Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
Hack And Protect Your Apps
Slvn
April 09, 2015
Programming
4
290
Hack And Protect Your Apps
Droidcon Montreal 2015
Slvn
April 09, 2015
Tweet
Share
More Decks by Slvn
See All by Slvn
ROM Cooking - Droidcon UK 20013
slvn
5
180
Hack and protect your Android app
slvn
1
350
Other Decks in Programming
See All in Programming
Airflowはすごいぞ!
hankehly
0
370
開発速度を5倍早くするVSCodeの拡張機能を作った
purp1eeeee
2
150
ISUCON12 事前講習
rosylilly
3
4.5k
短納期でローンチした新サービスをJavaで開発した話/launched new service using Java
eichisanden
6
1.9k
GitHub Actions を導入した経緯
tamago3keran
1
430
Swift Regex
usamik26
0
160
[DevTrends - Jun/2022] Arquitetura baseada em eventos
camilacampos
0
150
Springin‘でみんなもクリエイターに!
ueponx
0
200
GoogleI/O2022 LT報告会資料
shinsukefujita1126
0
320
Beyond Micro Frontends: Frontend Moduliths for the Enterprise @enterjs2022
manfredsteyer
PRO
0
160
#JJUG_CCC 「サポート」は製品開発? - JDBCライブラリ屋さんが実践する攻めのテクニカルサポートとJavaエンジニアのキャリアについて -
cdataj
0
420
Reactive Java Microservices on Kubernetes with Spring and JHipster
deepu105
1
170
Featured
See All Featured
Fireside Chat
paigeccino
11
1.3k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
349
27k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
236
1M
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
119
28k
Put a Button on it: Removing Barriers to Going Fast.
kastner
56
2.3k
The Pragmatic Product Professional
lauravandoore
19
3k
Designing with Data
zakiwarfel
91
3.9k
Web Components: a chance to create the future
zenorocha
303
40k
The Mythical Team-Month
searls
209
39k
Agile that works and the tools we love
rasmusluckow
319
19k
The Web Native Designer (August 2011)
paulrobertlloyd
74
1.9k
Intergalactic Javascript Robots from Outer Space
tanoku
261
25k
Transcript
HACK AND PROTECT YOUR APPS
AGENDA Droidcon Montréal 2015 01 Hack 02 Protect 03 Develop
04 Conclude
LET’S HACK Reverse engineering & red light saber
LET’S HACK Reverse engineering & red light saber You underestimate
the power of the dark side.
LET’S HACK Demo : AdBlock Plus
LET’S HACK Can we read Smali ? .method public isChecked
()Z .locals 1 .prologue .line 102 iget-boolean v0, p0, Lorg/jraf/android/backport/switchwidget/TwoStatePreference ;- >mChecked:Z return v0 .end method
LET’S HACK Tools adb + unzip extract apk and some
ressources apktool Smali + ressources jadx Java code (partial)
LET’S PROTECT Obfuscation & The Force
LET’S PROTECT Obfuscation & The Force Do. Or do not.
There is no try.
LET’S PROTECT What is obfuscation ? package a; public class
a { [...] public boolean a() { return a; } }
LET’S PROTECT Demo : Proguard
LET’S PROTECT Is Obfuscation enough ? public class a {
private static String a = "MotDePasseSecurePourChiffrer" ; public static Cipher a() { Cipher localCipher = Cipher.getInstance("AES/ECB/PKCS7Padding" , "BC"); localCipher .init(1, new SecretKeySpec (a.getBytes(), "AES")); return localCipher; } }
LET’S PROTECT When ? When to protect ? · Whenever
you want · Keep in mind that one motivated guy with enought ressources can break anything.
LET’S DEVELOP Audit, opportunism & more...
LET’S DEVELOP Audit, opportunism & more... GGGWARRRHH WWWW
LET’S DEVELOP How can this help me ? audit your
build, third parties apps explore frameworks debug, hidden APIs ...
LET’S CONCLUDE All good things must come to an end
LET’S CONCLUDE All good things come to an end LET’S
HACK LET’S PROTECT LET’S DEVELOP
Thank you ! Sylvain Galand sgaland@genymobile.com www.genymobile.com