Cash Me Presented By Group 8 Kartik Patel, Aaron Zhong, Wen-Kai Chen,

Slides:



Advertisements
Similar presentations
Designing a Program & the Java Programming Language
Advertisements

Introduction to Eclipse. Start Eclipse Click and then click Eclipse from the menu: Or open a shell and type eclipse after the prompt.
With Microsoft Access 2010© 2011 Pearson Education, Inc. Publishing as Prentice Hall1 PowerPoint Presentation to Accompany GO! with Microsoft ® Access.
JavaScript Obfuscation Facts and Fiction Pedro Fortuna, Co-Founder and CTO AuditMark.
Build your Android App with Gradle Android new build system.
 2005 Pearson Education, Inc. All rights reserved Introduction.
CS266 Software Reverse Engineering (SRE) Applying Anti-Reversing Techniques to Java Bytecode Teodoro (Ted) Cipresso,
Starting Out with C++, 3 rd Edition 1 Chapter 1. Introduction to Computers and Programming.
.NET IL Obfuscation Presented by: Sarath Chandra Dorbala.
DECOMPILING ANDROID Godfrey Nolan 1DevDay 11/5/11.
Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.
A Guide to Oracle9i1 Introduction To Forms Builder Chapter 5.
Computer Programming and Basic Software Engineering 4. Basic Software Engineering 1 Writing a Good Program 4. Basic Software Engineering 3 October 2007.
16/27/2015 3:38 AM6/27/2015 3:38 AM6/27/2015 3:38 AMTesting and Debugging Testing The process of verifying the software performs to the specifications.
Obfuscation techniques in Java Therese Berge Jonas Ringedal.
Wangjun Hong, Zhengyang Qu, Northwestern University, IL, US,
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
2  Problem Definition  Project Purpose – Building Obfuscator  Obfuscation Quality  Obfuscation Using Opaque Predicates  Future Planning.
1 Chapter One A First Program Using C#. 2 Objectives Learn about programming tasks Learn object-oriented programming concepts Learn about the C# programming.
A First Program Using C#
SSIS Over DTS Sagayaraj Putti (139460). 5 September What is DTS?  Data Transformation Services (DTS)  DTS is a set of objects and utilities that.
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
MT311 Java Application Development and Programming Languages Li Tak Sing( 李德成 )
Karel J Robot An introduction to BlueJ and Object- Oriented Programming.
Attacking Applications: SQL Injection & Buffer Overflows.
Introduction to Engineering MATLAB – 6 Script Files - 1 Agenda Script files.
Describe the Program Development Cycle. Program Development Cycle The program development cycle is a series of steps programmers use to build computer.
Copyright © 2010 Certification Partners, LLC -- All Rights Reserved Perl Specialist.
 Pearson Education, Inc. All rights reserved Introduction to Java Applications.
Programming with Visual C++: Concepts and Projects Chapter 2B: Reading, Processing and Displaying Data (Tutorial)
Group 4 Java Compiler Group Members: Atul Singh(Y6127) Manish Agrawal(Y6241) Mayank Sachan(Y6253) Sudeept Sinha(Y6483)
MT311 Java Application Development and Programming Languages Li Tak Sing( 李德成 )
Lecture 3 Classes, Structs, Enums Passing by reference and value Arrays.
CASE/Re-factoring and program slicing
”Java and JMLfor Dummies” The Java source code is written in a text file using your favourite editor (Notepad) and is saved with extension.java. Be careful.
Copyright © 2003 ProsoftTraining. All rights reserved. Perl Fundamentals.
Slides and projects at samsclass.info. Adding Trojans to Apps Slides and projects at samsclass.info.
M1G Introduction to Programming 2 5. Completing the program.
Industrial Project (236504) Advanced programming tools for refactoring Java code in Eclipse Student: Alexander Libov Supervisor: Dr. Ran Ettinger, IBM.
PHP Error Handling & Reporting. Error Handling Never allow a default error message or error number returned by the mysql_error() and mysql_errno() functions.
JDBC CS 260 Database Systems. Overview  Introduction  JDBC driver types  Eclipse project setup  Programming with JDBC  Prepared statements  SQL.
Execution ways of program References: www. en.wikipedia.org/wiki/Integrated_development_environment  You can execute or run a simple java program with.
Creating Java Applications (Software Development Life Cycle) 1. specify the problem requirements - clarify 2. analyze the problem - Input? Processes? Output.
Software Engineering Algorithms, Compilers, & Lifecycle.
 Group 6 Project Presentation. Application Overview  The idea of the Android application is to use the Gale–Shapley algorithm that will match Medical.
G2 - Keit Team members: ●Siyang Piao ●Peter Huang ●Bojun Jin ●Ivy Wang ●Jing Wang.
Programming revision Revision tip: Focus on the things you find difficult first.
Catalog of Refactoring (6) Making Method Calls Simpler.
Foundations of Programming: Java
Focused obfuscation for 1-day attack delaying
Database and Cloud Security
Visual Basic .NET BASICS
Swords and shields: A study of mobile game hacks and existing defences
Application of Obfuscation Techniques on Android Applications
More Sophisticated Behavior
Chapter 2: Input, Processing, and Output
Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques Presented by Vikraman Mohan.
Presented by Xiaohui (Amy) Lin
Mobile Application Development Chapter 5 [Persistent Data in Android]
Chapter 1. Introduction to Computers and Programming
UoABuddyApp.
Chapter Topics 2.1 Designing a Program 2.2 Output, Input, and Variables 2.3 Variable Assignment and Calculations 2.4 Variable Declarations and Data Types.
Un</br>able’s MySecretSecrets
TriggerScope Towards detecting logic bombs in android applications
Programming Vocabulary.
CIS16 Application Development – Programming with Visual Basic
Coding Concepts (Basics)
Dynamic Sql Not so scary?
Chapter 2: Input, Processing, and Output
September 12-14, 2018 Raleigh, NC.
Presentation transcript:

Cash Me Presented By Group 8 Kartik Patel, Aaron Zhong, Wen-Kai Chen, Rashika Rawat, Kaimin (Alex) Li, Muzamil Khan

What will be covered. Our Application Obfuscation Techniques and Tool Storage and Performance Overhead Reverse Engineering Process and Findings Discussion and Limitations

Our Application. CashMe is a application which is used to determine the net monthly income the user saves after they have added their different sources of income followed by their expenses. We made this application to help people see whether they are spending more than what they are actually earning.

Our Application SQLite Local database storage Table for income Table for expense Service Queries the database Calculates net income Return net income

Obfuscation Techniques. Code Flattening Source code split into different statements in switch statements Visual appearance of code running in different sequence Opaque Predicates Prevent static analysis tools from analysing the obfuscated code Dead Code Injection Misdirect attackers to seemly useful methods Proguard Class, fields, methods renamed with meaningless names For the obfuscation techniques, we used 4 techniques which is code flattening, opaque predicates, dead code injection and proguard.

Obfuscation Tool Java command line application Completely automated (No manual obfuscation while writing app) Recursively checks source code directories for Java files Using JavaParser Encapsulates Java code into Java objects which then can be modified Input: Java source code Process: Apply obfuscation techniques Output: Obfuscated Java source code Build APK from obfuscated source code

Storage APK SIZE App with no obfuscation 1.8MB (approx. 1823KB) App ran through our obfuscation tool 1.8MB (approx. 1828KB) +5KB App ran through our obfuscation tool + Proguard 1.1MB (-0.7MB)

Performance Performance time of app compared to its obfuscated version: First execution time in seconds Average of 10 execution time in seconds %Overhead App without obfuscation 1.277 0.715 44 Obfuscated app with ProGuard 0.887 0.598 32.58 %Difference 30.5 16.36

Reverse Engineering Process Use of jadx to decompile .apk file. It is possible, but hard to determine functionality of method / classes named as a single letter comments removed by ProGuard. Any base64 encrypted string is decrypted easily Revealing the underlying information about the string Opaque predicates, control flow flattening and dead code determined by the repeated use of variables method calls Opaque predicates - calls computeService(), processData() in if-statements. Control flow - calls same methods in switch-statements

Reverse Engineering Findings

Findings Code flattening Opaque predicates Class renaming Variable renaming String encryption

Discussion Javaparser’s usage allowed automated obfuscation, but also limited what could be done Variable declarations and return statements could not be obfuscated with control flow flattening Javaparser could not differentiate methods in anonymous inner classes from standard methods Both issues causes compile errors to do with method calls or variables being out of scope

Discussion String encryption was not implemented due to being a low priority task String encryption would need a method to decrypt during runtime Regardless of the strength of the encryption, if the decryption method was found it can be used to obtain the original strings Due to this the focus was on control flow obfuscation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.