Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cash Me Presented By Group 8 Kartik Patel, Aaron Zhong, Wen-Kai Chen,

Published byAugusta Patterson Modified over 6 years ago

Similar presentations

Presentation on theme: "Cash Me Presented By Group 8 Kartik Patel, Aaron Zhong, Wen-Kai Chen,"— Presentation transcript:

1 Cash Me Presented By Group 8 Kartik Patel, Aaron Zhong, Wen-Kai Chen,
Rashika Rawat, Kaimin (Alex) Li, Muzamil Khan

2 What will be covered. Our Application Obfuscation Techniques and Tool
Storage and Performance Overhead Reverse Engineering Process and Findings Discussion and Limitations

3 Our Application. CashMe is a application which is used to determine the net monthly income the user saves after they have added their different sources of income followed by their expenses. We made this application to help people see whether they are spending more than what they are actually earning.

4 Our Application SQLite Local database storage Table for income
Table for expense Service Queries the database Calculates net income Return net income

5 Obfuscation Techniques.
Code Flattening Source code split into different statements in switch statements Visual appearance of code running in different sequence Opaque Predicates Prevent static analysis tools from analysing the obfuscated code Dead Code Injection Misdirect attackers to seemly useful methods Proguard Class, fields, methods renamed with meaningless names For the obfuscation techniques, we used 4 techniques which is code flattening, opaque predicates, dead code injection and proguard.

6 Obfuscation Tool Java command line application Completely automated (No manual obfuscation while writing app) Recursively checks source code directories for Java files Using JavaParser Encapsulates Java code into Java objects which then can be modified Input: Java source code Process: Apply obfuscation techniques Output: Obfuscated Java source code Build APK from obfuscated source code

7 Storage APK SIZE App with no obfuscation 1.8MB (approx. 1823KB)
App ran through our obfuscation tool 1.8MB (approx. 1828KB) +5KB App ran through our obfuscation tool + Proguard 1.1MB (-0.7MB)

8 Performance Performance time of app compared to its obfuscated version: First execution time in seconds Average of 10 execution time in seconds %Overhead App without obfuscation 1.277 0.715 44 Obfuscated app with ProGuard 0.887 0.598 32.58 %Difference 30.5 16.36

9 Reverse Engineering Process
Use of jadx to decompile .apk file. It is possible, but hard to determine functionality of method / classes named as a single letter comments removed by ProGuard. Any base64 encrypted string is decrypted easily Revealing the underlying information about the string Opaque predicates, control flow flattening and dead code determined by the repeated use of variables method calls Opaque predicates - calls computeService(), processData() in if-statements. Control flow - calls same methods in switch-statements

10 Reverse Engineering Findings

11 Findings Code flattening Opaque predicates Class renaming
Variable renaming String encryption

12 Discussion Javaparser’s usage allowed automated obfuscation, but also limited what could be done Variable declarations and return statements could not be obfuscated with control flow flattening Javaparser could not differentiate methods in anonymous inner classes from standard methods Both issues causes compile errors to do with method calls or variables being out of scope

13 Discussion String encryption was not implemented due to being a low priority task String encryption would need a method to decrypt during runtime Regardless of the strength of the encryption, if the decryption method was found it can be used to obtain the original strings Due to this the focus was on control flow obfuscation

Download ppt "Cash Me Presented By Group 8 Kartik Patel, Aaron Zhong, Wen-Kai Chen,"

Similar presentations

Designing a Program & the Java Programming Language

Designing a Program & the Java Programming Language
Introduction to Eclipse. Start Eclipse Click and then click Eclipse from the menu: Or open a shell and type eclipse after the prompt.

Introduction to Eclipse. Start Eclipse Click and then click Eclipse from the menu: Or open a shell and type eclipse after the prompt.
With Microsoft Access 2010© 2011 Pearson Education, Inc. Publishing as Prentice Hall1 PowerPoint Presentation to Accompany GO! with Microsoft ® Access.

With Microsoft Access 2010© 2011 Pearson Education, Inc. Publishing as Prentice Hall1 PowerPoint Presentation to Accompany GO! with Microsoft ® Access.
JavaScript Obfuscation Facts and Fiction Pedro Fortuna, Co-Founder and CTO AuditMark.

JavaScript Obfuscation Facts and Fiction Pedro Fortuna, Co-Founder and CTO AuditMark.
Build your Android App with Gradle Android new build system.

Build your Android App with Gradle Android new build system.
 2005 Pearson Education, Inc. All rights reserved. 1 1 1 Introduction.

 2005 Pearson Education, Inc. All rights reserved Introduction.
CS266 Software Reverse Engineering (SRE) Applying Anti-Reversing Techniques to Java Bytecode Teodoro (Ted) Cipresso,

CS266 Software Reverse Engineering (SRE) Applying Anti-Reversing Techniques to Java Bytecode Teodoro (Ted) Cipresso,
Starting Out with C++, 3 rd Edition 1 Chapter 1. Introduction to Computers and Programming.

Starting Out with C++, 3 rd Edition 1 Chapter 1. Introduction to Computers and Programming.
.NET IL Obfuscation Presented by: Sarath Chandra Dorbala.

.NET IL Obfuscation Presented by: Sarath Chandra Dorbala.
DECOMPILING ANDROID Godfrey Nolan 1DevDay 11/5/11.

DECOMPILING ANDROID Godfrey Nolan 1DevDay 11/5/11.
Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.

Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.
A Guide to Oracle9i1 Introduction To Forms Builder Chapter 5.

A Guide to Oracle9i1 Introduction To Forms Builder Chapter 5.
Computer Programming and Basic Software Engineering 4. Basic Software Engineering 1 Writing a Good Program 4. Basic Software Engineering 3 October 2007.

Computer Programming and Basic Software Engineering 4. Basic Software Engineering 1 Writing a Good Program 4. Basic Software Engineering 3 October 2007.
16/27/2015 3:38 AM6/27/2015 3:38 AM6/27/2015 3:38 AMTesting and Debugging Testing The process of verifying the software performs to the specifications.

16/27/2015 3:38 AM6/27/2015 3:38 AM6/27/2015 3:38 AMTesting and Debugging Testing The process of verifying the software performs to the specifications.
Obfuscation techniques in Java Therese Berge Jonas Ringedal.

Obfuscation techniques in Java Therese Berge Jonas Ringedal.
Wangjun Hong, Zhengyang Qu, Northwestern University, IL, US,

Wangjun Hong, Zhengyang Qu, Northwestern University, IL, US,
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
2  Problem Definition  Project Purpose – Building Obfuscator  Obfuscation Quality  Obfuscation Using Opaque Predicates  Future Planning.

2  Problem Definition  Project Purpose – Building Obfuscator  Obfuscation Quality  Obfuscation Using Opaque Predicates  Future Planning.
1 Chapter One A First Program Using C#. 2 Objectives Learn about programming tasks Learn object-oriented programming concepts Learn about the C# programming.

1 Chapter One A First Program Using C#. 2 Objectives Learn about programming tasks Learn object-oriented programming concepts Learn about the C# programming.
A First Program Using C#

A First Program Using C#

Similar presentations

Ads by Google