?" fenrir.pro
fenrir.pro
fenrir.pro
Comment on en est arrivé la ? fenrir.pro
Nos méthodes d'analyse fenrir.pro
Setup Terminal Android fenrir.pro
Android-x86 Genymotion BlueStacks [...] fenrir.pro 1. Émulateur
Setup Analyse du trafic fenrir.pro
Charles BurpSuite mitmproxy Fiddler [...] fenrir.pro 2. Proxy HTTP
HTTP fenrir.pro
HTTPS fenrir.pro
Chiffrement Asymétrique fenrir.pro
Chiffrement Symétrique fenrir.pro
Handshake HTTPS fenrir.pro 1. Client HELLO 2. Server HELLO 3.
Key Exchange
Mais du coup comment il fait Charles (ou Burp/autres[...]) ?
fenrir.pro
Infrastructure à clé
L'exemple du "debug"
Abus de confiance
Abus de confiance
Démo fenrir.pro
Setup Analyse Statique fenrir.pro
apktool / jadx Apk Studio BytecodeViewer JEB Decompiler fenrir.pro
Démo fenrir.pro
Un standard ? fenrir.pro
Ressources fenrir.pro
None
None
None
None
None
None
Et donc au final ? fenrir.pro
fenrir.pro Pubs in app
fenrir.pro Stores
Web fenrir.pro
Stores alternatifs fenrir.pro
Dans la presse fenrir.pro
fenrir.pro
fenrir.pro
None
Trojan-Dropper.AndroidOS.Shopper.a. fenrir.pro
Android.Xiny.5261 fenrir.pro
Du coup, on fait quoi ? fenrir.pro
fenrir.pro
Contre-mesures fenrir.pro
Question time ! fenrir.pro