Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hack And Protect Your Apps

3a2490a91e6ff957d9900ef319c4dc2f?s=47 Slvn
April 09, 2015
Programming
4
290

Hack And Protect Your Apps

Droidcon Montreal 2015

3a2490a91e6ff957d9900ef319c4dc2f?s=128

Slvn

April 09, 2015
Tweet

More Decks by Slvn

See All by Slvn
3a2490a91e6ff957d9900ef319c4dc2f?s=48 slvn
5
180
3a2490a91e6ff957d9900ef319c4dc2f?s=48 slvn
1
350

Other Decks in Programming

See All in Programming
2e0a66c86d35c1ef7ae20eae1de4ffda?s=48 jreznot
1
870
2e7087b86608d4497c209eb9ba14d8f5?s=48 rosylilly
3
350
102398563fd1bf878b35dc2d5ee67cbe?s=48 kamilahsantos
0
140
13824f545937c1ae0a80739aea2e396c?s=48 mlopskr
0
420
3135a28c51dfa27396bb525e9972db95?s=48 clown0082
1
140
D497c45a1fb82c383c62ef994a7c0fdc?s=48 shunshobon
0
340
45477cf77ae1a156e65fbc860078bf59?s=48 xu3u4
0
190
E26d0367de2bbb06bf3059c981aea719?s=48 wagnerfusca
2
220
2c68dc672293cc3f8a7a57d3af86f15b?s=48 koukyo1994
1
230
F5ad19f79685973f5e93124e55ef4d15?s=48 kumasan3
0
250
9bf923e39671cde83584e3e926296c13?s=48 kishikawakatsumi
1
520
7336da77de517e04e2438553e4f8071d?s=48 kampersanda
25
8.2k

Featured

See All Featured
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
PRO
322
54k
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
4
710
282d599b414022eba5096510f675b6e2?s=48 chrislema
173
14k
11c84dff30266b907714802088852677?s=48 jasonvnalue
83
8.2k
D36d2c1821af9249b69ff7f5ed60529b?s=48 tammielis
238
23k
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
71
3.7k
E837d2996f52008ace055a08fbfff992?s=48 frogandcode
129
20k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
499
130k
9128d500301ae51524e887bb680f471d?s=48 caitiem20
312
18k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
312
21k
C44e1f7e22c3f23cff7bc130871047ef?s=48 eileencodes
115
26k
0c6fd6a08d0f898159cda7cafcacf07f?s=48 afnizarnur
178
14k

Transcript

  1. HACK AND PROTECT YOUR APPS

  2. AGENDA Droidcon Montréal 2015 01 Hack 02 Protect 03 Develop

    04 Conclude

  3. LET’S HACK Reverse engineering & red light saber

  4. LET’S HACK Reverse engineering & red light saber You underestimate

    the power of the dark side.

  5. LET’S HACK Demo : AdBlock Plus

  6. LET’S HACK Can we read Smali ? .method public isChecked

    ()Z .locals 1 .prologue .line 102 iget-boolean v0, p0, Lorg/jraf/android/backport/switchwidget/TwoStatePreference ;- >mChecked:Z return v0 .end method

  7. LET’S HACK Tools adb + unzip extract apk and some

    ressources apktool Smali + ressources jadx Java code (partial)

  8. LET’S PROTECT Obfuscation & The Force

  9. LET’S PROTECT Obfuscation & The Force Do. Or do not.

    There is no try.

  10. LET’S PROTECT What is obfuscation ? package a; public class

    a { [...] public boolean a() { return a; } }

  11. LET’S PROTECT Demo : Proguard

  12. LET’S PROTECT Is Obfuscation enough ? public class a {

    private static String a = "MotDePasseSecurePourChiffrer" ; public static Cipher a() { Cipher localCipher = Cipher.getInstance("AES/ECB/PKCS7Padding" , "BC"); localCipher .init(1, new SecretKeySpec (a.getBytes(), "AES")); return localCipher; } }

  13. LET’S PROTECT When ? When to protect ? · Whenever

    you want · Keep in mind that one motivated guy with enought ressources can break anything.

  14. LET’S DEVELOP Audit, opportunism & more...

  15. LET’S DEVELOP Audit, opportunism & more... GGGWARRRHH WWWW

  16. LET’S DEVELOP How can this help me ? audit your

    build, third parties apps explore frameworks debug, hidden APIs ...

  17. LET’S CONCLUDE All good things must come to an end

  18. LET’S CONCLUDE All good things come to an end LET’S

    HACK LET’S PROTECT LET’S DEVELOP

  19. Thank you ! Sylvain Galand sgaland@genymobile.com www.genymobile.com