using android to attack proguard
play

Using Android to attack ProGuard (and saving 2 e for a ticket) - PowerPoint PPT Presentation

Oct 17, 2023 •443 likes •717 views

Using Android to attack ProGuard (and saving 2 e for a ticket) BeeRumP 29 mai 2019 Android Open Source Project Reversing the obfuscation Conclusion Who am I? @laughing_bit (C|Python|Twitter|Beamer|Mirabelle) Lover. Author of the

  1. Using Android to attack ProGuard (and saving 2 e for a ticket) BeeRumP – 29 mai 2019

  2. Android Open Source Project Reversing the obfuscation Conclusion Who am I? ◮ @laughing_bit ◮ (C|Python|Twitter|Beamer|Mirabelle) Lover. ◮ Author of the SRE tool Chrysalide ◮ Daily job at Risk&Co BeeRumP ’19 2 / 12

  3. Android Open Source Project Android application building Reversing the obfuscation ProGuard and its features Conclusion Battle plan Android key points ◮ Application = code (.java) + dependencies (.class) ◮ APK = dx( ProGuard( javac(code) + dependencies ) ) ◮ External repositories: Google, JCenter, ... ◮ lots of repositories: https://mvnrepository.com/repos Getting started ◮ Starting point: https://github.com/googlesamples ◮ 176 results for repositories matching android written in Java ◮ Let’s pick SimpleMediaPlayer as an example! BeeRumP ’19 3 / 12

  4. Android Open Source Project Android application building Reversing the obfuscation ProGuard and its features Conclusion Battle plan ProGuard ◮ Shrinks, optimizes and obfuscates Java bytecode ◮ Renames classes, fields, and methods (for instance a.a.a()) ◮ deterministic name obfuscation ◮ default obfuscation dictionary: [a-z]+ BeeRumP ’19 4 / 12

  5. Android Open Source Project Android application building Reversing the obfuscation ProGuard and its features Conclusion Battle plan ProGuard ◮ Shrinks, optimizes and obfuscates Java bytecode ◮ Renames classes, fields, and methods (for instance a.a.a()) ◮ deterministic name obfuscation ◮ default obfuscation dictionary: [a-z]+ Advanced usage ◮ Repackage all classes to a single root-level package ◮ -repackageclasses ◮ Use custom obfuscation dictionaries (with reserved keywords) ◮ -{,package,class}obfuscationdictionary ◮ Buy DexGuard ◮ runtime self-protection ◮ extra obfuscation: arithmetic and logical expressions + CFG BeeRumP ’19 4 / 12

  6. Android Open Source Project Android application building Reversing the obfuscation ProGuard and its features Conclusion Battle plan 1. Collect Android package bytecode ◮ easy to script ◮ https://maven.google.com/: 1.2 Gb BeeRumP ’19 5 / 12

  7. Android Open Source Project Android application building Reversing the obfuscation ProGuard and its features Conclusion Battle plan 1. Collect Android package bytecode ◮ easy to script ◮ https://maven.google.com/: 1.2 Gb 2. Fingerprint Android packages ◮ easy to script BeeRumP ’19 5 / 12

  8. Android Open Source Project Android application building Reversing the obfuscation ProGuard and its features Conclusion Battle plan 1. Collect Android package bytecode ◮ easy to script ◮ https://maven.google.com/: 1.2 Gb 2. Fingerprint Android packages ◮ easy to script 3. Compare the fingerprints with obscucated code fingerprints ◮ easy to script scriptable ◮ if there is a match, obfuscation is reversed! BeeRumP ’19 5 / 12

  9. Android Open Source Project Download inspiration Reversing the obfuscation Compare and conquer Conclusion Match algorithm group- index.xml POM Artifact A + JAR Version 1 Google Maven group- POM Artifact B Version 2 index.xml + AAR master-index.xml Version 3 POM Artifact C + AAR group- index.xml BeeRumP ’19 6 / 12

  10. Android Open Source Project Download inspiration Reversing the obfuscation Compare and conquer Conclusion Match algorithm group- index.xml POM Artifact A + JAR Version 1 Google Maven group- POM Artifact B Version 2 index.xml + AAR master-index.xml Version 3 POM Artifact C + AAR group- index.xml https://developer.android.com/studio/build/dependencies#gmaven-access BeeRumP ’19 6 / 12

  11. Android Open Source Project Download inspiration Reversing the obfuscation Compare and conquer Conclusion Match algorithm Method ◮ Avoid to have to deal with similarity *and* confidence ◮ Select binary heuristics and hope � similarity = identity BeeRumP ’19 7 / 12

  12. Android Open Source Project Download inspiration Reversing the obfuscation Compare and conquer Conclusion Match algorithm Method ◮ Avoid to have to deal with similarity *and* confidence ◮ Select binary heuristics and hope � similarity = identity Used heuristics BeeRumP ’19 7 / 12

  13. Android Open Source Project Download inspiration Reversing the obfuscation Compare and conquer Conclusion Match algorithm Method ◮ Avoid to have to deal with similarity *and* confidence ◮ Select binary heuristics and hope � similarity = identity Used heuristics ◮ Small Primes Product ◮ each instruction type is linked to a prime number BeeRumP ’19 7 / 12

  14. Android Open Source Project Download inspiration Reversing the obfuscation Compare and conquer Conclusion Match algorithm Method ◮ Avoid to have to deal with similarity *and* confidence ◮ Select binary heuristics and hope � similarity = identity Used heuristics ◮ Small Primes Product ◮ each instruction type is linked to a prime number ◮ Cyclomatic complexity ◮ #edges - #nodes + 2 * #exits BeeRumP ’19 7 / 12

  15. Android Open Source Project Download inspiration Reversing the obfuscation Compare and conquer Conclusion Match algorithm Method ◮ Avoid to have to deal with similarity *and* confidence ◮ Select binary heuristics and hope � similarity = identity Used heuristics ◮ Small Primes Product ◮ each instruction type is linked to a prime number ◮ Cyclomatic complexity ◮ #edges - #nodes + 2 * #exits ◮ Xrefs ◮ count of: jumps, branchs, calls, links to strings BeeRumP ’19 7 / 12

  16. Android Open Source Project Download inspiration Reversing the obfuscation Compare and conquer Conclusion Match algorithm Method ◮ Avoid to have to deal with similarity *and* confidence ◮ Select binary heuristics and hope � similarity = identity Used heuristics ◮ Small Primes Product ◮ each instruction type is linked to a prime number ◮ Cyclomatic complexity ◮ #edges - #nodes + 2 * #exits ◮ Xrefs ◮ count of: jumps, branchs, calls, links to strings ◮ Machoc hash ◮ Murmurhash3(<BB index>:[c,][<dest index>, ...];) BeeRumP ’19 7 / 12

  17. Android Open Source Project Download inspiration Reversing the obfuscation Compare and conquer Conclusion Match algorithm Method ◮ Avoid to have to deal with similarity *and* confidence ◮ Select binary heuristics and hope � similarity = identity Used heuristics ◮ Small Primes Product ◮ each instruction type is linked to a prime number ◮ Cyclomatic complexity ◮ #edges - #nodes + 2 * #exits ◮ Xrefs ◮ count of: jumps, branchs, calls, links to strings ◮ Machoc hash ◮ Murmurhash3(<BB index>:[c,][<dest index>, ...];) ◮ Dex code_item fields ◮ registers_size ins_size outs_size tries_size insns_size BeeRumP ’19 7 / 12

  18. Android Open Source Project Download inspiration Reversing the obfuscation Compare and conquer Conclusion Match algorithm Method ◮ Avoid to have to deal with similarity *and* confidence ◮ Select binary heuristics and hope � similarity = identity Used heuristics ◮ Small Primes Product ◮ each instruction type is linked to a prime number ◮ Cyclomatic complexity ◮ #edges - #nodes + 2 * #exits ◮ Xrefs ◮ count of: jumps, branchs, calls, links to strings ◮ Machoc hash ◮ Murmurhash3(<BB index>:[c,][<dest index>, ...];) ◮ Dex code_item fields ◮ registers_size ins_size outs_size tries_size insns_size ◮ Filtered prototypes ◮ (Ljava/lang/String;)[Landroid/support/a/a/h$b; BeeRumP ’19 7 / 12

  19. Android Open Source Project Download inspiration Reversing the obfuscation Compare and conquer Conclusion Match algorithm Method ◮ Avoid to have to deal with similarity *and* confidence ◮ Select binary heuristics and hope � similarity = identity Used heuristics ◮ Small Primes Product ◮ each instruction type is linked to a prime number ◮ Cyclomatic complexity ◮ #edges - #nodes + 2 * #exits ◮ Xrefs ◮ count of: jumps, branchs, calls, links to strings ◮ Machoc hash ◮ Murmurhash3(<BB index>:[c,][<dest index>, ...];) ◮ Dex code_item fields ◮ registers_size ins_size outs_size tries_size insns_size ◮ Filtered prototypes ◮ (Ljava/lang/String;)[Landroid/support/a/a/h$b; ◮ Filtered class descriptors ◮ Landroid/support/v7/view/menu/e$2$1; BeeRumP ’19 7 / 12

  20. Android Open Source Project Download inspiration Reversing the obfuscation Compare and conquer Conclusion Match algorithm 1. Build a tree with all obfuscated symbol labels ◮ nodes are parts of the labels: (package|class|routine) names ◮ leafs contain AOSP candidates BeeRumP ’19 8 / 12

  21. Android Open Source Project Download inspiration Reversing the obfuscation Compare and conquer Conclusion Match algorithm 1. Build a tree with all obfuscated symbol labels ◮ nodes are parts of the labels: (package|class|routine) names ◮ leafs contain AOSP candidates 2. Quickly filter some AOSP candidates ◮ android.support.v7.app.b$a.a ◮ android.support.v4.app.NoSaveStateFrameLayout.<init> BeeRumP ’19 8 / 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security &amp; Pie Android 9.0 &amp; APK Security Plan of Attack Start at the hardware

Security &amp; Pie Android 9.0 &amp; APK Security Plan of Attack Start at the hardware

Security &amp; Pie Android 9.0 &amp; APK Security Plan of Attack Start at the hardware Work up to Android OS Climb into the Play Store Discuss Application (APK) Connor Tumbleson Senior Software Engineer @Sourcetoad

672 views • 56 slides
F From Nothing to Massive N thi t M i Android under Attack Vi Vicente Diaz t Di

F From Nothing to Massive N thi t M i Android under Attack Vi Vicente Diaz t Di

F From Nothing to Massive N thi t M i Android under Attack Vi Vicente Diaz t Di Senior security analyst It It s Sept It It s Sept September September ember so ember, so so we so we we we ... ... Sep 22, 2011 The

495 views • 21 slides
Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2 Anthony Morris Jan-Felix Schmakeit Tech Lead, Android Maps API Android Developer Relations Code, Slides, Worksheet: http://goo.gl/MfY67 Welcome!

687 views • 49 slides
Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to use operating system that powers more than a billion devices across the globe - from phones and tablets to watches, TV, cars and more to come.

464 views • 21 slides
evil maid on droids or why you should never loose your android smartphone @f0rki 2012-12-06

evil maid on droids or why you should never loose your android smartphone @f0rki 2012-12-06

evil maid on droids or why you should never loose your android smartphone @f0rki 2012-12-06 Agenda evil maids detour: the android boot process attack scenarios unrooted phones adb access rooted phones protecting yourself 2 / 51 Agenda

1.31k views • 85 slides
CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest &lt;manifest

CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest &lt;manifest

Project #1: Color Guess Game CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest &lt;manifest xmlns:android=&quot;http://schemas.android.com/apk/res/android&quot; package=&quot;net.cserna.bence.colorguess

201 views • 3 slides
What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4

What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4

What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4 Development, Meier, Ch 11, pg 437 Speech recognition: Accept inputs as speech (instead of typing) e.g. dragon dictate app? Note: Google

333 views • 16 slides
Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android

Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android

Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android which gives us the liberty to perform heavy tasks in the background and keep the UI thread light thus making the application more responsive. Basic

240 views • 5 slides
Android Android Application Development - Ashwin Agenda Android Platform Overview

Android Android Application Development - Ashwin Agenda Android Platform Overview

Android Android Application Development - Ashwin Agenda Android Platform Overview Installation Building Blocks Application Development Development Tools Source walk through Introduction to Android Open software

978 views • 49 slides
CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

1.49k views • 70 slides
CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

583 views • 31 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle

CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle

CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle Emmanuel Agu Android UI Design Example GeoQuiz App Reference: Android Nerd Ranch, pgs 1 32 App presents questions to test users knowledge

1k views • 96 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day &gt;&gt; exploitation of the device &gt;&gt; the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

556 views • 18 slides
Services Android Services A Service is an application component that runs in the background, not

Services Android Services A Service is an application component that runs in the background, not

Lesson 22 Lesson 22 Android Android Services Victor Matos Cleveland State University Cleveland State University Notes are based on: Android Developers http://developer.android.com/index.html Portions of this page are reproduced from work

692 views • 26 slides
Android Pre-requisites 1 Android To Dos Make sure you have working

Android Pre-requisites 1 Android To Dos Make sure you have working

Android Pre-requisites 1 Android To Dos Make sure you have working install of Android Studio Make sure it works by running Hello, world App On emulator

666 views • 24 slides
Investigating Higher-order Simplification for SMT Solving work in progress Hans-J org Schurr

Investigating Higher-order Simplification for SMT Solving work in progress Hans-J org Schurr

Investigating Higher-order Simplification for SMT Solving work in progress Hans-J org Schurr 26.06.2018 What this is about The goal of the Matryoshka is to improve the usefulness of automated tools in interactive theorem proving by

594 views • 21 slides
NLG: Specific Components Texts NLG Systems Architecture modules Scott Farrar Textplanner

NLG: Specific Components Texts NLG Systems Architecture modules Scott Farrar Textplanner

NLG: Specific Components Scott Farrar CLMA, University of Washington far- rar@u.washington.edu NLG: Specific Components Texts NLG Systems Architecture modules Scott Farrar Textplanner Microplanner CLMA, University of Washington

1.34k views • 111 slides
M ULTI -A GENT S YSTEMS Overview and Research Directions Whats an agent? AI Class 12 (C H .

M ULTI -A GENT S YSTEMS Overview and Research Directions Whats an agent? AI Class 12 (C H .

Todays Class M ULTI -A GENT S YSTEMS Overview and Research Directions Whats an agent? AI Class 12 (C H . 17.517.6) Multi-Agent Systems Cooperative multi-agent systems Competitive multi-agent systems Game time! MAS

384 views • 7 slides
11/16/15 iTunes U 1 11/16/15 2 11/16/15 $ &quot; / # ) &amp; &amp; * &quot; / $ #

11/16/15 iTunes U 1 11/16/15 2 11/16/15 $ &quot; / # ) &amp; &amp; * &quot; / $ #

11/16/15 iTunes U 1 11/16/15 2 11/16/15 $ &quot; / # ) &amp; &amp; * &quot; / $ # &quot; . - , + ( * ) ( $ $ 2 $ ' &amp; * &amp; &amp; $ % 1 # # &quot; ! &quot; . - # * &quot; $ &amp; . $ ( 0

240 views • 13 slides
Canonical Inference for Implicational Systems Maria Paola Bonacina 1 Dipartimento di Informatica

Canonical Inference for Implicational Systems Maria Paola Bonacina 1 Dipartimento di Informatica

Introduction Direct systems Computing minimal models Direct-optimal systems Rewrite-optimality and canonical systems Discussion Canonical Inference for Implicational Systems Maria Paola Bonacina 1 Dipartimento di Informatica Universit` a

665 views • 40 slides
AMS-02 ANTIPROTONS ARE CONSISTENT WITH A SECONDARY ASTROPHYSICAL ORIGIN arXiv:1906.07119 M.B, Y.

AMS-02 ANTIPROTONS ARE CONSISTENT WITH A SECONDARY ASTROPHYSICAL ORIGIN arXiv:1906.07119 M.B, Y.

AMS-02 ANTIPROTONS ARE CONSISTENT WITH A SECONDARY ASTROPHYSICAL ORIGIN arXiv:1906.07119 M.B, Y. Gnolini, L. Derome, J. Lavalle, D. Maurin, P. Salati and P. D. Serpico Table of contents 1. Secondary antiprotons: a new prediction 2.

346 views • 16 slides
Current climate finance flows (in USD billion) CPI Climate Finance Project October 2012 Notes:

Current climate finance flows (in USD billion) CPI Climate Finance Project October 2012 Notes:

Current climate finance flows (in USD billion) CPI Climate Finance Project October 2012 Notes: Figures presented are indicative estimates of annual flows for the latest year available, 2009/2010 (variable according to the data source). Figures are

1.43k views • 68 slides
ETC1010: Introduction to Data Analysis ETC1010: Introduction to Data Analysis Week 9, part A

ETC1010: Introduction to Data Analysis ETC1010: Introduction to Data Analysis Week 9, part A

ETC1010: Introduction to Data Analysis ETC1010: Introduction to Data Analysis Week 9, part A Week 9, part A Networks and Graphs Lecturer: Nicholas Tierney Department of Econometrics and Business Statistics nicholas.tierney@monash.edu May 2020

575 views • 53 slides

More recommend