1. Trang chủ
  2. » Tất cả

stu-w02b-beginners-guide-to-reverse-engineering-android-apps

22 5 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 22
Dung lượng 0,93 MB

Các công cụ chuyển đổi và chỉnh sửa cho tài liệu này

Nội dung

#RSAC Agenda  Anatomy of an Android app  Obtaining our target apps  Getting our hands dirty: reversing the target application  Demo using Santoku Linux 2... #RSAC Downloading the AP

Trang 1

SESSION ID:

Beginners Guide to Reverse Engineering Android Apps

STU-W02B

Pau Oliva Fora

Sr Mobile Security Engineer

viaForensics

@pof

Trang 2

#RSAC

Agenda

 Anatomy of an Android app

 Obtaining our target apps

 Getting our hands dirty: reversing the target application

 Demo using Santoku Linux

2

Trang 3

Anatomy of an Android app

Trang 4

#RSAC

Anatomy of an Android app

 Simple ZIP file, renamed to

Trang 5

Obtaining our target apps

Trang 7

#RSAC

Getting the APK from the phone

 Using ADB (Android Debug Bridge):

 adb shell pm list packages

 adb pull /data/app/package-name-1.apk

7

Trang 8

#RSAC

Downloading the APK from Google Play

 Using unofficial Google Play API:

Trang 9

#RSAC

Downloading the APK from Google Play

 Using unofficial Google Play API:

Trang 10

Getting our hands dirty: reversing the target application

Trang 11

#RSAC

Disassembling

DEX Smali

11

Trang 12

 Multi platform, Apache 2.0 license

 Decode resources to original form

(and rebuild after modification)

 Transforms binary Dalvik bytecode

(classes.dex) into Smali source

12

Trang 13

#RSAC

Smali

13

Trang 14

#RSAC

Decompiling – Java Decompiler

14

Trang 15

#RSAC

Dex2Jar

 dex2jar - https://code.google.com/p/dex2jar/

 Multi platform, Apache 2.0 license

 Converts Dalvik bytecode (DEX) to java bytecode (JAR)

 Allows to use any existing Java decompiler with the resulting JAR file

15

Trang 17

#RSAC

Decompiling – Android (Dalvik) decompiler

DEX JAVA

17

Trang 18

#RSAC

Dalvik Decompilers

 Transforming DEX to JAR looses important metadata that the

decompiler could use

 Pure Dalvik decompilers skip this step, so they produce better output

 Unfortunately there are not as many choices for Android decompilers

as for Java decompilers:

 Open Source: Androguard’s DAD - https://code.google.com/p/androguard/

 Commercial: JEB - http://www.android-decompiler.com/

 Others?

18

Trang 19

Demo – Santoku

Trang 21

#RSAC

Summary

 APK files are ZIP files, can be extracted with any unzip utility

 Apktool helps extracting binary resources, and allows repacking

 Dex2jar converts Dalvik Bytecode to Java Bytecode

 Pure Android decompilers are better

 Santoku Linux has all the tools you need to reverse engineering

mobile apps

21

Trang 22

#RSAC

Q&A | Contact | Feedback

 Thanks for listening…

 @pof

 github.com/poliva

 poliva@viaforensics.com

22

Ngày đăng: 19/09/2016, 17:43

TÀI LIỆU CÙNG NGƯỜI DÙNG

TÀI LIỆU LIÊN QUAN