hide android applications in images
play

Hide Android Applications in Images Axelle Apvrille - FortiGuard - PowerPoint PPT Presentation

Nov 20, 2022 •377 likes •604 views

Hide Android Applications in Images Axelle Apvrille - FortiGuard Labs, Fortinet Ange Albertini, Corkami Hack.Lu, Lightning talk, October 2014 Who are we? Axelle axelle = { realname : Axelle Apvrille, job

  1. Hide Android Applications in Images Axelle Apvrille - FortiGuard Labs, Fortinet Ange Albertini, Corkami Hack.Lu, Lightning talk, October 2014

  2. Who are we? Axelle axelle = { ‘‘realname’’ : ‘‘Axelle Apvrille’’, ‘‘job’’ : ‘‘Mobile/IoT Malware Analyst and Research’’, ‘‘company’’ : ‘‘Fortinet, FortiGuard Labs’’ } Ange ange = { ‘‘realname’’ : ‘‘Ange Albertini’’, ‘‘hobby’’ : ‘‘Corkami’’ } Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 2/12

  3. What is this? Nice? Thanks that’s GIMP art from me ;) Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 3/12

  4. It’s an image! file says... anakin.png: PNG image data, 636298042 x 1384184774, 19-bit PNG file format 89 50 4e 47 0d 0a 1a 0a 00 01 b4 40 61 61 61 61 |.PNG.......@aaaa| 25 ed 23 3a 52 80 fb c6 13 cc 54 4d 74 f5 78 87 |%.#:R.....TMt.x.| ba 7d b5 f6 93 63 43 f0 e0 b9 99 9b 37 06 cc 8f |.}...cC.....7...| 32 59 5b 55 da 14 e2 87 68 f7 89 e5 88 14 fe 76 |2Y[U....h......v| 3e 0b cd 65 ec c4 7a 71 4d 95 c0 4e de 48 30 91 |>..e..zqM..N.H0.| ... Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 4/12

  5. It is more than that! AES Decrypt Valid Android Package (APK) Valid PNG Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 5/12

  6. Embed this “PNG” in an Android app? Imagine... ...if that PNG/APK is malicious! ◮ (Nearly) invisible to reverse engineering! ◮ The Android app is encrypted Arg! What will I see? ◮ A fat image ◮ The wrapping application ◮ Code that decrypts an asset ◮ Code that loads/installs an application But that depends how well the wrapping app is written It can be obfuscated ... Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 6/12

  7. Demo Party time! Demo! Wake up! Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 7/12

  8. In case the demo crashes - lol The APK looks genuine Archive: PocActivity-debug.apk Length Date Time Name --------- ---------- ----- ---- 508720 2014-09-11 13:41 assets/anakin.png 1272 2014-09-11 14:03 res/layout/main.xml 1988 2014-09-11 14:03 AndroidManifest.xml 1444 2014-09-11 14:03 resources.arsc 7515 2014-09-11 14:03 res/drawable-hdpi/logo.png 2455 2014-09-11 14:03 res/drawable-ldpi/logo.png 4471 2014-09-11 14:03 res/drawable-mdpi/logo.png 8856 2014-09-11 14:03 classes.dex 634 2014-09-11 14:03 META-INF/MANIFEST.MF 687 2014-09-11 14:03 META-INF/CERT.SF 776 2014-09-11 14:03 META-INF/CERT.RSA --------- ------- 538818 11 files Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 8/12

  9. In case the demo crashes - lol The image looks genuine: assets/anakin.png Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 9/12

  10. In case the demo crashes - lol The image looks genuine: assets/anakin.png Perhaps a bit ’fat’ 508720 bytes ( ≈ 500K) for 382x385 pixels Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 9/12

  11. In case the demo crashes - lol adb install WrappingApk.apk Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 10/12

  12. In case the demo crashes - lol Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 10/12

  13. In case the demo crashes - lol We could use DexClassLoader to hide this Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 10/12

  14. In case the demo crashes - lol We could use DexClassLoader to hide this Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 10/12

  15. In case the demo crashes - lol We could use DexClassLoader to hide this Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 10/12

  16. In case the demo crashes - lol Payload gets executed Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 10/12

  17. How do we do that? 1. We write a payload APK Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 11/12

  18. How do we do that? 1. We write a payload APK 2. We encrypt it using AngeCryption: it looks like a valid PNG ◮ We modify (slightly) the APK - Android does not see the change ◮ We modify (slightly) the PNG - our eyes can’t see the change Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 11/12

  19. How do we do that? 1. We write a payload APK 2. We encrypt it using AngeCryption: it looks like a valid PNG ◮ We modify (slightly) the APK - Android does not see the change ◮ We modify (slightly) the PNG - our eyes can’t see the change 3. We hack it (a little) ◮ Android does not like appended data after EOCD ◮ We put 2 EOCDs ;) Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 11/12

  20. How do we do that? 1. We write a payload APK 2. We encrypt it using AngeCryption: it looks like a valid PNG ◮ We modify (slightly) the APK - Android does not see the change ◮ We modify (slightly) the PNG - our eyes can’t see the change 3. We hack it (a little) ◮ Android does not like appended data after EOCD ◮ We put 2 EOCDs ;) 4. We implement another APK containing the PNG Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 11/12

  21. More? Status Works on Android 4.4.2 June 2014: Android Security Team notified - partial fix Contact info Axelle: @cryptax or aapvrille at fortinet dot com Ange: @angealbertini References AngeCryption: http://corkami.googlecode.com/svn/trunk/src/angecryption/ Code: https://github.com/cryptax/angeapk - soon after conf’ Corkami: https://code.google.com/p/corkami/ Fortinet’s blog: http://blog.fortinet.com Thanks to : @veorq, Android Security Team, Lobster Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 12/12

Recommend

Dr. Android and Mr. Hide: Fine-grained Permissions in Android Applications Jinseong Jeon * ,

Dr. Android and Mr. Hide: Fine-grained Permissions in Android Applications Jinseong Jeon * ,

Dr. Android and Mr. Hide: Fine-grained Permissions in Android Applications Jinseong Jeon * , Kristopher K. Micinski * , Jeffrey A. Vaughan # , Ari Fogel + , Nikhilesh Reddy + , Jeffrey S. Foster * , and Todd Millstein + . * University of Maryland,

536 views • 26 slides
Lecture 02b: Android UI Design Emmanuel Agu Resources Android Resources Resources? Images,

Lecture 02b: Android UI Design Emmanuel Agu Resources Android Resources Resources? Images,

CS 528 Mobile and Ubiquitous Computing Lecture 02b: Android UI Design Emmanuel Agu Resources Android Resources Resources? Images, strings, dimensions, layout files, menus, etc that your app uses Basically app elements declared in other

769 views • 64 slides
APPLICATIONS UDAY LINGALA CSCI 5448, Fall 2012 Content Introduction to Android system

APPLICATIONS UDAY LINGALA CSCI 5448, Fall 2012 Content Introduction to Android system

ANDROID AND ANDROID APPLICATIONS UDAY LINGALA CSCI 5448, Fall 2012 Content Introduction to Android system What is android? History Android Market Why Android Design philosophy System Architecture Features

802 views • 40 slides
CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

1.49k views • 70 slides
CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

583 views • 31 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
CS 2302, Fall 2014 Graphics Concepts Drawing in Android 11/17/2014 2 Android Alternatives

CS 2302, Fall 2014 Graphics Concepts Drawing in Android 11/17/2014 2 Android Alternatives

CS 2302, Fall 2014 Graphics Concepts Drawing in Android 11/17/2014 2 Android Alternatives Android provides several ways to create graphic images Drawable objects Defined by program code Defined in resource files Can be

414 views • 25 slides
Computing Lecture 2b: Android UI Design in XML + Examples Emmanuel Agu Resources Android

Computing Lecture 2b: Android UI Design in XML + Examples Emmanuel Agu Resources Android

CS 528 Mobile and Ubiquitous Computing Lecture 2b: Android UI Design in XML + Examples Emmanuel Agu Resources Android Resources Resources? Images, strings, dimensions, layout files, menus, etc that your app uses Basically app elements

1.05k views • 63 slides
Computing Lecture 2b: Android UI Design in XML + Examples Emmanuel Agu Resources Android

Computing Lecture 2b: Android UI Design in XML + Examples Emmanuel Agu Resources Android

CS 528 Mobile and Ubiquitous Computing Lecture 2b: Android UI Design in XML + Examples Emmanuel Agu Resources Android Resources Resources? Images, strings, dimensions, layout files, menus, etc that your app uses Basically app elements

564 views • 53 slides
TACKYDROID Pentesting Android Applications in Style THIS TALK IS ABOUT AN APP WE ARE MAKING

TACKYDROID Pentesting Android Applications in Style THIS TALK IS ABOUT AN APP WE ARE MAKING

TACKYDROID Pentesting Android Applications in Style THIS TALK IS ABOUT AN APP WE ARE MAKING This talk IS NOT about Android platform itself This talk IS about how we want to contribute auditing apps that run on Android systems With

975 views • 74 slides
St Statistical De Deobfuscati tion fo for Android Applications Benjamin Veselin Petar

St Statistical De Deobfuscati tion fo for Android Applications Benjamin Veselin Petar

St Statistical De Deobfuscati tion fo for Android Applications Benjamin Veselin Petar Martin Bichsel Raychev Tsankov Vechev Department of Computer Science Why De-obfuscate? Android binaries (APKs) (no code available) Number of APKs

520 views • 31 slides
Programming Android applications: an incomplete introduction J. Serrat Software Design December

Programming Android applications: an incomplete introduction J. Serrat Software Design December

Programming Android applications: an incomplete introduction J. Serrat Software Design December 2013 Preliminaries : Goals Introduce basic programming Android concepts Examine code for some simple examples Limited to those relevant

1.44k views • 98 slides
Playing Hide-and-Seek in Finite Fields: Hidden Number Problem and Its Applications Igor

Playing Hide-and-Seek in Finite Fields: Hidden Number Problem and Its Applications Igor

Playing Hide-and-Seek in Finite Fields: Hidden Number Problem and Its Applications Igor E. Shparlinski Centre for Advanced Computing: Algorithms and Cryptography Macquarie University igor@comp.mq.edu.au Introduction We describe a

423 views • 26 slides
Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2 Anthony Morris Jan-Felix Schmakeit Tech Lead, Android Maps API Android Developer Relations Code, Slides, Worksheet: http://goo.gl/MfY67 Welcome!

687 views • 49 slides
From Dalvik Bytecode Analysis to Leak Detection in Android Applications Alexandre Bartel, Eric

From Dalvik Bytecode Analysis to Leak Detection in Android Applications Alexandre Bartel, Eric

FlowDroid Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware T aint Analysis for Android Apps From Dalvik Bytecode Analysis to Leak Detection in Android Applications Alexandre Bartel, Eric Bodden, Steven Artz, Siegfried

620 views • 45 slides
Image Statistics space of all images typical images 10/03 Image Statistical Model Applications

Image Statistics space of all images typical images 10/03 Image Statistical Model Applications

Image Statistics space of all images typical images 10/03 Image Statistical Model Applications Image Processing / Graphics: Noise removal: How easily can we detect (and remove) artifacts or distortions? Compression: how compactly can

561 views • 23 slides
Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android

Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android

Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android Applications Daniele Gallingani, Rigel Gjomemo , V.N. Venkatakrishnan, Stefano Zanero Android Message Passing Mechanism Android apps are composed of

566 views • 23 slides
Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to use operating system that powers more than a billion devices across the globe - from phones and tablets to watches, TV, cars and more to come.

464 views • 21 slides
AndRadar: Fast Discovery of Android Applications in Alternative Markets

AndRadar: Fast Discovery of Android Applications in Alternative Markets

AndRadar: Fast Discovery of Android Applications in Alternative Markets Martina Lindorfer, Stamatis Volanis, Alessandro Sisto Matthias Neugschwandtner, Elias Athanasopoulos, Federico Maggi Christian Platzer, Sotiris

735 views • 41 slides
Advanced Computer Graphics CS 525M: ProfileDroid: Multi layer Profiling of Android Applications

Advanced Computer Graphics CS 525M: ProfileDroid: Multi layer Profiling of Android Applications

Advanced Computer Graphics CS 525M: ProfileDroid: Multi layer Profiling of Android Applications Cheng Cheng Computer Science Dept. Worcester Polytechnic Institute (WPI) Motivation More and more people Android is an very use smartphones

548 views • 23 slides
CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest

CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest

Project #1: Color Guess Game CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="net.cserna.bence.colorguess

201 views • 3 slides
What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4

What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4

What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4 Development, Meier, Ch 11, pg 437 Speech recognition: Accept inputs as speech (instead of typing) e.g. dragon dictate app? Note: Google

333 views • 16 slides
Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications Elleen Pan,

Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications Elleen Pan,

Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications Elleen Pan, Jingjing Ren, Martina Lindorfer*, Christo Wilson, and David Choffnes Northeastern University, *UC Santa Barbara Motivation + internet connectivity

400 views • 36 slides
Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android

Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android

Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android which gives us the liberty to perform heavy tasks in the background and keep the UI thread light thus making the application more responsive. Basic

240 views • 5 slides

More recommend