Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Hack And Protect Your Apps
Search
Slvn
April 09, 2015
Programming
4
300
Hack And Protect Your Apps
Droidcon Montreal 2015
Slvn
April 09, 2015
Tweet
Share
More Decks by Slvn
See All by Slvn
ROM Cooking - Droidcon UK 20013
slvn
5
190
Hack and protect your Android app
slvn
1
370
Other Decks in Programming
See All in Programming
Swiftコンパイラ超入門+async関数の仕組み
shiz
0
180
Jaspr Dart Web Framework 박제창 @Devfest 2024
itsmedreamwalker
0
150
Scaling your build logic
antalmonori
1
100
Alba: Why, How and What's So Interesting
okuramasafumi
0
210
情報漏洩させないための設計
kubotak
5
1.3k
React 19でお手軽にCSS-in-JSを自作する
yukukotani
5
570
[JAWS-UG横浜 #80] うわっ…今年のServerless アップデート、少なすぎ…?
maroon1st
0
110
Rubyでつくるパケットキャプチャツール
ydah
0
180
Lookerは可視化だけじゃない。UIコンポーネントもあるんだ!
ymd65536
1
130
Fibonacci Function Gallery - Part 2
philipschwarz
PRO
0
210
GitHub CopilotでTypeScriptの コード生成するワザップ
starfish719
26
6k
PHPで学ぶプログラミングの教訓 / Lessons in Programming Learned through PHP
nrslib
4
1.1k
Featured
See All Featured
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.3k
How to Think Like a Performance Engineer
csswizardry
22
1.3k
Building an army of robots
kneath
302
45k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
The Pragmatic Product Professional
lauravandoore
32
6.4k
Code Reviewing Like a Champion
maltzj
521
39k
Agile that works and the tools we love
rasmusluckow
328
21k
What's in a price? How to price your products and services
michaelherold
244
12k
A Tale of Four Properties
chriscoyier
157
23k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
3
360
Building Better People: How to give real-time feedback that sticks.
wjessup
366
19k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
27
1.5k
Transcript
HACK AND PROTECT YOUR APPS
AGENDA Droidcon Montréal 2015 01 Hack 02 Protect 03 Develop
04 Conclude
LET’S HACK Reverse engineering & red light saber
LET’S HACK Reverse engineering & red light saber You underestimate
the power of the dark side.
LET’S HACK Demo : AdBlock Plus
LET’S HACK Can we read Smali ? .method public isChecked
()Z .locals 1 .prologue .line 102 iget-boolean v0, p0, Lorg/jraf/android/backport/switchwidget/TwoStatePreference ;- >mChecked:Z return v0 .end method
LET’S HACK Tools adb + unzip extract apk and some
ressources apktool Smali + ressources jadx Java code (partial)
LET’S PROTECT Obfuscation & The Force
LET’S PROTECT Obfuscation & The Force Do. Or do not.
There is no try.
LET’S PROTECT What is obfuscation ? package a; public class
a { [...] public boolean a() { return a; } }
LET’S PROTECT Demo : Proguard
LET’S PROTECT Is Obfuscation enough ? public class a {
private static String a = "MotDePasseSecurePourChiffrer" ; public static Cipher a() { Cipher localCipher = Cipher.getInstance("AES/ECB/PKCS7Padding" , "BC"); localCipher .init(1, new SecretKeySpec (a.getBytes(), "AES")); return localCipher; } }
LET’S PROTECT When ? When to protect ? · Whenever
you want · Keep in mind that one motivated guy with enought ressources can break anything.
LET’S DEVELOP Audit, opportunism & more...
LET’S DEVELOP Audit, opportunism & more... GGGWARRRHH WWWW
LET’S DEVELOP How can this help me ? audit your
build, third parties apps explore frameworks debug, hidden APIs ...
LET’S CONCLUDE All good things must come to an end
LET’S CONCLUDE All good things come to an end LET’S
HACK LET’S PROTECT LET’S DEVELOP
Thank you ! Sylvain Galand
[email protected]
www.genymobile.com
slvn
shiz
itsmedreamwalker
antalmonori
okuramasafumi
kubotak
yukukotani
maroon1st
ydah
ymd65536
philipschwarz
starfish719
nrslib
paulrobertlloyd
csswizardry
kneath
smashingmag
lauravandoore
maltzj
rasmusluckow
michaelherold
chriscoyier
tammyeverts
wjessup
bluesmoon
![Thank you ! Sylvain Galand [email protected] www.genymobile.com](https://files.speakerdeck.com/presentations/09f0e01fbef547779822ca14d7dc342a/slide_18.jpg){kind=link}