Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Java applications reverse engineering Antoni Bertel AUGUST 4, 2015.

Published byGervais Higgins Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Java applications reverse engineering Antoni Bertel AUGUST 4, 2015."— Presentation transcript:

1 1 Java applications reverse engineering Antoni Bertel Antoni_Bertel@epam.com AUGUST 4, 2015

2 2 Jar (Java Archive) is a package file format typically used to aggregate many Java class files and associated metadata and resources. Java bytecode is the instruction set of the Java virtual machine. APK is the package file format used to distribute and install application software and middleware onto Google's Android operating system. Obfuscation is the obscuring of intended meaning in communication, making the message confusing, willfully ambiguous, or harder to understand. Introductory

3 3 Plan The attack on the two java archive: desktop and mobile applications. 1 Conclusion of business problems. 2 Other types of attacks on the jar, demonstration of some of them. 3 Types of jar protection, concentrating on obfuscation. 4 Protecting "Hello, world" java application. 5 Answers on questions 6

4 4 Desktop java application AEM (Adobe Experience Manager) is an enterprise-grade web content management system with a wide array of powerful features. Info License costs 50.000 $ Delivered as jar with size ~ 450 mb Used by Playstation, SAP, Norton Written by java Bytecode is not obfuscated

5 5 The practical part

6 6 Android application Dalvik VM is a virtual machine in Google's Android operating system that executes applications written for Android. The Dalvik VM executes files in the Dex (Dalvik Executable) format.

7 7 Android application

8 8 VK (Vkontakte) is a social network that unites people all over the world and helps them communicate comfortably and promptly. Info More than 2.000.000 reviews. Fifty million downloads from android market Delivered as APK Written by java Bytecode is not obfuscated

9 9 The practical part

10 10 1. Access to premium content 2. Stealing source code 3. Access to the private application data 4. Declassification of the internal architecture of the application 5. Access to internal application systems (API) 6. Stealing traffic; advertising; mobile botnets… Technical risks

11 11 1. Product discrediting 2. Losing money Business risks

12 12 Bytecode decompilation – JD-GUI – JAD Java Decompiler – Bytecode viewer Bytecode modification – Java Bytecode Editor – reJ – Javassist – Byte Buddy Bytecode debugging – Java ByteCode Debugger – Bytecode Visualizer Tools

13 13 Solutions Bytecode obfuscation 1 Anti-debugging 2 Own protection of business logic 3

14 14 The practical part

15 15 Questions?

Download ppt "1 Java applications reverse engineering Antoni Bertel AUGUST 4, 2015."

Similar presentations

Android Application Development A Tutorial Driven Course.

Android Application Development A Tutorial Driven Course.
Cracking the Code of Mobile Application OWASP APPSEC USA 2012

Cracking the Code of Mobile Application OWASP APPSEC USA 2012
Introduction.  Professor  Adam Porter 

Introduction.  Professor  Adam Porter 
What is Android?.

What is Android?.
Android architecture overview

Android architecture overview
Introduction To Java Objectives For Today â Introduction To Java â The Java Platform & The (JVM) Java Virtual Machine â Core Java (API) Application Programming.

Introduction To Java Objectives For Today â Introduction To Java â The Java Platform & The (JVM) Java Virtual Machine â Core Java (API) Application Programming.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
DEPARTMENT OF COMPUTER ENGINEERING

DEPARTMENT OF COMPUTER ENGINEERING
Google Android as a mobile development platform T-110.7111 Internet Technologies for Mobile Computing Olli Mäkinen.

Google Android as a mobile development platform T Internet Technologies for Mobile Computing Olli Mäkinen.
This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit

This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit
2. Setting Up Your Android Development Environment.

2. Setting Up Your Android Development Environment.
@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.

@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.
Asst.Prof.Dr.Ahmet Ünveren 2014-2015 SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren 2014-2015 SPRING Computer Engineering Department.

Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department.
S MARTPHONE A PPLICATION D EVELOPMENT Sam Palmer.

S MARTPHONE A PPLICATION D EVELOPMENT Sam Palmer.
01 Introduction to Java Technology. 2 Contents History of Java What is Java? Java Platforms Java Virtual Machine (JVM) Java Development Kit (JDK) Benefits.

01 Introduction to Java Technology. 2 Contents History of Java What is Java? Java Platforms Java Virtual Machine (JVM) Java Development Kit (JDK) Benefits.
The Basic Java Tools A text editor to write Java program source code. A compiler to translate source code into bytecode. An interpreter to translate.

The Basic Java Tools A text editor to write Java program source code. A compiler to translate source code into bytecode. An interpreter to translate.
Introduction to Android Platform Overview 19.3.2013.

Introduction to Android Platform Overview
Breaking Abstractions and Unstructuring Data Structures Christian Collberg Clark Thomborson Douglas Low “Mobile programs are distributed in forms that.

Breaking Abstractions and Unstructuring Data Structures Christian Collberg Clark Thomborson Douglas Low “Mobile programs are distributed in forms that.
Reverse Engineering Obfuscated Android Applications

Reverse Engineering Obfuscated Android Applications
Android Introduction Platform Overview.

Android Introduction Platform Overview.

Similar presentations

Ads by Google