Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Hack And Protect Your Apps
Search
Slvn
April 09, 2015
Programming
4
300
Hack And Protect Your Apps
Droidcon Montreal 2015
Slvn
April 09, 2015
Tweet
Share
More Decks by Slvn
See All by Slvn
ROM Cooking - Droidcon UK 20013
slvn
5
190
Hack and protect your Android app
slvn
1
370
Other Decks in Programming
See All in Programming
Our Websites Need a Lifestyle Change, Not a Diet
ryantownsend
0
150
Debugging: All you need to know (for simultaneous interpreting)
jmatsu
2
890
Prolog入門
qnighy
4
1k
A New Era of Testing
mannodermaus
2
510
Developer Joy == Developer Productivity (really!)
hollycummins
1
220
Regular Expressions, REXML, Automata Learning
makenowjust
0
220
Ruby Parser progress report 2024
yui_knk
2
230
意外とフォントが大事だった話 / Font Issues on Internationalization
fumi23
0
110
今インフラ技術をイチから学び直すなら
yuhta28
1
140
GraphQLの魅力を引き出すAndroidクライアント実装
morux2
3
780
Rechartsで楽にゴリゴリにカスタマイズする!
10tera
1
170
サーバーレスで負荷試験!Step Functions + Lambdaを使ったk6の分散実行
shuntakahashi
6
1.6k
Featured
See All Featured
Agile that works and the tools we love
rasmusluckow
327
20k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
158
15k
Atom: Resistance is Futile
akmur
261
25k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
36
1.7k
The Language of Interfaces
destraynor
153
23k
How STYLIGHT went responsive
nonsquared
93
5.1k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
45
4.8k
Done Done
chrislema
180
16k
Creatively Recalculating Your Daily Design Routine
revolveconf
215
12k
Docker and Python
trallard
39
3k
Fantastic passwords and where to find them - at NoRuKo
philnash
48
2.8k
Optimising Largest Contentful Paint
csswizardry
31
2.8k
Transcript
HACK AND PROTECT YOUR APPS
AGENDA Droidcon Montréal 2015 01 Hack 02 Protect 03 Develop
04 Conclude
LET’S HACK Reverse engineering & red light saber
LET’S HACK Reverse engineering & red light saber You underestimate
the power of the dark side.
LET’S HACK Demo : AdBlock Plus
LET’S HACK Can we read Smali ? .method public isChecked
()Z .locals 1 .prologue .line 102 iget-boolean v0, p0, Lorg/jraf/android/backport/switchwidget/TwoStatePreference ;- >mChecked:Z return v0 .end method
LET’S HACK Tools adb + unzip extract apk and some
ressources apktool Smali + ressources jadx Java code (partial)
LET’S PROTECT Obfuscation & The Force
LET’S PROTECT Obfuscation & The Force Do. Or do not.
There is no try.
LET’S PROTECT What is obfuscation ? package a; public class
a { [...] public boolean a() { return a; } }
LET’S PROTECT Demo : Proguard
LET’S PROTECT Is Obfuscation enough ? public class a {
private static String a = "MotDePasseSecurePourChiffrer" ; public static Cipher a() { Cipher localCipher = Cipher.getInstance("AES/ECB/PKCS7Padding" , "BC"); localCipher .init(1, new SecretKeySpec (a.getBytes(), "AES")); return localCipher; } }
LET’S PROTECT When ? When to protect ? · Whenever
you want · Keep in mind that one motivated guy with enought ressources can break anything.
LET’S DEVELOP Audit, opportunism & more...
LET’S DEVELOP Audit, opportunism & more... GGGWARRRHH WWWW
LET’S DEVELOP How can this help me ? audit your
build, third parties apps explore frameworks debug, hidden APIs ...
LET’S CONCLUDE All good things must come to an end
LET’S CONCLUDE All good things come to an end LET’S
HACK LET’S PROTECT LET’S DEVELOP
Thank you ! Sylvain Galand
[email protected]
www.genymobile.com