Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
FRAUG - Point sécu Android 2020
Search
Michaël Ohayon
March 18, 2020
Technology
0
58
FRAUG - Point sécu Android 2020
Michaël Ohayon
March 18, 2020
Tweet
Share
More Decks by Michaël Ohayon
See All by Michaël Ohayon
Bringing your Flutter App to the Web
mikklfr
0
20
Sécuriser ses appels réseau Android, de 2009 à 2019
mikklfr
0
13
Android et qualité logicielle
mikklfr
0
11
Securing Network Calls on Android, from 2009 to 2019
mikklfr
0
100
Other Decks in Technology
See All in Technology
【TSkaigi】2024/05/11 当日スライド
kimitashoichi
14
4.1k
iThome2024 Wailing Wall of Enterprise Security
notsurprised
0
310
Databricksの生成AI戦略
taka_aki
1
390
20240516 OpenID TechNight Vol.21 OpenIDファウンデーション・ジャパンの 今後の活動について
oidfj
0
190
漠然とOSSにコントリビュートしたいと思っていた昔の自分へ
sansantech
PRO
2
160
TiDBにおけるテーブル設計と最適化の事例
cygames
0
820
#phpconkagawa レガシーコードにもオブザーバビリティを 〜少しずつ始めるサービス監視〜
yamato_sorariku
0
570
マルチテナントマルチクラスタKubernetesでもUXを損なわない認証認可の勘所
pfn
PRO
1
180
ハードウェアを動かすTypeScriptの世界
9wick
3
1.2k
エムスリーマルチデバイスチーム紹介資料 / Introduction of M3 Multi Device Team
m3_engineering
1
180
Money-saving tips for the frugal serverless developer
theburningmonk
1
430
SLOいつ決めましょう?
abnoumaru
3
890
Featured
See All Featured
Why Our Code Smells
bkeepers
PRO
331
56k
Principles of Awesome APIs and How to Build Them.
keavy
121
16k
We Have a Design System, Now What?
morganepeng
43
6.8k
Building Better People: How to give real-time feedback that sticks.
wjessup
356
18k
How To Stay Up To Date on Web Technology
chriscoyier
782
250k
Rails Girls Zürich Keynote
gr2m
91
13k
Reflections from 52 weeks, 52 projects
jeffersonlam
345
19k
Learning to Love Humans: Emotional Interface Design
aarron
268
39k
Building Applications with DynamoDB
mza
88
5.7k
Agile that works and the tools we love
rasmusluckow
325
20k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
117
18k
Being A Developer After 40
akosma
67
580k
Transcript
Point sécu Android 2020 fenrir.pro
AMSELLEM JÉRÉMIE Consultant / Formateur en sécurité informatique Freelance @Fenrir.pro
@lp1eu fenrir.pro
OHAYON MICHAËL Consultant / Manager chez Publicis Sapient Engineering @mikkL
fenrir.pro
"Tu peux jeter un oeil à mon téléphone ?" fenrir.pro
fenrir.pro
fenrir.pro
Comment on en est arrivé la ? fenrir.pro
Nos méthodes d'analyse fenrir.pro
Setup Terminal Android fenrir.pro
Android-x86 Genymotion BlueStacks [...] fenrir.pro 1. Émulateur
Setup Analyse du trafic fenrir.pro
Charles BurpSuite mitmproxy Fiddler [...] fenrir.pro 2. Proxy HTTP
HTTP fenrir.pro
HTTPS fenrir.pro
Chiffrement Asymétrique fenrir.pro
Chiffrement Symétrique fenrir.pro
Handshake HTTPS fenrir.pro 1. Client HELLO 2. Server HELLO 3.
Key Exchange
Mais du coup comment il fait Charles (ou Burp/autres[...]) ?
fenrir.pro
Infrastructure à clé
L'exemple du "debug"
Abus de confiance
Abus de confiance
Démo fenrir.pro
Setup Analyse Statique fenrir.pro
apktool / jadx Apk Studio BytecodeViewer JEB Decompiler fenrir.pro
Démo fenrir.pro
Un standard ? fenrir.pro
Ressources fenrir.pro
None
None
None
None
None
None
Et donc au final ? fenrir.pro
fenrir.pro Pubs in app
fenrir.pro Stores
Web fenrir.pro
Stores alternatifs fenrir.pro
Dans la presse fenrir.pro
fenrir.pro
fenrir.pro
None
Trojan-Dropper.AndroidOS.Shopper.a. fenrir.pro
Android.Xiny.5261 fenrir.pro
Du coup, on fait quoi ? fenrir.pro
fenrir.pro
Contre-mesures fenrir.pro
Question time ! fenrir.pro