Dissecting Android APK
-
Upload
cysinfo-cyber-security-community -
Category
Software
-
view
373 -
download
1
Transcript of Dissecting Android APK
Dissecting Android APKReversing Android applications
/> self.me
- Final year undergraduate student at Amrita University, Amritapuri
- Love Android !
- Currently researching on Android security
- Play CTFs as a part of team bi0s
bi0s
Index
- Why Android ?
- Android security implementations and issues
- Real world Android malwares
- Reversing Android apps
- Structure of an APK
- Analyzing the contents
- Demo
- Workaround
Why Android ?
The Tale of Triumph
Open source - power to you!
User-friendly
Most used - more developers
Mobile OS Global Market Share 2016
Android security
- Sandboxing
- Permissions
- ASLR since Android 4.0 ICS
- ARM TrustZone
Implementations
Permissions
ARM TrustZone
Are we at risk ?
Issues - Malwares
- Ransomwares
- Exploits
Real world Android malwares
AccuTrack : Turns an Android device into a GPS tracker
AckPost : Steals contact information from the device and sends it to a remote server
BackFlash / Crosate : Installs as a fake Flash plugin, registers as a Device administrator, and steals sensitive data
BankBot : Particularly aims at stealing bank account information from dedicated apps
DroidDeluxe :Exploits the device to gain root privilege and then modifies access permission of database files and collects account information
APKAndroid package : APK
Zip file with .apk extension
Playstore, Amazon Appstore, F-Droid
Java + res + XML + Libs
Android PacKage
Making of an APK
Reversing Android apps Tools and Methodologies
APKTOOLReversing APKs
- Compile/decompile apps
- Smali code
- To modify apps
Structure of an APK
assets - all the unmodified app contents
AndroidManifest.xml - Generic; The app-map
classes.dex - Java files’ package. The Dalvik executable [ yeah! the source ]
res - All the resources ( drawables, icons, values )
lib - External/custom native libraries
Resources.asrc - Compiled resources / binaries
META-INF - Certificates
Dalvik / ART
→ JVM redefined
→ Dalvik until 4.4.4 Kitkat. ART from 5.0 Lollipop
→ Executes dex
→ Dalvik - JIT, ART - AOT
DEXDalvik Executable
> Dalvik’s bytecode
> java classes
> Easy to debug
Tools
ADBAndroid Debug Bridge
- Android tool
- Drop shells, files
- Access partitions
- Install applications
Dex2JarThe source
- Small in size
- Any platform
- Extracts compiled classes out of the dex
- Easy to use
Demo
Workaround ? → Check permissions
→ Trusted app sources
→ Use ‘ anti-malware ’ apps
Glossary
- aapt : Android Asset Packaging Tool.
- dex : Dalvik executable.
- dx : Tool within the Android SDK used to convert the jar files into dex files.
- R.java : A class with static methods to reference all the resources.
In-depth Introduction to Android Permission Model
Android Internals by Karim Yaghmour
Logcat Security Issue
Dalvik and ART
Dex2jar, ADB, APK Tool
DexGuard obfuscator
Dalvik opcodes
OWASP Seraphimdroid
References
Thank You