Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hack And Protect Your Apps

Slvn
April 09, 2015

Hack And Protect Your Apps

Droidcon Montreal 2015

Slvn

April 09, 2015
Tweet

More Decks by Slvn

Other Decks in Programming

Transcript

  1. LET’S HACK Can we read Smali ? .method public isChecked

    ()Z .locals 1 .prologue .line 102 iget-boolean v0, p0, Lorg/jraf/android/backport/switchwidget/TwoStatePreference ;- >mChecked:Z return v0 .end method
  2. LET’S HACK Tools adb + unzip extract apk and some

    ressources apktool Smali + ressources jadx Java code (partial)
  3. LET’S PROTECT What is obfuscation ? package a; public class

    a { [...] public boolean a() { return a; } }
  4. LET’S PROTECT Is Obfuscation enough ? public class a {

    private static String a = "MotDePasseSecurePourChiffrer" ; public static Cipher a() { Cipher localCipher = Cipher.getInstance("AES/ECB/PKCS7Padding" , "BC"); localCipher .init(1, new SecretKeySpec (a.getBytes(), "AES")); return localCipher; } }
  5. LET’S PROTECT When ? When to protect ? · Whenever

    you want · Keep in mind that one motivated guy with enought ressources can break anything.
  6. LET’S DEVELOP How can this help me ? audit your

    build, third parties apps explore frameworks debug, hidden APIs ...
  7. LET’S CONCLUDE All good things come to an end LET’S

    HACK LET’S PROTECT LET’S DEVELOP