Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
FRAUG - Point sécu Android 2020
Search
Michaël Ohayon
March 18, 2020
Technology
0
71
FRAUG - Point sécu Android 2020
Michaël Ohayon
March 18, 2020
Tweet
Share
More Decks by Michaël Ohayon
See All by Michaël Ohayon
Bringing your Flutter App to the Web
mikklfr
0
75
KED - Prompt Security
mikklfr
0
23
Sécuriser ses appels réseau Android, de 2009 à 2019
mikklfr
0
21
Android et qualité logicielle
mikklfr
0
21
Securing Network Calls on Android, from 2009 to 2019
mikklfr
0
110
Other Decks in Technology
See All in Technology
Shirankedo NOCで見えてきたeduroam/OpenRoaming運用ノウハウと課題 - BAKUCHIKU BANBAN #2
marokiki
0
140
ACA でMAGI システムを社内で展開しようとした話
mappie_kochi
1
250
AIAgentの限界を超え、 現場を動かすWorkflowAgentの設計と実践
miyatakoji
0
130
「AI駆動PO」を考えてみる - 作る速さから価値のスループットへ:検査・適応で未来を開発 / AI-driven product owner. scrummat2025
yosuke_nagai
4
580
成長自己責任時代のあるきかた/How to navigate the era of personal responsibility for growth
kwappa
3
270
生成AIとM5Stack / M5 Japan Tour 2025 Autumn 東京
you
PRO
0
210
AI時代だからこそ考える、僕らが本当につくりたいスクラムチーム / A Scrum Team we really want to create in this AI era
takaking22
6
3.4k
非エンジニアのあなたもできる&もうやってる!コンテキストエンジニアリング
findy_eventslides
3
910
ZOZOのAI活用実践〜社内基盤からサービス応用まで〜
zozotech
PRO
0
170
GopherCon Tour 概略
logica0419
2
190
BtoBプロダクト開発の深層
16bitidol
0
270
自動テストのコストと向き合ってみた
qa
0
110
Featured
See All Featured
Unsuck your backbone
ammeep
671
58k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
19
1.2k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4k
Building Applications with DynamoDB
mza
96
6.6k
How to Think Like a Performance Engineer
csswizardry
27
2k
Bash Introduction
62gerente
615
210k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
7
890
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Art, The Web, and Tiny UX
lynnandtonic
303
21k
Building Adaptive Systems
keathley
43
2.8k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
15k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.6k
Transcript
Point sécu Android 2020 fenrir.pro
AMSELLEM JÉRÉMIE Consultant / Formateur en sécurité informatique Freelance @Fenrir.pro
@lp1eu fenrir.pro
OHAYON MICHAËL Consultant / Manager chez Publicis Sapient Engineering @mikkL
fenrir.pro
"Tu peux jeter un oeil à mon téléphone ?" fenrir.pro
fenrir.pro
fenrir.pro
Comment on en est arrivé la ? fenrir.pro
Nos méthodes d'analyse fenrir.pro
Setup Terminal Android fenrir.pro
Android-x86 Genymotion BlueStacks [...] fenrir.pro 1. Émulateur
Setup Analyse du trafic fenrir.pro
Charles BurpSuite mitmproxy Fiddler [...] fenrir.pro 2. Proxy HTTP
HTTP fenrir.pro
HTTPS fenrir.pro
Chiffrement Asymétrique fenrir.pro
Chiffrement Symétrique fenrir.pro
Handshake HTTPS fenrir.pro 1. Client HELLO 2. Server HELLO 3.
Key Exchange
Mais du coup comment il fait Charles (ou Burp/autres[...]) ?
fenrir.pro
Infrastructure à clé
L'exemple du "debug"
Abus de confiance
Abus de confiance
Démo fenrir.pro
Setup Analyse Statique fenrir.pro
apktool / jadx Apk Studio BytecodeViewer JEB Decompiler fenrir.pro
Démo fenrir.pro
Un standard ? fenrir.pro
Ressources fenrir.pro
None
None
None
None
None
None
Et donc au final ? fenrir.pro
fenrir.pro Pubs in app
fenrir.pro Stores
Web fenrir.pro
Stores alternatifs fenrir.pro
Dans la presse fenrir.pro
fenrir.pro
fenrir.pro
None
Trojan-Dropper.AndroidOS.Shopper.a. fenrir.pro
Android.Xiny.5261 fenrir.pro
Du coup, on fait quoi ? fenrir.pro
fenrir.pro
Contre-mesures fenrir.pro
Question time ! fenrir.pro