cheating platform on android
play

Cheating Platform on Android Milan Gabor & Danijel Grah / W - PowerPoint PPT Presentation

Feb 18, 2024 •343 likes •786 views

Creating a kewl and simple Cheating Platform on Android Milan Gabor & Danijel Grah / W hoAreW e > Just two guys from Slovenia > Having fun breaking stuff > Love to play with apps > BSidesLV, DEF CON W all of Sheep,

  1. Creating a kewl and simple Cheating Platform on Android Milan Gabor & Danijel Grah

  2. / W hoAreW e > Just two guys from Slovenia > Having fun breaking stuff > Love to play with apps > BSidesLV, DEF CON W all of Sheep, BalcCon, Hacktivity, GrrCON, Hackito Ergo Sum, DefCamp, Hek. si DeepSec 2014

  3. Famous . si people DeepSec 2014

  4. Famous . si people DeepSec 2014

  5. Agenda > Android mobile apps > Analysis (static, dynamic) > Vaccinating APK, Android > DEMO > DEMO > DEMO > The end DeepSec 2014

  6. DeepSec 2014

  7. Status 2013/ 2014 DeepSec 2014

  8. DeepSec 2014

  9. Our story DeepSec 2014

  10. > YES, we can! > W e want something that works! > W e want to test mobile apps! DeepSec 2014

  11. > Living inside of APK > Changing and accesing variables > Executing code at runtime > Effectively and easy to use > Java based DeepSec 2014

  12. Demo/ Video DeepSec 2014

  13. > Java code is obfuscated > Static analysis > Dynamical analysis > W hat if > Hard time DeepSec 2014

  14. DeepSec 2014

  15. Testing app/ 1 > Get the APK > Unpack > Decompile > Check code > Identify important segments DeepSec 2014

  16. Demo 1 DeepSec 2014

  17. Testing app/ 2 > Start simulator with proxy > Install app in emulator or device > Use W ireshark, Fiddler &/ || Zap &/ || Burp to monitor network > Run app > See logs, dump, crashes, files DeepSec 2014

  18. Request DeepSec 2014

  19. Reply DeepSec 2014

  20. Dictionary > Dynamical analysis > Reflection > BeanShell > Combination of static/ dynamic DeepSec 2014

  21. Reflection > " Reflection" is a language' s ability to inspect and dynamically call classes, methods, attributes, etc. at runtime. > Java looking Java DeepSec 2014

  22. BeanShell > Java Interpreter > Scripting Language > Small > Embeddable / Extensible > A natural scripting language for Java DeepSec 2014

  23. DeepSec 2014

  24. DeepSec 2014

  25. DeepSec 2014

  26. Vaccine DeepSec 2014

  27. . / vaccine i game. apk DeepSec 2014

  28. . / vaccine i game. apk DeepSec 2014

  29. . / vaccine i game. apk DeepSec 2014

  30. Vaccine UI DeepSec 2014

  31. Disclaimer This presentation was created for educational purposes. W e will not take any responsibility for any action you cause using the information shown in this presentation. Please do not contact us with blackhat type hacking requests. Thanks! Original taken from: http: / / www. lo0. ro/ DeepSec 2014

  32. Demo(s) . / vaccine -i android. apk -p 8888 DeepSec 2014

  33. DeepSec 2014

  34. DeepSec 2014

  35. DeepSec 2014

  36. Dictionary > ADBI, DDI > Zygote > Shared libraries > Hooking > JNI and native functions DeepSec 2014

  37. Injecting vaccine at runtime > > Prepared shared library with DDI framework > Zygote > W hen Zygote specializes the shared libary is loaded into target proces and executed > (hooks) android. app. Activity onStart method > Native methods loads classes from / data/ dalvi- cache/ vaclasses. dex (Vaccine service, Beanshell) > Native method gives execution over to original method > Connect and use Vaccine as before DeepSec 2014

  38. Demo > Is it possible to inject Vaccine into Google Apps at runtime? DeepSec 2014

  39. Pros/ cons APK Android > APK » No need for rooted phone » Untrusted sources » Download, modify, upload > Android » No need for APK modification » Rooted phone » Injecting shared libs (more skills needed) DeepSec 2014

  40. DeepSec 2014

  41. Possible usage > Not only for Android > Reflection is still NOT dead > Tested with Oracle Foms > Have idea to use it with other Java apps/ applets (Minecraft maybe) > SIMPLE and Ultimate cheating platform DeepSec 2014

  42. Final thoughts > One script, small GUI tool (never be finished) > Help testers, researchers (hackers, cheaters) > Open for suggestions, improvements, comments DeepSec 2014

  43. DeepSec 2014

  44. www. github. com/ viris @ MilanGabor @ alm8i DeepSec 2014

Recommend

Android Android Application Development - Ashwin Agenda Android Platform Overview

Android Android Application Development - Ashwin Agenda Android Platform Overview

Android Android Application Development - Ashwin Agenda Android Platform Overview Installation Building Blocks Application Development Development Tools Source walk through Introduction to Android Open software

978 views • 49 slides
Profiling and optimization for Android applications on the tATAmI platform UNDERSTANDING THE T

Profiling and optimization for Android applications on the tATAmI platform UNDERSTANDING THE T

Profiling and optimization for Android applications on the tATAmI platform UNDERSTANDING THE T ATA M I PLATFORM AND THE S-CLAIM LANGUAGE Outline Intro The tATAmI Platform S-CLAIM An Example Scenario (ProCon Android App) Intro

540 views • 20 slides
6 Cheating Prevention Goals traditional cheating in computer games protect the sensitive

6 Cheating Prevention Goals traditional cheating in computer games protect the sensitive

6 Cheating Prevention Goals traditional cheating in computer games protect the sensitive information cracking the copy protection cracking passwords fiddling with the binaries: boosters, trainers, etc. pretending to be an

331 views • 3 slides
Interrogating Character #PZ50th Image credit:

Interrogating Character #PZ50th Image credit:

Interrogating Character #PZ50th Image credit: http://www.nytimes.com/2012/09/15/opinion/the-long-legacy-of-cheating-at-harvard Rate of Cheating (%) 100 20 40 60 80 0 2.0 Grade Point Average (GPA) 2.5 Predicted Rates of Cheating [Scale

192 views • 6 slides
Modeling the Android Platform Etienne Payet LIM-ERIMIA, universit e de la R eunion

Modeling the Android Platform Etienne Payet LIM-ERIMIA, universit e de la R eunion

Modeling the Android Platform Etienne Payet LIM-ERIMIA, universit e de la R eunion BYTECODE13 Saturday 23 March 2013 Etienne Payet (LIM-ERIMIA) Modeling the Android Platform BYTECODE13 1 / 50 Reunion, a part of France

628 views • 50 slides
Android Introduction Architecture Activities, Lifecycle Development Environment 1 Why Android?

Android Introduction Architecture Activities, Lifecycle Development Environment 1 Why Android?

Android Introduction Architecture Activities, Lifecycle Development Environment 1 Why Android? Pervasive Mobile Platform - Runs on hundreds of millions of mobile phones, tablets - Worlds most popular & frequently installed mobile OS

896 views • 73 slides
Competition Authority About Platform Markets Esra KKKZ Competition Expert at TCA

Competition Authority About Platform Markets Esra KKKZ Competition Expert at TCA

Important Cases of Turkish Competition Authority About Platform Markets Esra KKKZ Competition Expert at TCA Google Android (Decision Date: 19.09.2018, Decision Number: 18-33/555-273) Android Open Source Project Open Source Android

417 views • 29 slides
A Real-time Extension to the Android Platform Igor Kalkov, Dominik Franke, John F. Schommer,

A Real-time Extension to the Android Platform Igor Kalkov, Dominik Franke, John F. Schommer,

JTRES 2012 A Real-time Extension to the Android Platform Igor Kalkov, Dominik Franke, John F. Schommer, Stefan Kowalewski 24-26 October 2012 Copenhagen, Denmark Introduction Mobile platform by Open Handset Alliance - Supervised by

490 views • 16 slides
APIM IGRATOR : An API-Usage Migration Tool for Android Apps Mattia Fazzini Qi Xin Alessandro

APIM IGRATOR : An API-Usage Migration Tool for Android Apps Mattia Fazzini Qi Xin Alessandro

APIM IGRATOR : An API-Usage Migration Tool for Android Apps Mattia Fazzini Qi Xin Alessandro Orso Mobile Applications Platform Platform Tight Coupling Platforms Change Platforms Change Frequently Android Petit Four Cupcake Donut 1.1

491 views • 28 slides
Automated API-Usage Update for Android Apps Mattia Fazzini Qi Xin Alessandro Orso Mobile

Automated API-Usage Update for Android Apps Mattia Fazzini Qi Xin Alessandro Orso Mobile

Automated API-Usage Update for Android Apps Mattia Fazzini Qi Xin Alessandro Orso Mobile Applications Platform Platform Tight Coupling Platforms Change Platforms Change Frequently Android Petit Four Cupcake Donut 1.1 Eclair Froyo

901 views • 70 slides
Cross-platform support: Android, IOS, Windows, OS X, Chromecast,

Cross-platform support: Android, IOS, Windows, OS X, Chromecast,

Cross-platform support: Android, IOS, Windows, OS X, Chromecast, Apple TV. Also works on Linux (Unofficially)

435 views • 20 slides
Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2 Anthony Morris Jan-Felix Schmakeit Tech Lead, Android Maps API Android Developer Relations Code, Slides, Worksheet: http://goo.gl/MfY67 Welcome!

687 views • 49 slides
Download FoodSwitch for iOS or Android FoodSwitch: A mobile platform for packaged food

Download FoodSwitch for iOS or Android FoodSwitch: A mobile platform for packaged food

Download FoodSwitch for iOS or Android FoodSwitch: A mobile platform for packaged food surveillance and behavioral research Mark Huffman, MD, MPH Department of Preventive Medicine and Medicine-Cardiology Northwestern University Feinberg

755 views • 44 slides
Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to use operating system that powers more than a billion devices across the globe - from phones and tablets to watches, TV, cars and more to come.

464 views • 21 slides
TACKYDROID Pentesting Android Applications in Style THIS TALK IS ABOUT AN APP WE ARE MAKING

TACKYDROID Pentesting Android Applications in Style THIS TALK IS ABOUT AN APP WE ARE MAKING

TACKYDROID Pentesting Android Applications in Style THIS TALK IS ABOUT AN APP WE ARE MAKING This talk IS NOT about Android platform itself This talk IS about how we want to contribute auditing apps that run on Android systems With

975 views • 74 slides
CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest

CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest

Project #1: Color Guess Game CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="net.cserna.bence.colorguess

201 views • 3 slides
What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4

What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4

What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4 Development, Meier, Ch 11, pg 437 Speech recognition: Accept inputs as speech (instead of typing) e.g. dragon dictate app? Note: Google

333 views • 16 slides
Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android

Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android

Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android which gives us the liberty to perform heavy tasks in the background and keep the UI thread light thus making the application more responsive. Basic

240 views • 5 slides
Denotational semantics Object language Operational semantics 1 Cheating? State passing save ,

Denotational semantics Object language Operational semantics 1 Cheating? State passing save ,

Denotational semantics Object language Operational semantics 1 Cheating? State passing save , load Add register 1 Cheating? State passing save , load set! Add register 1 Cheating? Continuation passing reset catch , throw , both ,

367 views • 35 slides
CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

583 views • 31 slides
CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

1.49k views • 70 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle

CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle

CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle Emmanuel Agu Android UI Design Example GeoQuiz App Reference: Android Nerd Ranch, pgs 1 32 App presents questions to test users knowledge

1k views • 96 slides
Services Android Services A Service is an application component that runs in the background, not

Services Android Services A Service is an application component that runs in the background, not

Lesson 22 Lesson 22 Android Android Services Victor Matos Cleveland State University Cleveland State University Notes are based on: Android Developers http://developer.android.com/index.html Portions of this page are reproduced from work

692 views • 26 slides

More recommend