cheating platform on android
play

Cheating Platform on Android Milan Gabor & Danijel Grah / W - PowerPoint PPT Presentation

Creating a kewl and simple Cheating Platform on Android Milan Gabor & Danijel Grah / W hoAreW e > Just two guys from Slovenia > Having fun breaking stuff > Love to play with apps > BSidesLV, DEF CON W all of Sheep,


  1. Creating a kewl and simple Cheating Platform on Android Milan Gabor & Danijel Grah

  2. / W hoAreW e > Just two guys from Slovenia > Having fun breaking stuff > Love to play with apps > BSidesLV, DEF CON W all of Sheep, BalcCon, Hacktivity, GrrCON, Hackito Ergo Sum, DefCamp, Hek. si DeepSec 2014

  3. Famous . si people DeepSec 2014

  4. Famous . si people DeepSec 2014

  5. Agenda > Android mobile apps > Analysis (static, dynamic) > Vaccinating APK, Android > DEMO > DEMO > DEMO > The end DeepSec 2014

  6. DeepSec 2014

  7. Status 2013/ 2014 DeepSec 2014

  8. DeepSec 2014

  9. Our story DeepSec 2014

  10. > YES, we can! > W e want something that works! > W e want to test mobile apps! DeepSec 2014

  11. > Living inside of APK > Changing and accesing variables > Executing code at runtime > Effectively and easy to use > Java based DeepSec 2014

  12. Demo/ Video DeepSec 2014

  13. > Java code is obfuscated > Static analysis > Dynamical analysis > W hat if > Hard time DeepSec 2014

  14. DeepSec 2014

  15. Testing app/ 1 > Get the APK > Unpack > Decompile > Check code > Identify important segments DeepSec 2014

  16. Demo 1 DeepSec 2014

  17. Testing app/ 2 > Start simulator with proxy > Install app in emulator or device > Use W ireshark, Fiddler &/ || Zap &/ || Burp to monitor network > Run app > See logs, dump, crashes, files DeepSec 2014

  18. Request DeepSec 2014

  19. Reply DeepSec 2014

  20. Dictionary > Dynamical analysis > Reflection > BeanShell > Combination of static/ dynamic DeepSec 2014

  21. Reflection > " Reflection" is a language' s ability to inspect and dynamically call classes, methods, attributes, etc. at runtime. > Java looking Java DeepSec 2014

  22. BeanShell > Java Interpreter > Scripting Language > Small > Embeddable / Extensible > A natural scripting language for Java DeepSec 2014

  23. DeepSec 2014

  24. DeepSec 2014

  25. DeepSec 2014

  26. Vaccine DeepSec 2014

  27. . / vaccine i game. apk DeepSec 2014

  28. . / vaccine i game. apk DeepSec 2014

  29. . / vaccine i game. apk DeepSec 2014

  30. Vaccine UI DeepSec 2014

  31. Disclaimer This presentation was created for educational purposes. W e will not take any responsibility for any action you cause using the information shown in this presentation. Please do not contact us with blackhat type hacking requests. Thanks! Original taken from: http: / / www. lo0. ro/ DeepSec 2014

  32. Demo(s) . / vaccine -i android. apk -p 8888 DeepSec 2014

  33. DeepSec 2014

  34. DeepSec 2014

  35. DeepSec 2014

  36. Dictionary > ADBI, DDI > Zygote > Shared libraries > Hooking > JNI and native functions DeepSec 2014

  37. Injecting vaccine at runtime > > Prepared shared library with DDI framework > Zygote > W hen Zygote specializes the shared libary is loaded into target proces and executed > (hooks) android. app. Activity onStart method > Native methods loads classes from / data/ dalvi- cache/ vaclasses. dex (Vaccine service, Beanshell) > Native method gives execution over to original method > Connect and use Vaccine as before DeepSec 2014

  38. Demo > Is it possible to inject Vaccine into Google Apps at runtime? DeepSec 2014

  39. Pros/ cons APK Android > APK » No need for rooted phone » Untrusted sources » Download, modify, upload > Android » No need for APK modification » Rooted phone » Injecting shared libs (more skills needed) DeepSec 2014

  40. DeepSec 2014

  41. Possible usage > Not only for Android > Reflection is still NOT dead > Tested with Oracle Foms > Have idea to use it with other Java apps/ applets (Minecraft maybe) > SIMPLE and Ultimate cheating platform DeepSec 2014

  42. Final thoughts > One script, small GUI tool (never be finished) > Help testers, researchers (hackers, cheaters) > Open for suggestions, improvements, comments DeepSec 2014

  43. DeepSec 2014

  44. www. github. com/ viris @ MilanGabor @ alm8i DeepSec 2014

Recommend


More recommend