Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hack And Protect Your Apps

3a2490a91e6ff957d9900ef319c4dc2f?s=47 Slvn
April 09, 2015

Hack And Protect Your Apps

Droidcon Montreal 2015

3a2490a91e6ff957d9900ef319c4dc2f?s=128

Slvn

April 09, 2015
Tweet

Transcript

  1. HACK AND PROTECT YOUR APPS

  2. AGENDA Droidcon Montréal 2015 01 Hack 02 Protect 03 Develop

    04 Conclude
  3. LET’S HACK Reverse engineering & red light saber

  4. LET’S HACK Reverse engineering & red light saber You underestimate

    the power of the dark side.
  5. LET’S HACK Demo : AdBlock Plus

  6. LET’S HACK Can we read Smali ? .method public isChecked

    ()Z .locals 1 .prologue .line 102 iget-boolean v0, p0, Lorg/jraf/android/backport/switchwidget/TwoStatePreference ;- >mChecked:Z return v0 .end method
  7. LET’S HACK Tools adb + unzip extract apk and some

    ressources apktool Smali + ressources jadx Java code (partial)
  8. LET’S PROTECT Obfuscation & The Force

  9. LET’S PROTECT Obfuscation & The Force Do. Or do not.

    There is no try.
  10. LET’S PROTECT What is obfuscation ? package a; public class

    a { [...] public boolean a() { return a; } }
  11. LET’S PROTECT Demo : Proguard

  12. LET’S PROTECT Is Obfuscation enough ? public class a {

    private static String a = "MotDePasseSecurePourChiffrer" ; public static Cipher a() { Cipher localCipher = Cipher.getInstance("AES/ECB/PKCS7Padding" , "BC"); localCipher .init(1, new SecretKeySpec (a.getBytes(), "AES")); return localCipher; } }
  13. LET’S PROTECT When ? When to protect ? · Whenever

    you want · Keep in mind that one motivated guy with enought ressources can break anything.
  14. LET’S DEVELOP Audit, opportunism & more...

  15. LET’S DEVELOP Audit, opportunism & more... GGGWARRRHH WWWW

  16. LET’S DEVELOP How can this help me ? audit your

    build, third parties apps explore frameworks debug, hidden APIs ...
  17. LET’S CONCLUDE All good things must come to an end

  18. LET’S CONCLUDE All good things come to an end LET’S

    HACK LET’S PROTECT LET’S DEVELOP
  19. Thank you ! Sylvain Galand sgaland@genymobile.com www.genymobile.com