View
362
Download
1
Category
Preview:
Citation preview
Dissecting Android APKReversing Android applications
/> self.me
- Final year undergraduate student at Amrita University, Amritapuri
- Love Android !
- Currently researching on Android security
- Play CTFs as a part of team bi0s
bi0s
Index
- Why Android ?
- Android security implementations and issues
- Real world Android malwares
- Reversing Android apps
- Structure of an APK
- Analyzing the contents
- Demo
- Workaround
Why Android ?
The Tale of Triumph
Open source - power to you!
User-friendly
Most used - more developers
Mobile OS Global Market Share 2016
Android security
- Sandboxing
- Permissions
- ASLR since Android 4.0 ICS
- ARM TrustZone
Implementations
Permissions
ARM TrustZone
Are we at risk ?
Issues - Malwares
- Ransomwares
- Exploits
Real world Android malwares
AccuTrack : Turns an Android device into a GPS tracker
AckPost : Steals contact information from the device and sends it to a remote server
BackFlash / Crosate : Installs as a fake Flash plugin, registers as a Device administrator, and steals sensitive data
BankBot : Particularly aims at stealing bank account information from dedicated apps
DroidDeluxe :Exploits the device to gain root privilege and then modifies access permission of database files and collects account information
APKAndroid package : APK
Zip file with .apk extension
Playstore, Amazon Appstore, F-Droid
Java + res + XML + Libs
Android PacKage
Making of an APK
Reversing Android apps Tools and Methodologies
APKTOOLReversing APKs
- Compile/decompile apps
- Smali code
- To modify apps
Structure of an APK
assets - all the unmodified app contents
AndroidManifest.xml - Generic; The app-map
classes.dex - Java files’ package. The Dalvik executable [ yeah! the source ]
res - All the resources ( drawables, icons, values )
lib - External/custom native libraries
Resources.asrc - Compiled resources / binaries
META-INF - Certificates
Dalvik / ART
→ JVM redefined
→ Dalvik until 4.4.4 Kitkat. ART from 5.0 Lollipop
→ Executes dex
→ Dalvik - JIT, ART - AOT
DEXDalvik Executable
> Dalvik’s bytecode
> java classes
> Easy to debug
Tools
ADBAndroid Debug Bridge
- Android tool
- Drop shells, files
- Access partitions
- Install applications
Dex2JarThe source
- Small in size
- Any platform
- Extracts compiled classes out of the dex
- Easy to use
Demo
Workaround ? → Check permissions
→ Trusted app sources
→ Use ‘ anti-malware ’ apps
Glossary
- aapt : Android Asset Packaging Tool.
- dex : Dalvik executable.
- dx : Tool within the Android SDK used to convert the jar files into dex files.
- R.java : A class with static methods to reference all the resources.
In-depth Introduction to Android Permission Model
Android Internals by Karim Yaghmour
Logcat Security Issue
Dalvik and ART
Dex2jar, ADB, APK Tool
DexGuard obfuscator
Dalvik opcodes
OWASP Seraphimdroid
References
Thank You
Recommended