[email protected] Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary...
Transcript of [email protected] Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary...
![Page 1: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/1.jpg)
The global reference inmobile application protection
Mobile application threats
[email protected] & services engineer
![Page 2: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/2.jpg)
Janus vulnerability: allows hackers to modify apps without affecting their signatures
![Page 3: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/3.jpg)
Mobile threats
![Page 4: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/4.jpg)
• Easily, freely available• Easily accessible• Relied upon for everyday tasks – banking, commuting, entertainment etc.
However, this also means:• Wealth of sensitive info exchanged over app• Lures hackers• Just as easily accessible to hackers• Vulnerability for apps
Mobile apps are ubiquitous
![Page 5: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/5.jpg)
Off-line: static attacks
Hackers transform the code into human readable format to find and exploit vulnerabilities
![Page 6: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/6.jpg)
Offline: static analysis
• Analyze the application source code• Disassemblers: dexdump, baksmali• Decompilers: dex2jar + jad, JD-GUI, JEB, Procyon, CFR etc.• Resources: aapt, apktool, etc.
![Page 7: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/7.jpg)
On-device: dynamic attacks
Hackers gather knowledge of the application’s behaviour and modify it at runtime
![Page 8: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/8.jpg)
• Perform dynamic binary instrumentation to learn about the application’s runtime behavior
• Using debuggers such as adb, Ida Pro etc.• Subverted runtime: Xposed, Substrate, Frida• Cracking tools: Lucky Patcher
On-device: dynamic analysis
![Page 9: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/9.jpg)
Piracy
API key extractionFinancial fraud
Cloning & IP theft Malware insertion
Credential harvesting
Mobile threats
![Page 10: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/10.jpg)
The global reference in mobile application protection
Revenue loss Reputational damage
Fines & retributions Incident handling cost
Consequences of a hacked application
![Page 11: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/11.jpg)
Mobile application attacks
![Page 12: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/12.jpg)
DDOS attacks
![Page 13: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/13.jpg)
Intellectual property theft
![Page 14: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/14.jpg)
Reputational damage
![Page 15: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/15.jpg)
Stealing API keys
![Page 16: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/16.jpg)
Mobile applicationprotection
![Page 17: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/17.jpg)
• Secure design and architecture• Proper use of the platform• Secure data storage• Secure communication• Cryptography• Authentication and session management• Code quality
• Pentesting• Secure code guiding tools• Logging code removal• ...
Secure coding practices
Good reference!OWASP Mobile Security Testing Guide: https://www.owasp.org/index.php/OWASP_Mobile_Security_Testing_Guide#tab=Main
![Page 18: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/18.jpg)
• Name obfuscation• String encryption• Class encryption• Asset encryption• Native library encryption• Control flow obfuscation• Arithmetic obfuscation• etc.
Protecting against code reverse engineering
![Page 19: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/19.jpg)
• Tamper detection• Hook detection• Root detection• Debugger detection• Emulator detection• SSL pinning
Protecting against dynamic analysis attacks
![Page 20: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/20.jpg)
Open sourceJava and Android
Part of Android SDK
CommercialSpecialized for iOSStatic protection
ProGuard DexGuard iXGuard
CommercialSpecialized for Android
Static & dynamic protection
GuardSquare, advanced mobile app protection
![Page 21: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/21.jpg)
Obfuscation example
ORIGINAL CODE
![Page 22: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/22.jpg)
DexGuard: obfuscation example
DECOMPILED UNPROTECTED CODE
![Page 23: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/23.jpg)
DexGuard: obfuscation example
DECOMPILED OBFUSCATED CODE
![Page 24: irasara.senarathne@guardsquare.com Pre-sales & …€¦ · · 2017-12-18•Perform dynamic binary instrumentation to learn ... Protectingagainstcode reverse engineering ... •Emulator](https://reader031.fdocuments.net/reader031/viewer/2022021512/5afdef067f8b9aa34d8e2ed8/html5/thumbnails/24.jpg)
Thank you