Hack And Protect Your Apps

Transcript

1. HACK AND PROTECT YOUR APPS

2. AGENDA Droidcon Montréal 2015 01 Hack 02 Protect 03 Develop

   04 Conclude

3. LET’S HACK Reverse engineering & red light saber

4. LET’S HACK Reverse engineering & red light saber You underestimate

   the power of the dark side.

5. LET’S HACK Demo : AdBlock Plus

6. LET’S HACK Can we read Smali ? .method public isChecked

   ()Z .locals 1 .prologue .line 102 iget-boolean v0, p0, Lorg/jraf/android/backport/switchwidget/TwoStatePreference ;- >mChecked:Z return v0 .end method

7. LET’S HACK Tools adb + unzip extract apk and some

   ressources apktool Smali + ressources jadx Java code (partial)

8. LET’S PROTECT Obfuscation & The Force

9. LET’S PROTECT Obfuscation & The Force Do. Or do not.

   There is no try.

10. LET’S PROTECT What is obfuscation ? package a; public class

    a { [...] public boolean a() { return a; } }

11. LET’S PROTECT Demo : Proguard

12. LET’S PROTECT Is Obfuscation enough ? public class a {

    private static String a = "MotDePasseSecurePourChiffrer" ; public static Cipher a() { Cipher localCipher = Cipher.getInstance("AES/ECB/PKCS7Padding" , "BC"); localCipher .init(1, new SecretKeySpec (a.getBytes(), "AES")); return localCipher; } }

13. LET’S PROTECT When ? When to protect ? · Whenever

    you want · Keep in mind that one motivated guy with enought ressources can break anything.

14. LET’S DEVELOP Audit, opportunism & more...

15. LET’S DEVELOP Audit, opportunism & more... GGGWARRRHH WWWW

16. LET’S DEVELOP How can this help me ? audit your

    build, third parties apps explore frameworks debug, hidden APIs ...

17. LET’S CONCLUDE All good things must come to an end

18. LET’S CONCLUDE All good things come to an end LET’S

    HACK LET’S PROTECT LET’S DEVELOP

19. Thank you ! Sylvain Galand [email protected] www.genymobile.com