cheating platform on android
play

Cheating Platform on Android Milan Gabor & Danijel Grah / W - PowerPoint PPT Presentation

Feb 18, 2024 •343 likes •786 views

Creating a kewl and simple Cheating Platform on Android Milan Gabor & Danijel Grah / W hoAreW e > Just two guys from Slovenia > Having fun breaking stuff > Love to play with apps > BSidesLV, DEF CON W all of Sheep,

  1. Creating a kewl and simple Cheating Platform on Android Milan Gabor & Danijel Grah

  2. / W hoAreW e > Just two guys from Slovenia > Having fun breaking stuff > Love to play with apps > BSidesLV, DEF CON W all of Sheep, BalcCon, Hacktivity, GrrCON, Hackito Ergo Sum, DefCamp, Hek. si DeepSec 2014

  3. Famous . si people DeepSec 2014

  4. Famous . si people DeepSec 2014

  5. Agenda > Android mobile apps > Analysis (static, dynamic) > Vaccinating APK, Android > DEMO > DEMO > DEMO > The end DeepSec 2014

  6. DeepSec 2014

  7. Status 2013/ 2014 DeepSec 2014

  8. DeepSec 2014

  9. Our story DeepSec 2014

  10. > YES, we can! > W e want something that works! > W e want to test mobile apps! DeepSec 2014

  11. > Living inside of APK > Changing and accesing variables > Executing code at runtime > Effectively and easy to use > Java based DeepSec 2014

  12. Demo/ Video DeepSec 2014

  13. > Java code is obfuscated > Static analysis > Dynamical analysis > W hat if > Hard time DeepSec 2014

  14. DeepSec 2014

  15. Testing app/ 1 > Get the APK > Unpack > Decompile > Check code > Identify important segments DeepSec 2014

  16. Demo 1 DeepSec 2014

  17. Testing app/ 2 > Start simulator with proxy > Install app in emulator or device > Use W ireshark, Fiddler &/ || Zap &/ || Burp to monitor network > Run app > See logs, dump, crashes, files DeepSec 2014

  18. Request DeepSec 2014

  19. Reply DeepSec 2014

  20. Dictionary > Dynamical analysis > Reflection > BeanShell > Combination of static/ dynamic DeepSec 2014

  21. Reflection > " Reflection" is a language' s ability to inspect and dynamically call classes, methods, attributes, etc. at runtime. > Java looking Java DeepSec 2014

  22. BeanShell > Java Interpreter > Scripting Language > Small > Embeddable / Extensible > A natural scripting language for Java DeepSec 2014

  23. DeepSec 2014

  24. DeepSec 2014

  25. DeepSec 2014

  26. Vaccine DeepSec 2014

  27. . / vaccine i game. apk DeepSec 2014

  28. . / vaccine i game. apk DeepSec 2014

  29. . / vaccine i game. apk DeepSec 2014

  30. Vaccine UI DeepSec 2014

  31. Disclaimer This presentation was created for educational purposes. W e will not take any responsibility for any action you cause using the information shown in this presentation. Please do not contact us with blackhat type hacking requests. Thanks! Original taken from: http: / / www. lo0. ro/ DeepSec 2014

  32. Demo(s) . / vaccine -i android. apk -p 8888 DeepSec 2014

  33. DeepSec 2014

  34. DeepSec 2014

  35. DeepSec 2014

  36. Dictionary > ADBI, DDI > Zygote > Shared libraries > Hooking > JNI and native functions DeepSec 2014

  37. Injecting vaccine at runtime > > Prepared shared library with DDI framework > Zygote > W hen Zygote specializes the shared libary is loaded into target proces and executed > (hooks) android. app. Activity onStart method > Native methods loads classes from / data/ dalvi- cache/ vaclasses. dex (Vaccine service, Beanshell) > Native method gives execution over to original method > Connect and use Vaccine as before DeepSec 2014

  38. Demo > Is it possible to inject Vaccine into Google Apps at runtime? DeepSec 2014

  39. Pros/ cons APK Android > APK » No need for rooted phone » Untrusted sources » Download, modify, upload > Android » No need for APK modification » Rooted phone » Injecting shared libs (more skills needed) DeepSec 2014

  40. DeepSec 2014

  41. Possible usage > Not only for Android > Reflection is still NOT dead > Tested with Oracle Foms > Have idea to use it with other Java apps/ applets (Minecraft maybe) > SIMPLE and Ultimate cheating platform DeepSec 2014

  42. Final thoughts > One script, small GUI tool (never be finished) > Help testers, researchers (hackers, cheaters) > Open for suggestions, improvements, comments DeepSec 2014

  43. DeepSec 2014

  44. www. github. com/ viris @ MilanGabor @ alm8i DeepSec 2014

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Android Android Application Development - Ashwin Agenda Android Platform Overview

Android Android Application Development - Ashwin Agenda Android Platform Overview

Android Android Application Development - Ashwin Agenda Android Platform Overview Installation Building Blocks Application Development Development Tools Source walk through Introduction to Android Open software

978 views • 49 slides
Profiling and optimization for Android applications on the tATAmI platform UNDERSTANDING THE T

Profiling and optimization for Android applications on the tATAmI platform UNDERSTANDING THE T

Profiling and optimization for Android applications on the tATAmI platform UNDERSTANDING THE T ATA M I PLATFORM AND THE S-CLAIM LANGUAGE Outline Intro The tATAmI Platform S-CLAIM An Example Scenario (ProCon Android App) Intro

540 views • 20 slides
6 Cheating Prevention Goals traditional cheating in computer games protect the sensitive

6 Cheating Prevention Goals traditional cheating in computer games protect the sensitive

6 Cheating Prevention Goals traditional cheating in computer games protect the sensitive information cracking the copy protection cracking passwords fiddling with the binaries: boosters, trainers, etc. pretending to be an

331 views • 3 slides
Interrogating Character #PZ50th Image credit:

Interrogating Character #PZ50th Image credit:

Interrogating Character #PZ50th Image credit: http://www.nytimes.com/2012/09/15/opinion/the-long-legacy-of-cheating-at-harvard Rate of Cheating (%) 100 20 40 60 80 0 2.0 Grade Point Average (GPA) 2.5 Predicted Rates of Cheating [Scale

192 views • 6 slides
Modeling the Android Platform Etienne Payet LIM-ERIMIA, universit e de la R eunion

Modeling the Android Platform Etienne Payet LIM-ERIMIA, universit e de la R eunion

Modeling the Android Platform Etienne Payet LIM-ERIMIA, universit e de la R eunion BYTECODE13 Saturday 23 March 2013 Etienne Payet (LIM-ERIMIA) Modeling the Android Platform BYTECODE13 1 / 50 Reunion, a part of France

628 views • 50 slides
Android Introduction Architecture Activities, Lifecycle Development Environment 1 Why Android?

Android Introduction Architecture Activities, Lifecycle Development Environment 1 Why Android?

Android Introduction Architecture Activities, Lifecycle Development Environment 1 Why Android? Pervasive Mobile Platform - Runs on hundreds of millions of mobile phones, tablets - Worlds most popular & frequently installed mobile OS

896 views • 73 slides
Competition Authority About Platform Markets Esra KKKZ Competition Expert at TCA

Competition Authority About Platform Markets Esra KKKZ Competition Expert at TCA

Important Cases of Turkish Competition Authority About Platform Markets Esra KKKZ Competition Expert at TCA Google Android (Decision Date: 19.09.2018, Decision Number: 18-33/555-273) Android Open Source Project Open Source Android

417 views • 29 slides
A Real-time Extension to the Android Platform Igor Kalkov, Dominik Franke, John F. Schommer,

A Real-time Extension to the Android Platform Igor Kalkov, Dominik Franke, John F. Schommer,

JTRES 2012 A Real-time Extension to the Android Platform Igor Kalkov, Dominik Franke, John F. Schommer, Stefan Kowalewski 24-26 October 2012 Copenhagen, Denmark Introduction Mobile platform by Open Handset Alliance - Supervised by

490 views • 16 slides
APIM IGRATOR : An API-Usage Migration Tool for Android Apps Mattia Fazzini Qi Xin Alessandro

APIM IGRATOR : An API-Usage Migration Tool for Android Apps Mattia Fazzini Qi Xin Alessandro

APIM IGRATOR : An API-Usage Migration Tool for Android Apps Mattia Fazzini Qi Xin Alessandro Orso Mobile Applications Platform Platform Tight Coupling Platforms Change Platforms Change Frequently Android Petit Four Cupcake Donut 1.1

491 views • 28 slides
Automated API-Usage Update for Android Apps Mattia Fazzini Qi Xin Alessandro Orso Mobile

Automated API-Usage Update for Android Apps Mattia Fazzini Qi Xin Alessandro Orso Mobile

Automated API-Usage Update for Android Apps Mattia Fazzini Qi Xin Alessandro Orso Mobile Applications Platform Platform Tight Coupling Platforms Change Platforms Change Frequently Android Petit Four Cupcake Donut 1.1 Eclair Froyo

901 views • 70 slides
Cross-platform support: Android, IOS, Windows, OS X, Chromecast,

Cross-platform support: Android, IOS, Windows, OS X, Chromecast,

Cross-platform support: Android, IOS, Windows, OS X, Chromecast, Apple TV. Also works on Linux (Unofficially)

435 views • 20 slides
Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2 Anthony Morris Jan-Felix Schmakeit Tech Lead, Android Maps API Android Developer Relations Code, Slides, Worksheet: http://goo.gl/MfY67 Welcome!

687 views • 49 slides
Download FoodSwitch for iOS or Android FoodSwitch: A mobile platform for packaged food

Download FoodSwitch for iOS or Android FoodSwitch: A mobile platform for packaged food

Download FoodSwitch for iOS or Android FoodSwitch: A mobile platform for packaged food surveillance and behavioral research Mark Huffman, MD, MPH Department of Preventive Medicine and Medicine-Cardiology Northwestern University Feinberg

755 views • 44 slides
Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to use operating system that powers more than a billion devices across the globe - from phones and tablets to watches, TV, cars and more to come.

464 views • 21 slides
TACKYDROID Pentesting Android Applications in Style THIS TALK IS ABOUT AN APP WE ARE MAKING

TACKYDROID Pentesting Android Applications in Style THIS TALK IS ABOUT AN APP WE ARE MAKING

TACKYDROID Pentesting Android Applications in Style THIS TALK IS ABOUT AN APP WE ARE MAKING This talk IS NOT about Android platform itself This talk IS about how we want to contribute auditing apps that run on Android systems With

975 views • 74 slides
CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest

CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest

Project #1: Color Guess Game CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="net.cserna.bence.colorguess

201 views • 3 slides
Mobile Security Srdjan Matic < srdjan@security.di.unimi.it > Aristide Fattori <

Mobile Security Srdjan Matic < srdjan@security.di.unimi.it > Aristide Fattori <

Universit` a degli Studi di Milano Facolt` a di Scienze e Tecnologie Dipartimento di Informatica Mobile Security Srdjan Matic < srdjan@security.di.unimi.it > Aristide Fattori < aristide@security.di.unimi.it > A.A. 20132014

1.69k views • 55 slides
Android Multilib Build Cheat Sheet Presented by Amit Pundir twitter: pundiramit irc: pundir at

Android Multilib Build Cheat Sheet Presented by Amit Pundir twitter: pundiramit irc: pundir at

Android Multilib Build Cheat Sheet Presented by Amit Pundir twitter: pundiramit irc: pundir at #linaro-android (freenode) Date Monday, 23rd March 2015 Android Builders Summit Android Multilib Build Cheat Sheet AOSP build configurations

773 views • 26 slides
Are Humans Ready? Andrew Tsonchev, Director of Technology, Darktrace Industrial YOUR COMPUTER HAS

Are Humans Ready? Andrew Tsonchev, Director of Technology, Darktrace Industrial YOUR COMPUTER HAS

AI-Based Autonomous Response: Are Humans Ready? Andrew Tsonchev, Director of Technology, Darktrace Industrial YOUR COMPUTER HAS BEEN LOCKED This operating system is locked due to the violation of the federal laws of the United States of

1.05k views • 14 slides
Using Technology to Engage Families Wednesday, May 16, 2018 1:15 pm -2:30 pm Smithsonian Early

Using Technology to Engage Families Wednesday, May 16, 2018 1:15 pm -2:30 pm Smithsonian Early

Digital Distractions: Using Technology to Engage Families Wednesday, May 16, 2018 1:15 pm -2:30 pm Smithsonian Early Enrichment Center Tamara Kaldor Associate Director TEC Center at Erikson Institute Alexandra Pafilis Director of Early

755 views • 52 slides
Automatic Differentiation for Computational Engineering Kailai Xu and Eric Darve CME 216 AD 1

Automatic Differentiation for Computational Engineering Kailai Xu and Eric Darve CME 216 AD 1

Automatic Differentiation for Computational Engineering Kailai Xu and Eric Darve CME 216 AD 1 / 47 Outline Overview 1 Computational Graph 2 Forward Mode 3 Reverse Mode 4 AD for Physical Simulation 5 AD Through Implicit Operators 6

809 views • 51 slides
How applications are run on Android ? Jean-Loup Bogalho & Jrmy Lefaure

How applications are run on Android ? Jean-Loup Bogalho & Jrmy Lefaure

How applications are run on Android ? Jean-Loup Bogalho & Jrmy Lefaure clippix@lse.epita.fr blatinox@lse.epita.fr Table of contents 1. Dalvik and ART 2. Executable files 3. Memory management 4. Compilation What is Dalvik ?

709 views • 44 slides
Intro to Multithreading Ryan Eberhardt and Armin Namavari May 5, 2020 Class logistics Fill out

Intro to Multithreading Ryan Eberhardt and Armin Namavari May 5, 2020 Class logistics Fill out

Intro to Multithreading Ryan Eberhardt and Armin Namavari May 5, 2020 Class logistics Fill out weekly survey by Wednesday night First project (mini GDB) is out Youll be free to work with a partner! Well have some way for you

699 views • 36 slides
Parameter Estimation Smoothing p(x 1 = h , x 2 = o , x 3 = r , x 4 = s , x 5 = e , x 6 = s , )

Parameter Estimation Smoothing p(x 1 = h , x 2 = o , x 3 = r , x 4 = s , x 5 = e , x 6 = s , )

Parameter Estimation Smoothing p(x 1 = h , x 2 = o , x 3 = r , x 4 = s , x 5 = e , x 6 = s , ) p( h | BOS, BOS) trigram models 4470/52108 parameters * p( o | BOS, h ) 395/ 4470 * p( r | h , o ) values of 1417/14765 those * p( s

304 views • 3 slides

More recommend