Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Hack And Protect Your Apps
Search
Slvn
April 09, 2015
Programming
4
300
Hack And Protect Your Apps
Droidcon Montreal 2015
Slvn
April 09, 2015
Tweet
Share
More Decks by Slvn
See All by Slvn
ROM Cooking - Droidcon UK 20013
slvn
5
190
Hack and protect your Android app
slvn
1
360
Other Decks in Programming
See All in Programming
マイ隙間家具OSSたちのご紹介
karupanerura
2
120
軽率にVue 3で リアルタイム3Dアプリを作れる ライブラリを作ってみた/vue-with-3d-app
drumath2237
3
1.1k
UnityプログラミングバイブルR6号宣伝&Unity Logging小話
adarapata
0
110
So You Think You Know Git - Part 2
schacon
PRO
0
1.3k
Sementic Kernelのネイティブ関数について
tomokusaba
0
780
TypeScript x GraphQLで2年開発してみて
yutank34
8
4.7k
Running Laravel Apps With FrankenPHP
dunglas
4
1.2k
ADRを一年運用してみた/our_story_about_adr
hanhan1978
3
1.1k
PHP8の機能を使って堅牢にコードを書く
fendo181
6
2k
生成 AI の中身を覗いてみよう〜基礎から医療現場での応用まで〜
soh9834
2
700
Static Analysis Automation for Hunting Vulnerable Kernel Drivers
takahiro_haruyama
1
1.4k
Crafting a Own PHP - ウキウキ手作りミニマリストPHP
uzulla
4
960
Featured
See All Featured
How GitHub Uses GitHub to Build GitHub
holman
467
290k
Faster Mobile Websites
deanohume
296
30k
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
No one is an island. Learnings from fostering a developers community.
thoeni
14
2k
Being A Developer After 40
akosma
56
580k
Facilitating Awesome Meetings
lara
39
5.5k
Typedesign – Prime Four
hannesfritz
36
2k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
501
140k
Visualization
eitanlees
135
14k
Principles of Awesome APIs and How to Build Them.
keavy
119
16k
Documentation Writing (for coders)
carmenintech
59
3.7k
Product Roadmaps are Hard
iamctodd
43
9.6k
Transcript
HACK AND PROTECT YOUR APPS
AGENDA Droidcon Montréal 2015 01 Hack 02 Protect 03 Develop
04 Conclude
LET’S HACK Reverse engineering & red light saber
LET’S HACK Reverse engineering & red light saber You underestimate
the power of the dark side.
LET’S HACK Demo : AdBlock Plus
LET’S HACK Can we read Smali ? .method public isChecked
()Z .locals 1 .prologue .line 102 iget-boolean v0, p0, Lorg/jraf/android/backport/switchwidget/TwoStatePreference ;- >mChecked:Z return v0 .end method
LET’S HACK Tools adb + unzip extract apk and some
ressources apktool Smali + ressources jadx Java code (partial)
LET’S PROTECT Obfuscation & The Force
LET’S PROTECT Obfuscation & The Force Do. Or do not.
There is no try.
LET’S PROTECT What is obfuscation ? package a; public class
a { [...] public boolean a() { return a; } }
LET’S PROTECT Demo : Proguard
LET’S PROTECT Is Obfuscation enough ? public class a {
private static String a = "MotDePasseSecurePourChiffrer" ; public static Cipher a() { Cipher localCipher = Cipher.getInstance("AES/ECB/PKCS7Padding" , "BC"); localCipher .init(1, new SecretKeySpec (a.getBytes(), "AES")); return localCipher; } }
LET’S PROTECT When ? When to protect ? · Whenever
you want · Keep in mind that one motivated guy with enought ressources can break anything.
LET’S DEVELOP Audit, opportunism & more...
LET’S DEVELOP Audit, opportunism & more... GGGWARRRHH WWWW
LET’S DEVELOP How can this help me ? audit your
build, third parties apps explore frameworks debug, hidden APIs ...
LET’S CONCLUDE All good things must come to an end
LET’S CONCLUDE All good things come to an end LET’S
HACK LET’S PROTECT LET’S DEVELOP
Thank you ! Sylvain Galand
[email protected]
www.genymobile.com