Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Android Programming

Presentation Presentation

advertisement 
Java applications
reverse engineering
Antoni Bertel
Antoni_Bertel@epam.com
AUGUST 4, 2015
1
Introductory
• Jar (Java Archive) is a package file format typically used to aggregate many
Java class files and associated metadata and resources.
• Java bytecode is the instruction set of the Java virtual machine.
• APK is the package file format used to distribute and install application
software and middleware onto Google's Android operating system.
• Obfuscation is the obscuring of intended meaning in communication,
making the message confusing, willfully ambiguous, or harder to understand.
2
Plan
1
The attack on the two java archive: desktop and mobile applications.
2
Conclusion of business problems.
3
Other types of attacks on the jar, demonstration of some of them.
4
Types of jar protection, concentrating on obfuscation.
5
Protecting "Hello, world" java application.
6
Answers on questions
3
Desktop java application
AEM (Adobe Experience Manager) is an enterprise-grade web content management system with a wide array of
powerful features.
Info
• License costs 50.000 $
• Delivered as jar with size ~ 450 mb
• Used by Playstation, SAP, Norton
• Written by java
• Bytecode is not obfuscated
4
The practical part
5
Android application
Dalvik VM is a virtual machine in Google's Android operating system that executes applications written for
Android.
The Dalvik VM executes files in the Dex (Dalvik Executable) format .
6
Android application
7
Android application
VK (Vkontakte) is a social network that unites people all over the world and helps them communicate
comfortably and promptly.
Info
• More than 2.000.000 reviews.
• Fifty million downloads from android market
• Delivered as APK
• Written by java
• Bytecode is not obfuscated
8
The practical part
9
Technical risks
1.
Access to premium content
2.
Stealing source code
3.
Access to the private application data
4.
Declassification of the internal architecture of the application
5.
Access to internal application systems (API)
6.
Stealing traffic; advertising; mobile botnets…
10
Business risks
1.
Product discrediting
2.
Losing money
11
Tools
• Bytecode decompilation
– JD-GUI
– JAD Java Decompiler
– Bytecode viewer
• Bytecode modification
–
–
–
–
Java Bytecode Editor
reJ
Javassist
Byte Buddy
• Bytecode debugging
– Java ByteCode Debugger
– Bytecode Visualizer
12
Solutions
1
Bytecode obfuscation
2
Anti-debugging
3
Own protection of business logic
13
The practical part
14
Questions?
15
Related documents
Homework 1- Solutions
Homework 1- Solutions
Introduction to Computer Science E-1 and to the Internet
Introduction to Computer Science E-1 and to the Internet
Exercises
Exercises
AP Computer Science A Syllabus
AP Computer Science A Syllabus
WORDij_Installation_for_Windows
WORDij_Installation_for_Windows
PROGRAMMING Overview of Java
PROGRAMMING Overview of Java
Answer to Homework 7
Answer to Homework 7
Software Development Project
Software Development Project
List of lectures TDDA69 Data and Program Structure
List of lectures TDDA69 Data and Program Structure
Java Security Model and Java Security Model and Bytecode Verification Bytecode Verification 1.
Java Security Model and Java Security Model and Bytecode Verification Bytecode Verification 1.
A Study of Android Application Security
A Study of Android Application Security
Runtime Code Generation with JVM and CLR
Runtime Code Generation with JVM and CLR
Dynamic Slicing on Java Bytecode Traces
Dynamic Slicing on Java Bytecode Traces
Download
advertisement