24. 3.4. Xposed Framework
Standard modules for SSL
pinning bypass:
• Xposed Module: Just Trust Me
• Xposed Module: SSLUnpinning
25. 4. Frida vs Xposed
Checks Frida Xposed
Architecture Client-server Modules on devices
Platform Cross-platform Android
Languages JS, Python, C, Swift Java
Usability Simply for advanced specialist Simply for Java/Android dev
26. 5. How to protect?
Code hardening
• Prevents attackers from gaining insight into your
source code and modify it or extract valuable
information from it.
• Obfuscation of arithmetic instructions, control flow,
native code and library names, resources and SDK
method calls
• Encryption of classes, strings, assets, resource files and
native libraries
27. 5. How to protect?
Runtime Application Self-Protection (RASP)
• Enables your applications to protect themselves against
real-time attacks. This prevents attackers from gathering
knowledge about their behavior and modifying it at
runtime
• Detection of debugging tools, emulators, rooted devices,
hooking frameworks, root cloaking frameworks and
tampering
• SSL pinning and Webview SSL pinning
• Certificate checks
28. 5. How to protect?
Code optimization
• Reduces the size of your applications and
improves their performance.
• Removal of redundant code, logging code
and metadata, unused resources and native
libraries
• Code and resource optimization