![assets - all the unmodified app contents
AndroidManifest.xml - Generic; The app-map
classes.dex - Java files’ package. The Dalvik executable [ yeah! the source ]
res - All the resources ( drawables, icons, values )
lib - External/custom native libraries
Resources.asrc - Compiled resources / binaries
META-INF - Certificates](https://image.slidesharecdn.com/dissectingandroidapk-160918120101/85/Dissecting-Android-APK-19-320.jpg)
Dissecting Android APK
- 1. Dissecting Android APK Reversing Android applications
- 2. /> self.me - Final year undergraduate student at Amrita University, Amritapuri - Love Android ! - Currently researching on Android security - Play CTFs as a part of team bi0s
- 3. bi0s
- 4. Index - Why Android ? - Android security implementations and issues - Real world Android malwares - Reversing Android apps - Structure of an APK - Analyzing the contents
- 5. Why Android ? The Tale of Triumph Open source - power to you! User-friendly Most used - more developers
- 6. Mobile OS Global Market Share 2016
- 7. Android security - Sandboxing - Permissions - ASLR since Android 4.0 ICS - ARM TrustZone Implementations
- 8. Permissions
- 10. Are we at risk ?
- 11. Issues - Malwares - Ransomwares - Exploits
- 12. Real world Android malwares
- 13. AccuTrack : Turns an Android device into a GPS tracker AckPost : Steals contact information from the device and sends it to a remote server BackFlash / Crosate : Installs as a fake Flash plugin, registers as a Device administrator, and steals sensitive data BankBot : Particularly aims at stealing bank account information from dedicated apps DroidDeluxe : Exploits the device to gain root privilege and then modifies access permission of database files and collects account information
- 14. APK Android package : APK Zip file with .apk extension Playstore, Amazon Appstore, F-Droid Java + res + XML + Libs Android PacKage
- 15. Making of an APK
- 16. Reversing Android apps Tools and Methodologies
- 17. APKTOOL Reversing APKs - Compile/decompile apps - Smali code - To modify apps
- 18. Structure of an APK
- 19. assets - all the unmodified app contents AndroidManifest.xml - Generic; The app-map classes.dex - Java files’ package. The Dalvik executable [ yeah! the source ] res - All the resources ( drawables, icons, values ) lib - External/custom native libraries Resources.asrc - Compiled resources / binaries META-INF - Certificates
- 20. Dalvik / ART → JVM redefined → Dalvik until 4.4.4 Kitkat. ART from 5.0 Lollipop → Executes dex → Dalvik - JIT, ART - AOT
- 21. DEX Dalvik Executable > Dalvik’s bytecode > java classes > Easy to debug
- 22. Tools
- 23. ADB Android Debug Bridge - Android tool - Drop shells, files - Access partitions - Install applications
- 24. Dex2Jar The source - Small in size - Any platform - Extracts compiled classes out of the dex - Easy to use
- 25. Demo
- 26. Workaround ? → Check permissions → Trusted app sources → Use ‘ anti-malware ’ apps
- 27. Glossary - aapt : Android Asset Packaging Tool. - dex : Dalvik executable. - dx : Tool within the Android SDK used to convert the jar files into dex files. - R.java : A class with static methods to reference all the resources.
- 28. In-depth Introduction to Android Permission Model Android Internals by Karim Yaghmour Logcat Security Issue Dalvik and ART Dex2jar, ADB, APK Tool DexGuard obfuscator Dalvik opcodes OWASP Seraphimdroid References
- 29. Thank You