Cracking the Code of Mobile Application OWASP APPSEC USA 2012

Slides:



Advertisements
Similar presentations
A Programmer's Introduction to Java - from a S/370 user (c) IDMS/SQL News
Advertisements

McAfee One Time Password
Dynamic Analysis of Windows Phone 7 apps Behrang Fouladi, SensePost.
FIM MOBILE PRESENTATION
Magic Technology Eyal Pfeifel - CTO. Client Windows, iOS, Android, BlackBerry, Windows Mobile ServerWindows, AIX, Solaris, Linux, IBM i Database Oracle,
Shinjo Park Thanks to Sungjae and Suwan.
WEB BROWSER SECURITY By Robert Sellers Brian Bauer.
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
By Rajan Maharjan (Sprout Technology Pvt Ltd) 1 Mobile Apps Development in Nepal.
Smartphone challenge for banks in About IND Leading European Vendor Online Banking and Mobile Banking 14 years in business, 28 banking customers.
Mobile Software Development Technology Overview By Dr. Maged Nofal.
DECOMPILING ANDROID Godfrey Nolan 1DevDay 11/5/11.
Air for What You Will Learn Why use Air over native development? What are the tools? What is the developer experience? DEMOS! How.
© 2014 The MITRE Corporation. All rights reserved. Approved for Public Release: Case # iOS App Integrity – Got Any? Research Team: Gregg Ganley(PI)
Introduction to AppInventor Dr. José M. Reyes Álamo.
SNEAK PEEK OF APPEON MOBILE JANUARY 25, – August 14, 2015 MOBILE MARKET TRENDS Some recent figures about the worldwide Market: 1 Billion Smartphone.
Microsoft Evangelist Presentation September 13, 2012.
Is Mobile the Future of GIS? Matt Sheehan WebMapSolutions.
OWASP Mobile Top 10 Why They Matter and What We Can Do
Presentation By Deepak Katta
Android Introduction Platform Overview.
Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.
Introduction to Mobile Computing CSE 390 Fall 2010.
@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.
Is Your Mobile App Secure. DEF CON 23 Wall of Sheep Sat
ICINETIC Experts in.NET technologies and architectures.
DUE Introduction to the Android Platform Working Connections 2011.
CYBORG Domain Independent Distributed Database Retrieval System Alok Khemka Kapil Assudani Kedar Fondekar Rahul Nabar.
Android Malware Ananto Dharmo Aji & RnD Team
Understanding Xamarin Development Matt
Android Security Auditing Slides and projects at samsclass.info.
Store your files in the sky Intro to Cloud file storage.
Social Media Apps Programming Min-Yuh Day, Ph.D. Assistant Professor Department of Information Management Tamkang University
1 Java applications reverse engineering Antoni Bertel AUGUST 4, 2015.
Convenience product security Collin Busch. What is a convenience product? A convenience product is a device or application that makes your life easier.
Android absolutely dominated the number of smartphones shipped worldwide in the first three months of 2015, with.
Slides and projects at samsclass.info. Adding Trojans to Apps Slides and projects at samsclass.info.
Canh Le My  Motivation  Android app packing  How android execute your application  Available tools  Demonstration 2.
CISC 849 : Applications in Fintech Jin Gu Dept of Computer & Information Sciences University of Delaware Cyber-security & Finance.
INTRODUCING HYBRID APP KAU with MICT PARK IT COMPANIES Supported by KOICA
 Group 6 Project Presentation. Application Overview  The idea of the Android application is to use the Gale–Shapley algorithm that will match Medical.
Build Cross-Platform Mobile Apps Using Visual Studio A Telerik webinar by Jeffrey T. Fritz March 27, 2014 AND.
G2 - Keit Team members: ●Siyang Piao ●Peter Huang ●Bojun Jin ●Ivy Wang ●Jing Wang.
Android. Android An Open Handset Alliance Project A software platform and operating system for mobile devices Based on the Linux kernel Developed by Google.
跨平台 Hybrid App 開發簡介 - 使用 Visual Studio Tool for Apache Cordova + HTML/JavaScript 陳葵懋 (Ian)
Top Mobile Application Development Platforms & Tools for 2017.
Module 51 (Mobile Device Fundamentals - Android)
Introduction to Xamarin C# Everywhere
Microsoft Evangelist Presentation
ET-570 Smart Phone Apps.
Cash Me Presented By Group 8 Kartik Patel, Aaron Zhong, Wen-Kai Chen,
How to Install Aptoide Apk on Android
The Future of C# The Future of C# and VB 2-577
Modern application lifecycle with DevOps
How To Install Norton Security on Android Phone
Web App vs Mobile App.
Un</br>able’s MySecretSecrets
Webex Classes in Mobile
Front Side Development
Different Types of Apps. App Development ● App Development refers to the creation of computer applications for use on mobile devices such as tablets,
Employcoder - Hire Offshore Mobile App Development Team In India.
Sioux Falls OWASP Jan-2018 Mobile Top 10
Office 365 Development July 2014.
Microsoft Build /3/2019 4:12 AM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY,
Introduction to AppInventor
Dot Net Application PROF. S. LAKSHMANAN, DEPT. OF B. VOC. (SD & SA),
5th Reversing CTF Takeaways
Presentation transcript:

Cracking the Code of Mobile Application OWASP APPSEC USA 2012 - Sreenarayan A Paladion Mobile Security Team

Take Away for the day Why Mobile Security? Purpose of Decompiling Mobile Applications?! Methodology of Decompilation Live Demo’s: Windows Phone App Android App iOS (iPhone / iPad App) Blackberry Apps / Nokia App [Jar Files] Blackberry Apps [COD Files]

Why is security relevant for Mobile Platform? 400% Increase in the number for Organizations Developing Mobile Platform based applications. 300% Increase in the no of Mobile Banking Applications. 500% Increase in the number of people using the Mobile Phones for their day to day transactions. 82% Chances of end users not using their Mobile Phones with proper caution. 79% Chances of Mobile Phone users Jail Breaking their Phones. 65% Chances of Mobile Phone users not installing Anti-virus on their Mobile Phones. 71% Chances of any application to get misused. 57% Chances of a user losing his sensitive credentials to a hacker.

Market Statistics of Mobile Users

Mobile Market Trends

Different Types of Mobile Applications Mobile Browser based Mobile Applications Native Mobile Applications Hybrid Mobile Applications

Different Types of Mobile Applications

Different Types of Mobile Architecture Browser App Hybrid App

Why did we learn the above types?? Which applications can be Decompiled? Browser based Mobile Applications ? Native Mobile Applications ? Hybrid Mobile Applications ? We have to get to know of the basics! From basics .. We start our main topic

Cracking the Mobile Application Code

Cracking the Mobile Application Code What do you mean by Decompilation? -> What is Compilation? What do you mean by Reverse Engineering? Questions to be answered ahead: What are the goals/purpose of Cracking the code? What is the methodology of Decompilation? What the tools which can be used to Decompile? Can Decompilation be done on all platforms? WINDOWS PHONE / WINDOWS MOBILE ? ANDROID ? iPHONE / iPAD ? BLACKBERRY ? NOKIA ? Reverse Engineering = Decompile + Recompile

Goal of Cracking the Mobile Application Code

Goals of Cracking the Source Code “UNDERSTAND THE WORKING OF THE APPLICATION AND TO FIGURE OUT THE LOOPHOLES!” To find Treasure Key Words like: password , keys , sql, algo, AES, DES, Base64, etc Figure out the Algorithms Used and their keys. By-passing the client side checks by rebuilding the app. E.g. Password in Banking Application (Sensitive Information) E.g. Angry Birds Malware (Stealing Data) E.g. Zitmo Malware (Sending SMS) We have understood the goals, how to achieve them? Methodology.

Methodology of Cracking

Methodology / Study Step 1 Gaining access to the executable (.apk / .xap / .jar / .cod / .jad .. ) Step 2 Understanding the Technology used to code the application. Step 3 Finding out ways to derive the Object Code from the Executable. Step 4 Figuring out a way to derive the Class Files from the Object Code. Step 5 Figuring out a way to derive the Function Definitions from the Object Code

JUMP TO DEMO’s Lets us understand the methodology in all platforms..

Demo - Reverse Engineer the Windows Phone Application Tools used: De-compresser (Winrar / Winzip / 7zip) .Net Decompiler (ILSpy) Visual Studio / Notepad Steps . xap -> .dll .dll -> .csproject Demo Mitigation Free Obfuscator (diff. to read): http://confuser.codeplex.com/ Dotfuscator (program flow) : Link

Demo - Reverse Engineer the Android Application Tools used: De-compresser (Winrar / Winzip / 7zip) Dex2jar Tool (Command Line) Java Decompiler / Jar decompiler (JD-GUI, etc) Steps .apk -> .dex .dex -> .jar .jar -> .java Demo Mitigation Obfuscation Free Tool: http://proguard.sourceforge.net/

Demo - Reverse Engineer the Blackberry Application Tools used: JD – GUI (Java Decompiler) Notepad There are two types of Application files found in Blackberry: .Jar (.jad -> .jar) .Cod (.jad -> .cod (Blackberry Code Files) Steps .jar -> .java (JD-GUI) -> Notepad Or .cod -> codec Tool -> Notepad Demo Mitigation Obfuscation Free Tool: http://proguard.sourceforge.net/

Demo - Reverse Engineer the iOS Application Tools used: iExplorer Windows Explorer oTool Class-dump-z Steps .app -> Garbage (Object Code) (DVM) Object Code -> Class definitions Demo Limitations: Apple changes the IDE every release leading to challenges. Mitigation Obfuscation Free Tool: http://proguard.sourceforge.net/

Palisade Articles iOS vs Android Testing Mobile Data Encryption Mobile Application Security Testing Demystifying the Android Malware And … Website link: palizine.plynt.com

Questions and Answers Quiz Feedback

Thank You Sreenarayan.a@paladion.net Twitter: Ace_Sree

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.