Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Hack And Protect Your Apps
Search
Slvn
April 09, 2015
Programming
4
300
Hack And Protect Your Apps
Droidcon Montreal 2015
Slvn
April 09, 2015
Tweet
Share
More Decks by Slvn
See All by Slvn
ROM Cooking - Droidcon UK 20013
slvn
5
200
Hack and protect your Android app
slvn
1
370
Other Decks in Programming
See All in Programming
當開發遇上包裝:AI 如何讓產品從想法變成商品
clonn
0
320
JSAI2025 RecSysChallenge2024 優勝報告
unonao
1
310
AIコーディングの本質は“コード“ではなく“構造“だった / The essence of AI coding is not “code” but "structure
seike460
PRO
2
700
❄️ tmux-nixの実装を通して学ぶNixOSモジュール
momeemt
1
110
Use Perl as Better Shell Script
karupanerura
0
380
Perlで痩せる
yuukis
0
350
ruby.wasmとWebSocketで遊ぼう!
lnit
0
150
What Spring Developers Should Know About Jakarta EE
ivargrimstad
1
430
『Python → TypeScript』オンボーディング奮闘記
takumi_tatsuno
1
120
型安全なDrag and Dropの設計を考える
yudppp
5
630
推論された型の移植性エラーTS2742に挑む
teamlab
PRO
0
130
Agent Rules as Domain Parser
yodakeisuke
1
180
Featured
See All Featured
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
45
9.5k
Building Flexible Design Systems
yeseniaperezcruz
329
39k
BBQ
matthewcrist
88
9.6k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
123
52k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
30
2.1k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
60k
Site-Speed That Sticks
csswizardry
6
580
Typedesign – Prime Four
hannesfritz
41
2.6k
We Have a Design System, Now What?
morganepeng
52
7.6k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
19
1.2k
Bash Introduction
62gerente
613
210k
Transcript
HACK AND PROTECT YOUR APPS
AGENDA Droidcon Montréal 2015 01 Hack 02 Protect 03 Develop
04 Conclude
LET’S HACK Reverse engineering & red light saber
LET’S HACK Reverse engineering & red light saber You underestimate
the power of the dark side.
LET’S HACK Demo : AdBlock Plus
LET’S HACK Can we read Smali ? .method public isChecked
()Z .locals 1 .prologue .line 102 iget-boolean v0, p0, Lorg/jraf/android/backport/switchwidget/TwoStatePreference ;- >mChecked:Z return v0 .end method
LET’S HACK Tools adb + unzip extract apk and some
ressources apktool Smali + ressources jadx Java code (partial)
LET’S PROTECT Obfuscation & The Force
LET’S PROTECT Obfuscation & The Force Do. Or do not.
There is no try.
LET’S PROTECT What is obfuscation ? package a; public class
a { [...] public boolean a() { return a; } }
LET’S PROTECT Demo : Proguard
LET’S PROTECT Is Obfuscation enough ? public class a {
private static String a = "MotDePasseSecurePourChiffrer" ; public static Cipher a() { Cipher localCipher = Cipher.getInstance("AES/ECB/PKCS7Padding" , "BC"); localCipher .init(1, new SecretKeySpec (a.getBytes(), "AES")); return localCipher; } }
LET’S PROTECT When ? When to protect ? · Whenever
you want · Keep in mind that one motivated guy with enought ressources can break anything.
LET’S DEVELOP Audit, opportunism & more...
LET’S DEVELOP Audit, opportunism & more... GGGWARRRHH WWWW
LET’S DEVELOP How can this help me ? audit your
build, third parties apps explore frameworks debug, hidden APIs ...
LET’S CONCLUDE All good things must come to an end
LET’S CONCLUDE All good things come to an end LET’S
HACK LET’S PROTECT LET’S DEVELOP
Thank you ! Sylvain Galand
[email protected]
www.genymobile.com