hide android applications in images
play

Hide Android Applications in Images Axelle Apvrille - FortiGuard - PowerPoint PPT Presentation

Nov 20, 2022 •377 likes •604 views

Hide Android Applications in Images Axelle Apvrille - FortiGuard Labs, Fortinet Ange Albertini, Corkami Hack.Lu, Lightning talk, October 2014 Who are we? Axelle axelle = { realname : Axelle Apvrille, job

  1. Hide Android Applications in Images Axelle Apvrille - FortiGuard Labs, Fortinet Ange Albertini, Corkami Hack.Lu, Lightning talk, October 2014

  2. Who are we? Axelle axelle = { ‘‘realname’’ : ‘‘Axelle Apvrille’’, ‘‘job’’ : ‘‘Mobile/IoT Malware Analyst and Research’’, ‘‘company’’ : ‘‘Fortinet, FortiGuard Labs’’ } Ange ange = { ‘‘realname’’ : ‘‘Ange Albertini’’, ‘‘hobby’’ : ‘‘Corkami’’ } Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 2/12

  3. What is this? Nice? Thanks that’s GIMP art from me ;) Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 3/12

  4. It’s an image! file says... anakin.png: PNG image data, 636298042 x 1384184774, 19-bit PNG file format 89 50 4e 47 0d 0a 1a 0a 00 01 b4 40 61 61 61 61 |.PNG.......@aaaa| 25 ed 23 3a 52 80 fb c6 13 cc 54 4d 74 f5 78 87 |%.#:R.....TMt.x.| ba 7d b5 f6 93 63 43 f0 e0 b9 99 9b 37 06 cc 8f |.}...cC.....7...| 32 59 5b 55 da 14 e2 87 68 f7 89 e5 88 14 fe 76 |2Y[U....h......v| 3e 0b cd 65 ec c4 7a 71 4d 95 c0 4e de 48 30 91 |>..e..zqM..N.H0.| ... Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 4/12

  5. It is more than that! AES Decrypt Valid Android Package (APK) Valid PNG Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 5/12

  6. Embed this “PNG” in an Android app? Imagine... ...if that PNG/APK is malicious! ◮ (Nearly) invisible to reverse engineering! ◮ The Android app is encrypted Arg! What will I see? ◮ A fat image ◮ The wrapping application ◮ Code that decrypts an asset ◮ Code that loads/installs an application But that depends how well the wrapping app is written It can be obfuscated ... Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 6/12

  7. Demo Party time! Demo! Wake up! Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 7/12

  8. In case the demo crashes - lol The APK looks genuine Archive: PocActivity-debug.apk Length Date Time Name --------- ---------- ----- ---- 508720 2014-09-11 13:41 assets/anakin.png 1272 2014-09-11 14:03 res/layout/main.xml 1988 2014-09-11 14:03 AndroidManifest.xml 1444 2014-09-11 14:03 resources.arsc 7515 2014-09-11 14:03 res/drawable-hdpi/logo.png 2455 2014-09-11 14:03 res/drawable-ldpi/logo.png 4471 2014-09-11 14:03 res/drawable-mdpi/logo.png 8856 2014-09-11 14:03 classes.dex 634 2014-09-11 14:03 META-INF/MANIFEST.MF 687 2014-09-11 14:03 META-INF/CERT.SF 776 2014-09-11 14:03 META-INF/CERT.RSA --------- ------- 538818 11 files Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 8/12

  9. In case the demo crashes - lol The image looks genuine: assets/anakin.png Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 9/12

  10. In case the demo crashes - lol The image looks genuine: assets/anakin.png Perhaps a bit ’fat’ 508720 bytes ( ≈ 500K) for 382x385 pixels Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 9/12

  11. In case the demo crashes - lol adb install WrappingApk.apk Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 10/12

  12. In case the demo crashes - lol Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 10/12

  13. In case the demo crashes - lol We could use DexClassLoader to hide this Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 10/12

  14. In case the demo crashes - lol We could use DexClassLoader to hide this Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 10/12

  15. In case the demo crashes - lol We could use DexClassLoader to hide this Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 10/12

  16. In case the demo crashes - lol Payload gets executed Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 10/12

  17. How do we do that? 1. We write a payload APK Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 11/12

  18. How do we do that? 1. We write a payload APK 2. We encrypt it using AngeCryption: it looks like a valid PNG ◮ We modify (slightly) the APK - Android does not see the change ◮ We modify (slightly) the PNG - our eyes can’t see the change Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 11/12

  19. How do we do that? 1. We write a payload APK 2. We encrypt it using AngeCryption: it looks like a valid PNG ◮ We modify (slightly) the APK - Android does not see the change ◮ We modify (slightly) the PNG - our eyes can’t see the change 3. We hack it (a little) ◮ Android does not like appended data after EOCD ◮ We put 2 EOCDs ;) Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 11/12

  20. How do we do that? 1. We write a payload APK 2. We encrypt it using AngeCryption: it looks like a valid PNG ◮ We modify (slightly) the APK - Android does not see the change ◮ We modify (slightly) the PNG - our eyes can’t see the change 3. We hack it (a little) ◮ Android does not like appended data after EOCD ◮ We put 2 EOCDs ;) 4. We implement another APK containing the PNG Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 11/12

  21. More? Status Works on Android 4.4.2 June 2014: Android Security Team notified - partial fix Contact info Axelle: @cryptax or aapvrille at fortinet dot com Ange: @angealbertini References AngeCryption: http://corkami.googlecode.com/svn/trunk/src/angecryption/ Code: https://github.com/cryptax/angeapk - soon after conf’ Corkami: https://code.google.com/p/corkami/ Fortinet’s blog: http://blog.fortinet.com Thanks to : @veorq, Android Security Team, Lobster Hack.Lu 2014 - Lightning talk - A. Apvrille, A. Albertini 12/12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Dr. Android and Mr. Hide: Fine-grained Permissions in Android Applications Jinseong Jeon * ,

Dr. Android and Mr. Hide: Fine-grained Permissions in Android Applications Jinseong Jeon * ,

Dr. Android and Mr. Hide: Fine-grained Permissions in Android Applications Jinseong Jeon * , Kristopher K. Micinski * , Jeffrey A. Vaughan # , Ari Fogel + , Nikhilesh Reddy + , Jeffrey S. Foster * , and Todd Millstein + . * University of Maryland,

536 views • 26 slides
Lecture 02b: Android UI Design Emmanuel Agu Resources Android Resources Resources? Images,

Lecture 02b: Android UI Design Emmanuel Agu Resources Android Resources Resources? Images,

CS 528 Mobile and Ubiquitous Computing Lecture 02b: Android UI Design Emmanuel Agu Resources Android Resources Resources? Images, strings, dimensions, layout files, menus, etc that your app uses Basically app elements declared in other

769 views • 64 slides
APPLICATIONS UDAY LINGALA CSCI 5448, Fall 2012 Content Introduction to Android system

APPLICATIONS UDAY LINGALA CSCI 5448, Fall 2012 Content Introduction to Android system

ANDROID AND ANDROID APPLICATIONS UDAY LINGALA CSCI 5448, Fall 2012 Content Introduction to Android system What is android? History Android Market Why Android Design philosophy System Architecture Features

802 views • 40 slides
CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

1.49k views • 70 slides
CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

583 views • 31 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
CS 2302, Fall 2014 Graphics Concepts Drawing in Android 11/17/2014 2 Android Alternatives

CS 2302, Fall 2014 Graphics Concepts Drawing in Android 11/17/2014 2 Android Alternatives

CS 2302, Fall 2014 Graphics Concepts Drawing in Android 11/17/2014 2 Android Alternatives Android provides several ways to create graphic images Drawable objects Defined by program code Defined in resource files Can be

414 views • 25 slides
Computing Lecture 2b: Android UI Design in XML + Examples Emmanuel Agu Resources Android

Computing Lecture 2b: Android UI Design in XML + Examples Emmanuel Agu Resources Android

CS 528 Mobile and Ubiquitous Computing Lecture 2b: Android UI Design in XML + Examples Emmanuel Agu Resources Android Resources Resources? Images, strings, dimensions, layout files, menus, etc that your app uses Basically app elements

1.05k views • 63 slides
Computing Lecture 2b: Android UI Design in XML + Examples Emmanuel Agu Resources Android

Computing Lecture 2b: Android UI Design in XML + Examples Emmanuel Agu Resources Android

CS 528 Mobile and Ubiquitous Computing Lecture 2b: Android UI Design in XML + Examples Emmanuel Agu Resources Android Resources Resources? Images, strings, dimensions, layout files, menus, etc that your app uses Basically app elements

564 views • 53 slides
TACKYDROID Pentesting Android Applications in Style THIS TALK IS ABOUT AN APP WE ARE MAKING

TACKYDROID Pentesting Android Applications in Style THIS TALK IS ABOUT AN APP WE ARE MAKING

TACKYDROID Pentesting Android Applications in Style THIS TALK IS ABOUT AN APP WE ARE MAKING This talk IS NOT about Android platform itself This talk IS about how we want to contribute auditing apps that run on Android systems With

975 views • 74 slides
St Statistical De Deobfuscati tion fo for Android Applications Benjamin Veselin Petar

St Statistical De Deobfuscati tion fo for Android Applications Benjamin Veselin Petar

St Statistical De Deobfuscati tion fo for Android Applications Benjamin Veselin Petar Martin Bichsel Raychev Tsankov Vechev Department of Computer Science Why De-obfuscate? Android binaries (APKs) (no code available) Number of APKs

520 views • 31 slides
Programming Android applications: an incomplete introduction J. Serrat Software Design December

Programming Android applications: an incomplete introduction J. Serrat Software Design December

Programming Android applications: an incomplete introduction J. Serrat Software Design December 2013 Preliminaries : Goals Introduce basic programming Android concepts Examine code for some simple examples Limited to those relevant

1.44k views • 98 slides
Playing Hide-and-Seek in Finite Fields: Hidden Number Problem and Its Applications Igor

Playing Hide-and-Seek in Finite Fields: Hidden Number Problem and Its Applications Igor

Playing Hide-and-Seek in Finite Fields: Hidden Number Problem and Its Applications Igor E. Shparlinski Centre for Advanced Computing: Algorithms and Cryptography Macquarie University igor@comp.mq.edu.au Introduction We describe a

423 views • 26 slides
Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2 Anthony Morris Jan-Felix Schmakeit Tech Lead, Android Maps API Android Developer Relations Code, Slides, Worksheet: http://goo.gl/MfY67 Welcome!

687 views • 49 slides
From Dalvik Bytecode Analysis to Leak Detection in Android Applications Alexandre Bartel, Eric

From Dalvik Bytecode Analysis to Leak Detection in Android Applications Alexandre Bartel, Eric

FlowDroid Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware T aint Analysis for Android Apps From Dalvik Bytecode Analysis to Leak Detection in Android Applications Alexandre Bartel, Eric Bodden, Steven Artz, Siegfried

620 views • 45 slides
Image Statistics space of all images typical images 10/03 Image Statistical Model Applications

Image Statistics space of all images typical images 10/03 Image Statistical Model Applications

Image Statistics space of all images typical images 10/03 Image Statistical Model Applications Image Processing / Graphics: Noise removal: How easily can we detect (and remove) artifacts or distortions? Compression: how compactly can

561 views • 23 slides
The Stories We Tell Suppor/ng and Empowering Young Adults with Mental Health Disorders Maggie

The Stories We Tell Suppor/ng and Empowering Young Adults with Mental Health Disorders Maggie

The Stories We Tell Suppor/ng and Empowering Young Adults with Mental Health Disorders Maggie Bertram Associate Director of Training & Educa/on Ac/ve Minds, Inc. Overview Introduc/on to Ac/ve Minds How Stories Heal Storytelling

556 views • 45 slides
Upholding the rule of law in a time of COVID Stephanie Harrison QC Irena Sabic & Grainne

Upholding the rule of law in a time of COVID Stephanie Harrison QC Irena Sabic & Grainne

Upholding the rule of law in a time of COVID Stephanie Harrison QC Irena Sabic & Grainne Mellon Sonali Naik QC & Kate Aubrey-Johnson Miranda Butler & Joanne Cecil 22 October 2020 @gardencourtlaw Coronavirus Act 2020: Threats to

734 views • 46 slides
First of 3 webinars focusing on practical advice for the next phase of managing your business

First of 3 webinars focusing on practical advice for the next phase of managing your business

First of 3 webinars focusing on practical advice for the next phase of managing your business during the pandemic: Employment issues arising out of re-opening workplaces Flexible furlough what does this mean for your business?

497 views • 21 slides
Experimental Models for Valida3ng Technology Marvin V. Zelkowitz

Experimental Models for Valida3ng Technology Marvin V. Zelkowitz

Experimental Models for Valida3ng Technology Marvin V. Zelkowitz P R E S E N T E D BY : Djedjiga OuAoua INTRODUCTION Effec3ve

654 views • 40 slides
Invisible Logic 1 9/20/10 2 9/20/10 3 9/20/10 4 9/20/10

Invisible Logic 1 9/20/10 2 9/20/10 3 9/20/10 4 9/20/10

9/20/10 Invisible Logic Embedded Systems & Kinetic Art Fall 2009 CS5968 / FA3800 Invisible Logic 1 9/20/10 2 9/20/10 3 9/20/10 4 9/20/10 5 9/20/10 6 9/20/10

284 views • 13 slides
Invisible Formal Methods: Generating Efficient Test Sets With a Model Checker John Rushby with

Invisible Formal Methods: Generating Efficient Test Sets With a Model Checker John Rushby with

Invisible Formal Methods: Generating Efficient Test Sets With a Model Checker John Rushby with Gr egoire Hamon and Leonardo de Moura Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I Invisible FM

466 views • 44 slides
Searching for Hidden Particles & getting rid of muons Oliver Lantwin [ oliver.lantwin@cern.ch

Searching for Hidden Particles & getting rid of muons Oliver Lantwin [ oliver.lantwin@cern.ch

Searching for Hidden Particles & getting rid of muons Oliver Lantwin [ oliver.lantwin@cern.ch ] ic student seminar 3rd November 2016 Hidden Particles Searching for Hidden Particles The catch: s Conclusion Oliver Lantwin (Imperial

968 views • 28 slides
Virtual machines should be invisible (and might be augmented) Stephen Kell

Virtual machines should be invisible (and might be augmented) Stephen Kell

Virtual machines should be invisible (and might be augmented) Stephen Kell stephen.kell@cs.ox.ac.uk some joint work with Conrad Irwin (University of Cambridge) Virtual machines should be. . . p.1/37 Spot the virtual machine (1) Virtual

963 views • 40 slides

More recommend