Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hack And Protect Your Apps

3a2490a91e6ff957d9900ef319c4dc2f?s=47 Slvn
April 09, 2015
Programming
4
290

Hack And Protect Your Apps

Droidcon Montreal 2015

3a2490a91e6ff957d9900ef319c4dc2f?s=128

Slvn

April 09, 2015
Tweet

More Decks by Slvn

See All by Slvn
ROM Cooking - Droidcon UK 20013
3a2490a91e6ff957d9900ef319c4dc2f?s=48 slvn
5
180
Hack and protect your Android app
3a2490a91e6ff957d9900ef319c4dc2f?s=48 slvn
1
350

Other Decks in Programming

See All in Programming
Airflowはすごいぞ!
65389cd2b6fdc531dcc4af999e864593?s=48 hankehly
0
370
開発速度を5倍早くするVSCodeの拡張機能を作った
D7da604883d0056673358ed111aa9ec3?s=48 purp1eeeee
2
150
ISUCON12 事前講習
2e7087b86608d4497c209eb9ba14d8f5?s=48 rosylilly
3
4.5k
短納期でローンチした新サービスをJavaで開発した話/launched new service using Java
B887cc104275187588fae7d58790563e?s=48 eichisanden
6
1.9k
GitHub Actions を導入した経緯
41c9dedd1b4c53ace82e040bb09334fe?s=48 tamago3keran
1
430
Swift Regex
0b26590a0a8b0f1da140ed5de9b68379?s=48 usamik26
0
160
[DevTrends - Jun/2022] Arquitetura baseada em eventos
36489105af6ebd101e8f250e537e70d3?s=48 camilacampos
0
150
Springin‘でみんなもクリエイターに!
000064025fd47aaaeda16b914f44cc79?s=48 ueponx
0
200
GoogleI/O2022 LT報告会資料
2bd3b8c3550384ab61d671b673c119bb?s=48 shinsukefujita1126
0
320
Beyond Micro Frontends: Frontend Moduliths for the Enterprise @enterjs2022
15934fa2aa7b2ce21f091e9b7cffa856?s=48 manfredsteyer
PRO
0
160
#JJUG_CCC 「サポート」は製品開発? - JDBCライブラリ屋さんが実践する攻めのテクニカルサポートとJavaエンジニアのキャリアについて -
244963b5eab1dd775692490daea81a7f?s=48 cdataj
0
420
Reactive Java Microservices on Kubernetes with Spring and JHipster
7f408bc67dc9ae3b288ee92d16d3c4c2?s=48 deepu105
1
170

Featured

See All Featured
Fireside Chat
864a009ac73600c7c02e1f26629dd989?s=48 paigeccino
11
1.3k
CSS Pre-Processors: Stylus, Less & Sass
7559f6cff1f5efc2d210965febd4d71c?s=48 bermonpainter
349
27k
XXLCSS - How to scale CSS and keep your sanity
1b8ad785acdd1ce1c99914b1c2a4e10e?s=48 sugarenia
236
1M
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
C44e1f7e22c3f23cff7bc130871047ef?s=48 eileencodes
119
28k
Put a Button on it: Removing Barriers to Going Fast.
Bfd6b681ec6e8c9bef82ff0521c364f7?s=48 kastner
56
2.3k
The Pragmatic Product Professional
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
19
3k
Designing with Data
F57e2136eb9895eb95ff5dc8a1c02677?s=48 zakiwarfel
91
3.9k
Web Components: a chance to create the future
E190023b66e2b8aa73a842b106920c93?s=48 zenorocha
303
40k
The Mythical Team-Month
E6c6e133e74c3b83f04d2861deaa1c20?s=48 searls
209
39k
Agile that works and the tools we love
462dad0dd24c568a32dcdb0ae895ae1b?s=48 rasmusluckow
319
19k
The Web Native Designer (August 2011)
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
74
1.9k
Intergalactic Javascript Robots from Outer Space
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
261
25k

Transcript

  1. HACK AND PROTECT YOUR APPS

  2. AGENDA Droidcon Montréal 2015 01 Hack 02 Protect 03 Develop

    04 Conclude

  3. LET’S HACK Reverse engineering & red light saber

  4. LET’S HACK Reverse engineering & red light saber You underestimate

    the power of the dark side.

  5. LET’S HACK Demo : AdBlock Plus

  6. LET’S HACK Can we read Smali ? .method public isChecked

    ()Z .locals 1 .prologue .line 102 iget-boolean v0, p0, Lorg/jraf/android/backport/switchwidget/TwoStatePreference ;- >mChecked:Z return v0 .end method

  7. LET’S HACK Tools adb + unzip extract apk and some

    ressources apktool Smali + ressources jadx Java code (partial)

  8. LET’S PROTECT Obfuscation & The Force

  9. LET’S PROTECT Obfuscation & The Force Do. Or do not.

    There is no try.

  10. LET’S PROTECT What is obfuscation ? package a; public class

    a { [...] public boolean a() { return a; } }

  11. LET’S PROTECT Demo : Proguard

  12. LET’S PROTECT Is Obfuscation enough ? public class a {

    private static String a = "MotDePasseSecurePourChiffrer" ; public static Cipher a() { Cipher localCipher = Cipher.getInstance("AES/ECB/PKCS7Padding" , "BC"); localCipher .init(1, new SecretKeySpec (a.getBytes(), "AES")); return localCipher; } }

  13. LET’S PROTECT When ? When to protect ? · Whenever

    you want · Keep in mind that one motivated guy with enought ressources can break anything.

  14. LET’S DEVELOP Audit, opportunism & more...

  15. LET’S DEVELOP Audit, opportunism & more... GGGWARRRHH WWWW

  16. LET’S DEVELOP How can this help me ? audit your

    build, third parties apps explore frameworks debug, hidden APIs ...

  17. LET’S CONCLUDE All good things must come to an end

  18. LET’S CONCLUDE All good things come to an end LET’S

    HACK LET’S PROTECT LET’S DEVELOP

  19. Thank you ! Sylvain Galand sgaland@genymobile.com www.genymobile.com