Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Hack And Protect Your Apps
Search
Slvn
April 09, 2015
Programming
4
310
Hack And Protect Your Apps
Droidcon Montreal 2015
Slvn
April 09, 2015
Tweet
Share
More Decks by Slvn
See All by Slvn
ROM Cooking - Droidcon UK 20013
slvn
5
200
Hack and protect your Android app
slvn
1
380
Other Decks in Programming
See All in Programming
管你要 trace 什麼、bpftrace 用下去就對了 — COSCUP 2025
shunghsiyu
0
240
0から始めるモジュラーモノリス-クリーンなモノリスを目指して
sushi0120
0
250
ZeroETLで始めるDynamoDBとS3の連携
afooooil
0
150
SwiftでMCPサーバーを作ろう!
giginet
PRO
2
220
バイブスあるコーディングで ~PHP~ 便利ツールをつくるプラクティス
uzulla
1
320
React は次の10年を生き残れるか:3つのトレンドから考える
oukayuka
41
16k
自作OSでDOOMを動かしてみた
zakki0925224
1
450
Bedrock AgentCore ObservabilityによるAIエージェントの運用
licux
8
560
構文解析器入門
ydah
7
2k
実践!App Intents対応
yuukiw00w
1
200
マイコンでもRustのtestがしたい その2/KernelVM Tokyo 18
tnishinaga
0
240
あまり知られていない MCP 仕様たち / MCP specifications that aren’t widely known
ktr_0731
0
220
Featured
See All Featured
How GitHub (no longer) Works
holman
314
140k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
3.1k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
126
53k
Docker and Python
trallard
45
3.5k
Facilitating Awesome Meetings
lara
54
6.5k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
880
GraphQLとの向き合い方2022年版
quramy
49
14k
Building an army of robots
kneath
306
45k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Balancing Empowerment & Direction
lara
1
530
Measuring & Analyzing Core Web Vitals
bluesmoon
7
540
GitHub's CSS Performance
jonrohan
1031
460k
Transcript
HACK AND PROTECT YOUR APPS
AGENDA Droidcon Montréal 2015 01 Hack 02 Protect 03 Develop
04 Conclude
LET’S HACK Reverse engineering & red light saber
LET’S HACK Reverse engineering & red light saber You underestimate
the power of the dark side.
LET’S HACK Demo : AdBlock Plus
LET’S HACK Can we read Smali ? .method public isChecked
()Z .locals 1 .prologue .line 102 iget-boolean v0, p0, Lorg/jraf/android/backport/switchwidget/TwoStatePreference ;- >mChecked:Z return v0 .end method
LET’S HACK Tools adb + unzip extract apk and some
ressources apktool Smali + ressources jadx Java code (partial)
LET’S PROTECT Obfuscation & The Force
LET’S PROTECT Obfuscation & The Force Do. Or do not.
There is no try.
LET’S PROTECT What is obfuscation ? package a; public class
a { [...] public boolean a() { return a; } }
LET’S PROTECT Demo : Proguard
LET’S PROTECT Is Obfuscation enough ? public class a {
private static String a = "MotDePasseSecurePourChiffrer" ; public static Cipher a() { Cipher localCipher = Cipher.getInstance("AES/ECB/PKCS7Padding" , "BC"); localCipher .init(1, new SecretKeySpec (a.getBytes(), "AES")); return localCipher; } }
LET’S PROTECT When ? When to protect ? · Whenever
you want · Keep in mind that one motivated guy with enought ressources can break anything.
LET’S DEVELOP Audit, opportunism & more...
LET’S DEVELOP Audit, opportunism & more... GGGWARRRHH WWWW
LET’S DEVELOP How can this help me ? audit your
build, third parties apps explore frameworks debug, hidden APIs ...
LET’S CONCLUDE All good things must come to an end
LET’S CONCLUDE All good things come to an end LET’S
HACK LET’S PROTECT LET’S DEVELOP
Thank you ! Sylvain Galand
[email protected]
www.genymobile.com