Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Hack And Protect Your Apps
Search
Slvn
April 09, 2015
Programming
4
300
Hack And Protect Your Apps
Droidcon Montreal 2015
Slvn
April 09, 2015
Tweet
Share
More Decks by Slvn
See All by Slvn
ROM Cooking - Droidcon UK 20013
slvn
5
200
Hack and protect your Android app
slvn
1
370
Other Decks in Programming
See All in Programming
Cursorを活用したAIプログラミングについて 入門
rect
0
170
Serving TUIs over SSH with Go
caarlos0
0
620
Beyond_the_Prompt__Evaluating__Testing__and_Securing_LLM_Applications.pdf
meteatamel
0
110
Instrumentsを使用した アプリのパフォーマンス向上方法
hinakko
0
240
SwiftDataのカスタムデータストアを試してみた
1mash0
0
150
カウシェで Four Keys の改善を試みた理由
ike002jp
1
130
Laravel × Clean Architecture
bumptakayuki
PRO
0
150
Browser and UI #2 HTML/ARIA
ken7253
2
170
読書シェア会 vol.4 『ダイナミックリチーミング 第2版』
kotaro666
0
110
一緒に働きたくなるプログラマの思想 #QiitaConference
mu_zaru
80
20k
GitHub Copilot for Azureを使い倒したい
ymd65536
1
330
On-the-fly Suggestions of Rewriting Method Deprecations
ohbarye
3
5.1k
Featured
See All Featured
Building an army of robots
kneath
305
45k
Building Applications with DynamoDB
mza
94
6.4k
Why You Should Never Use an ORM
jnunemaker
PRO
56
9.3k
StorybookのUI Testing Handbookを読んだ
zakiyama
30
5.7k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
60k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
31
1.2k
Speed Design
sergeychernyshev
29
930
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
32
2.3k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Agile that works and the tools we love
rasmusluckow
329
21k
Thoughts on Productivity
jonyablonski
69
4.6k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Transcript
HACK AND PROTECT YOUR APPS
AGENDA Droidcon Montréal 2015 01 Hack 02 Protect 03 Develop
04 Conclude
LET’S HACK Reverse engineering & red light saber
LET’S HACK Reverse engineering & red light saber You underestimate
the power of the dark side.
LET’S HACK Demo : AdBlock Plus
LET’S HACK Can we read Smali ? .method public isChecked
()Z .locals 1 .prologue .line 102 iget-boolean v0, p0, Lorg/jraf/android/backport/switchwidget/TwoStatePreference ;- >mChecked:Z return v0 .end method
LET’S HACK Tools adb + unzip extract apk and some
ressources apktool Smali + ressources jadx Java code (partial)
LET’S PROTECT Obfuscation & The Force
LET’S PROTECT Obfuscation & The Force Do. Or do not.
There is no try.
LET’S PROTECT What is obfuscation ? package a; public class
a { [...] public boolean a() { return a; } }
LET’S PROTECT Demo : Proguard
LET’S PROTECT Is Obfuscation enough ? public class a {
private static String a = "MotDePasseSecurePourChiffrer" ; public static Cipher a() { Cipher localCipher = Cipher.getInstance("AES/ECB/PKCS7Padding" , "BC"); localCipher .init(1, new SecretKeySpec (a.getBytes(), "AES")); return localCipher; } }
LET’S PROTECT When ? When to protect ? · Whenever
you want · Keep in mind that one motivated guy with enought ressources can break anything.
LET’S DEVELOP Audit, opportunism & more...
LET’S DEVELOP Audit, opportunism & more... GGGWARRRHH WWWW
LET’S DEVELOP How can this help me ? audit your
build, third parties apps explore frameworks debug, hidden APIs ...
LET’S CONCLUDE All good things must come to an end
LET’S CONCLUDE All good things come to an end LET’S
HACK LET’S PROTECT LET’S DEVELOP
Thank you ! Sylvain Galand
[email protected]
www.genymobile.com
slvn
rect
caarlos0
meteatamel
hinakko
1mash0
ike002jp
bumptakayuki
ken7253
kotaro666
mu_zaru
ymd65536
ohbarye
kneath
mza
jnunemaker
zakiyama
lemiorhan
garrettdimon
sergeychernyshev
jcasabona
keavy
rasmusluckow
jonyablonski
malarkey
![Thank you ! Sylvain Galand [email protected] www.genymobile.com](https://files.speakerdeck.com/presentations/09f0e01fbef547779822ca14d7dc342a/slide_18.jpg){kind=link}