SlideShare ist ein Scribd-Unternehmen logo

Reverse engineering android apps to instrument network calls with Smali

Gaurav Lochan
Gaurav Lochan

The document discusses different approaches for instrumenting Android apps to add network monitoring capabilities. It describes choosing to modify the app's dex file by disassembling it to Smali code, inserting instrumentation code, and reassembling it. This allows intercepting HTTP calls without requiring access to the app's source code or build process. The key benefits are that it works on any app and Android version without the app's code needing changes.

Technologie
1 von 20
Downloaden Sie, um offline zu lesen
Reverse engineering and instrumenting android apps Gaurav Lochan Little Eye Labs Friday 13 December 13
Outline Motivation? Instrumentation Guts of an android app Instrumentation approaches Chosen approach Friday 13 December 13
Motivation? Little Eye Measures, Analyzes and helps optimize app resource usage on Android. But network stats are aggregates only Friday 13 December 13
Motivation (2) Needed granular network stats - each endpoint/URL, Latency, Data transferred Considered different approaches Implement a VPN client app Use a proxy Looked at OS stats - didn’t find anything Java debug wire protocol (JDWP) Instrumentation Friday 13 December 13
Instrumentation ie, Rewriting parts of a binary (in this case, android app) Allows us to intercept HTTP calls, with code-level context (parameters, errors) for each call Works on any app Works on practically any android version/device Opens up a lot of exciting possibilities... Friday 13 December 13
Instrumentation (2) Can be: Static or Runtime Examples Android Traceview (startMethodTracing) Android test automation framework iOS instruments Purify (Rational / IBM) JVM -javaagent option AspectJ Friday 13 December 13
Guts of an app Friday 13 December 13
classes.dx Dalvik is the custom android VM (different from JVM) Dex = Dalvik EXecutable format. It’s a custom bytecode format designed for android Build process: compile .java code into .class files dx converts each .class file into .dx representation, and stores them in the single classes.dx all ref’d library code also goes into classes.dex Friday 13 December 13
Reverse engineering tools Smali (by JesusFreke) - dex disassembler ApkTool - decodes resources, repackage app dex2jar - disassembles dex to .class format JD-GUI - Decompiles .class into .java Androguard - Tool for deep analysis of android app ApkAnalyzer - Tool for analysis of app, also supports instrumentation of the app. Friday 13 December 13
Smali: Before Friday 13 December 13
Smali: After Friday 13 December 13
Androguard Friday 13 December 13
ApkAnalyzer Friday 13 December 13
Instrumentation Approaches Explored the following approaches on android Runtime Instrument .class files during build process Instrument .dex file Friday 13 December 13
Runtime instrumentation A JVM allows this - pass in a java.lang.instrumentation (using the -javaagent flag) which can transform class at class-load time Dalvik doesn’t support this It supports passing in a android.app.instrumentation, but that has a limited set of methods, mostly for automated testing Friday 13 December 13
Instrumenting .class files Considered modifying .class files, in two ways: Using the JavaAssist tool/library AspectJ Both are well understood tools, but need to be done at build time Requires a process change, plus not all of our users have access to the build (e.g. 3rd party QA team) Friday 13 December 13
Instrumenting .dex file Found some tools - none of these looked solid enough dexpler - research project redexer - research project apkil - google summer of code project Tried dex2jar to convert .dx into .class - but this is not a reliable method. Fine for reading code (skip the failed conversions), but not for this use case. Friday 13 December 13
Instrumenting .dex file (2) Smali A simple tool that decompiles the .dx into an intermediate format (also known as smali) This is well-used (e.g. ApkTool, ApkAnalyzer, and apkil use it) Active project, well supported by JesusFreke I disassemble an app, modified the smali code, and reassembled and repackaged, and it just worked! Friday 13 December 13
Automating instrumentation Challenges: Need a way to find all the appropriate calls in the app to replace Need to do it without side-effects. Tried many approaches, JesusFreke pointed me to MutableMethod which did what i needed Called my approach Umbreyta (icelandic for transform). https://github.com/LittleEyeLabs/smali Friday 13 December 13
Voila! Friday 13 December 13

Empfohlen

Reverse engineering android apps
Reverse engineering android appsReverse engineering android apps
Reverse engineering android appsPranay Airan
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeMário Almeida
 
Reverse Engineering Android Application
Reverse Engineering Android ApplicationReverse Engineering Android Application
Reverse Engineering Android Applicationn|u - The Open Security Community
 
Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Internet Security Auditors
 
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ZongXian Shen
 
IEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationIEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationRufatet Babakishiyev
 
JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...
JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...
JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...Jorge Hidalgo
 
Interpreter RPG to Java
Interpreter RPG to JavaInterpreter RPG to Java
Interpreter RPG to Javafarerobe
 

Empfohlen

Reverse engineering android apps
Reverse engineering android appsReverse engineering android apps
Reverse engineering android appsPranay Airan
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeMário Almeida
 
Reverse Engineering Android Application
Reverse Engineering Android ApplicationReverse Engineering Android Application
Reverse Engineering Android Applicationn|u - The Open Security Community
 
Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Android reverse engineering: understanding third-party applications. OWASP EU...
Android reverse engineering: understanding third-party applications. OWASP EU...Internet Security Auditors
 
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ZongXian Shen
 
IEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationIEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationRufatet Babakishiyev
 
JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...
JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...
JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...Jorge Hidalgo
 
Interpreter RPG to Java
Interpreter RPG to JavaInterpreter RPG to Java
Interpreter RPG to Javafarerobe
 
Extract source code from an Android apk file
Extract source code from an Android apk fileExtract source code from an Android apk file
Extract source code from an Android apk fileBiwin John
 
Gwt and JSR 269's Pluggable Annotation Processing API
Gwt and JSR 269's Pluggable Annotation Processing APIGwt and JSR 269's Pluggable Annotation Processing API
Gwt and JSR 269's Pluggable Annotation Processing APIArnaud Tournier
 
Why the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID ArchitectureWhy the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID ArchitectureJorge Ortiz
 
[ApacheCon 2016] Advanced Apache Cordova
[ApacheCon 2016] Advanced Apache Cordova[ApacheCon 2016] Advanced Apache Cordova
[ApacheCon 2016] Advanced Apache CordovaHazem Saleh
 
Code Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCoCode Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCoEvgeny Mandrikov
 
Exploring the power of Gradle in android studio - Basics & Beyond
Exploring the power of Gradle in android studio - Basics & BeyondExploring the power of Gradle in android studio - Basics & Beyond
Exploring the power of Gradle in android studio - Basics & BeyondKaushal Dhruw
 
Qtp interview questions and answers
Qtp interview questions and answersQtp interview questions and answers
Qtp interview questions and answersITeLearn
 
Droidcon Summary 2021
Droidcon Summary 2021Droidcon Summary 2021
Droidcon Summary 2021Bartosz Kosarzycki
 
JavaOne 2009 BOF-5189 Griffon In Depth
JavaOne 2009 BOF-5189 Griffon In DepthJavaOne 2009 BOF-5189 Griffon In Depth
JavaOne 2009 BOF-5189 Griffon In DepthDanno Ferrin
 
Dependence day insurgence
Dependence day insurgenceDependence day insurgence
Dependence day insurgenceJorge Ortiz
 
Functional Reactive Programming in the Netflix API
Functional Reactive Programming in the Netflix APIFunctional Reactive Programming in the Netflix API
Functional Reactive Programming in the Netflix APIC4Media
 
When Enterprise Java Micro Profile meets Angular
When Enterprise Java Micro Profile meets AngularWhen Enterprise Java Micro Profile meets Angular
When Enterprise Java Micro Profile meets AngularAntonio Goncalves
 
Apache Cordova In Action
Apache Cordova In ActionApache Cordova In Action
Apache Cordova In ActionHazem Saleh
 
Effective code reviews
Effective code reviewsEffective code reviews
Effective code reviewsSebastian Marek
 
Java quick reference
Java quick referenceJava quick reference
Java quick referencewww.programmingarena.com
 
Effective code reviews
Effective code reviewsEffective code reviews
Effective code reviewsSebastian Marek
 
From zero to hero with React Native!
From zero to hero with React Native!From zero to hero with React Native!
From zero to hero with React Native!Commit University
 
基於 Flow & Path 的 MVP 架構
基於 Flow & Path 的 MVP 架構基於 Flow & Path 的 MVP 架構
基於 Flow & Path 的 MVP 架構玄武 Wu
 
Programming in Java
Programming in JavaProgramming in Java
Programming in JavaAbhilash Nair
 
Apache Deltaspike the CDI Toolbox (Java One 2015)
Apache Deltaspike the CDI Toolbox (Java One 2015)Apache Deltaspike the CDI Toolbox (Java One 2015)
Apache Deltaspike the CDI Toolbox (Java One 2015)Antoine Sabot-Durand
 
Carrers in instrumentation engineering
Carrers in instrumentation engineeringCarrers in instrumentation engineering
Carrers in instrumentation engineeringentranzz123
 
Mechanical, Electrical and Instrumentation Engineering for Non-Engineers
Mechanical, Electrical and Instrumentation Engineering for Non-EngineersMechanical, Electrical and Instrumentation Engineering for Non-Engineers
Mechanical, Electrical and Instrumentation Engineering for Non-EngineersLiving Online
 

Weitere ähnliche Inhalte

Was ist angesagt?

Extract source code from an Android apk file
Extract source code from an Android apk fileExtract source code from an Android apk file
Extract source code from an Android apk fileBiwin John
 
Gwt and JSR 269's Pluggable Annotation Processing API
Gwt and JSR 269's Pluggable Annotation Processing APIGwt and JSR 269's Pluggable Annotation Processing API
Gwt and JSR 269's Pluggable Annotation Processing APIArnaud Tournier
 
Why the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID ArchitectureWhy the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID ArchitectureJorge Ortiz
 
[ApacheCon 2016] Advanced Apache Cordova
[ApacheCon 2016] Advanced Apache Cordova[ApacheCon 2016] Advanced Apache Cordova
[ApacheCon 2016] Advanced Apache CordovaHazem Saleh
 
Code Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCoCode Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCoEvgeny Mandrikov
 
Exploring the power of Gradle in android studio - Basics & Beyond
Exploring the power of Gradle in android studio - Basics & BeyondExploring the power of Gradle in android studio - Basics & Beyond
Exploring the power of Gradle in android studio - Basics & BeyondKaushal Dhruw
 
Qtp interview questions and answers
Qtp interview questions and answersQtp interview questions and answers
Qtp interview questions and answersITeLearn
 
JavaOne 2009 BOF-5189 Griffon In Depth
JavaOne 2009 BOF-5189 Griffon In DepthJavaOne 2009 BOF-5189 Griffon In Depth
JavaOne 2009 BOF-5189 Griffon In DepthDanno Ferrin
 
Dependence day insurgence
Dependence day insurgenceDependence day insurgence
Dependence day insurgenceJorge Ortiz
 
Functional Reactive Programming in the Netflix API
Functional Reactive Programming in the Netflix APIFunctional Reactive Programming in the Netflix API
Functional Reactive Programming in the Netflix APIC4Media
 
When Enterprise Java Micro Profile meets Angular
When Enterprise Java Micro Profile meets AngularWhen Enterprise Java Micro Profile meets Angular
When Enterprise Java Micro Profile meets AngularAntonio Goncalves
 
Apache Cordova In Action
Apache Cordova In ActionApache Cordova In Action
Apache Cordova In ActionHazem Saleh
 
From zero to hero with React Native!
From zero to hero with React Native!From zero to hero with React Native!
From zero to hero with React Native!Commit University
 
基於 Flow & Path 的 MVP 架構
基於 Flow & Path 的 MVP 架構基於 Flow & Path 的 MVP 架構
基於 Flow & Path 的 MVP 架構玄武 Wu
 
Apache Deltaspike the CDI Toolbox (Java One 2015)
Apache Deltaspike the CDI Toolbox (Java One 2015)Apache Deltaspike the CDI Toolbox (Java One 2015)
Apache Deltaspike the CDI Toolbox (Java One 2015)Antoine Sabot-Durand
 

Was ist angesagt? (20)

Extract source code from an Android apk file
Extract source code from an Android apk fileExtract source code from an Android apk file
Extract source code from an Android apk file
 
Gwt and JSR 269's Pluggable Annotation Processing API
Gwt and JSR 269's Pluggable Annotation Processing APIGwt and JSR 269's Pluggable Annotation Processing API
Gwt and JSR 269's Pluggable Annotation Processing API
 
Why the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID ArchitectureWhy the Dark Side should use Swift and a SOLID Architecture
Why the Dark Side should use Swift and a SOLID Architecture
 
[ApacheCon 2016] Advanced Apache Cordova
[ApacheCon 2016] Advanced Apache Cordova[ApacheCon 2016] Advanced Apache Cordova
[ApacheCon 2016] Advanced Apache Cordova
 
Code Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCoCode Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCo
 
Exploring the power of Gradle in android studio - Basics & Beyond
Exploring the power of Gradle in android studio - Basics & BeyondExploring the power of Gradle in android studio - Basics & Beyond
Exploring the power of Gradle in android studio - Basics & Beyond
 
Qtp interview questions and answers
Qtp interview questions and answersQtp interview questions and answers
Qtp interview questions and answers
 
Droidcon Summary 2021
Droidcon Summary 2021Droidcon Summary 2021
Droidcon Summary 2021
 
JavaOne 2009 BOF-5189 Griffon In Depth
JavaOne 2009 BOF-5189 Griffon In DepthJavaOne 2009 BOF-5189 Griffon In Depth
JavaOne 2009 BOF-5189 Griffon In Depth
 
Dependence day insurgence
Dependence day insurgenceDependence day insurgence
Dependence day insurgence
 
Functional Reactive Programming in the Netflix API
Functional Reactive Programming in the Netflix APIFunctional Reactive Programming in the Netflix API
Functional Reactive Programming in the Netflix API
 
When Enterprise Java Micro Profile meets Angular
When Enterprise Java Micro Profile meets AngularWhen Enterprise Java Micro Profile meets Angular
When Enterprise Java Micro Profile meets Angular
 
Apache Cordova In Action
Apache Cordova In ActionApache Cordova In Action
Apache Cordova In Action
 
Effective code reviews
Effective code reviewsEffective code reviews
Effective code reviews
 
Java quick reference
Java quick referenceJava quick reference
Java quick reference
 
Effective code reviews
Effective code reviewsEffective code reviews
Effective code reviews
 
From zero to hero with React Native!
From zero to hero with React Native!From zero to hero with React Native!
From zero to hero with React Native!
 
基於 Flow & Path 的 MVP 架構
基於 Flow & Path 的 MVP 架構基於 Flow & Path 的 MVP 架構
基於 Flow & Path 的 MVP 架構
 
Programming in Java
Programming in JavaProgramming in Java
Programming in Java
 
Apache Deltaspike the CDI Toolbox (Java One 2015)
Apache Deltaspike the CDI Toolbox (Java One 2015)Apache Deltaspike the CDI Toolbox (Java One 2015)
Apache Deltaspike the CDI Toolbox (Java One 2015)
 

Andere mochten auch

Carrers in instrumentation engineering
Carrers in instrumentation engineeringCarrers in instrumentation engineering
Carrers in instrumentation engineeringentranzz123
 
Mechanical, Electrical and Instrumentation Engineering for Non-Engineers
Mechanical, Electrical and Instrumentation Engineering for Non-EngineersMechanical, Electrical and Instrumentation Engineering for Non-Engineers
Mechanical, Electrical and Instrumentation Engineering for Non-EngineersLiving Online
 
Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...
Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...
Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...eeiej
 
Big picture of electronics and instrumentation engineering
Big picture of electronics and instrumentation engineeringBig picture of electronics and instrumentation engineering
Big picture of electronics and instrumentation engineeringRMK ENGINEERING COLLEGE, CHENNAI
 
Presentation on e&i supports
Presentation on e&i supportsPresentation on e&i supports
Presentation on e&i supportssyamdev1968
 
Jason Fong - Instrumentation Engineering Technologist update April 18
Jason Fong - Instrumentation Engineering Technologist update April 18Jason Fong - Instrumentation Engineering Technologist update April 18
Jason Fong - Instrumentation Engineering Technologist update April 18Jason Fong
 
instrumentation Engineering Cv
instrumentation Engineering Cvinstrumentation Engineering Cv
instrumentation Engineering Cvsameer abdullah
 
Hacking for Fun and Profit
Hacking for Fun and ProfitHacking for Fun and Profit
Hacking for Fun and ProfitApkudo
 
Industrial training at Numaligarh Refinery Limited ( Instrumentation Engineer...
Industrial training at Numaligarh Refinery Limited ( Instrumentation Engineer...Industrial training at Numaligarh Refinery Limited ( Instrumentation Engineer...
Industrial training at Numaligarh Refinery Limited ( Instrumentation Engineer...Alok Saikia
 
Hedland Variable Area Flow Meters
Hedland Variable Area Flow MetersHedland Variable Area Flow Meters
Hedland Variable Area Flow MetersBell Flow Systems
 
Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...
Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...
Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...SCADAmetrics
 
Blancett Turbine Flow Meters
Blancett Turbine Flow MetersBlancett Turbine Flow Meters
Blancett Turbine Flow MetersBell Flow Systems
 

Andere mochten auch (14)

Carrers in instrumentation engineering
Carrers in instrumentation engineeringCarrers in instrumentation engineering
Carrers in instrumentation engineering
 
Mechanical, Electrical and Instrumentation Engineering for Non-Engineers
Mechanical, Electrical and Instrumentation Engineering for Non-EngineersMechanical, Electrical and Instrumentation Engineering for Non-Engineers
Mechanical, Electrical and Instrumentation Engineering for Non-Engineers
 
Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...
Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...
Emerging Trends in Electrical, Electronics & Instrumentation Engineering: An ...
 
Big picture of electronics and instrumentation engineering
Big picture of electronics and instrumentation engineeringBig picture of electronics and instrumentation engineering
Big picture of electronics and instrumentation engineering
 
Instrumentation Engineering
Instrumentation EngineeringInstrumentation Engineering
Instrumentation Engineering
 
Presentation on e&i supports
Presentation on e&i supportsPresentation on e&i supports
Presentation on e&i supports
 
Jason Fong - Instrumentation Engineering Technologist update April 18
Jason Fong - Instrumentation Engineering Technologist update April 18Jason Fong - Instrumentation Engineering Technologist update April 18
Jason Fong - Instrumentation Engineering Technologist update April 18
 
instrumentation Engineering Cv
instrumentation Engineering Cvinstrumentation Engineering Cv
instrumentation Engineering Cv
 
Hacking for Fun and Profit
Hacking for Fun and ProfitHacking for Fun and Profit
Hacking for Fun and Profit
 
Lecture 10
Lecture 10Lecture 10
Lecture 10
 
Industrial training at Numaligarh Refinery Limited ( Instrumentation Engineer...
Industrial training at Numaligarh Refinery Limited ( Instrumentation Engineer...Industrial training at Numaligarh Refinery Limited ( Instrumentation Engineer...
Industrial training at Numaligarh Refinery Limited ( Instrumentation Engineer...
 
Hedland Variable Area Flow Meters
Hedland Variable Area Flow MetersHedland Variable Area Flow Meters
Hedland Variable Area Flow Meters
 
Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...
Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...
Reading Flow Meters With Revenue-Grade Accuracy Through Your SCADA, Telemetry...
 
Blancett Turbine Flow Meters
Blancett Turbine Flow MetersBlancett Turbine Flow Meters
Blancett Turbine Flow Meters
 

Ähnlich wie Reverse engineering android apps to instrument network calls with Smali

Tools/Processes for serious android app development
Tools/Processes for serious android app developmentTools/Processes for serious android app development
Tools/Processes for serious android app developmentGaurav Lochan
 
Javascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and BackboneJavascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and BackboneDeepu S Nath
 
TripCase Unit Testing with Jasmine
TripCase Unit Testing with JasmineTripCase Unit Testing with Jasmine
TripCase Unit Testing with JasmineStephen Pond
 
An Introduction to AngularJS
An Introduction to AngularJSAn Introduction to AngularJS
An Introduction to AngularJSFalk Hartmann
 
Ruby meetup 7_years_in_testing
Ruby meetup 7_years_in_testingRuby meetup 7_years_in_testing
Ruby meetup 7_years_in_testingDigital Natives
 
Use Ruby to Write (and Test) Your Next Android App
Use Ruby to Write (and Test) Your Next Android AppUse Ruby to Write (and Test) Your Next Android App
Use Ruby to Write (and Test) Your Next Android AppJoel Byler
 
Mobile development in 2020
Mobile development in 2020 Mobile development in 2020
Mobile development in 2020 Bogusz Jelinski
 
Google App Engine for Java
Google App Engine for JavaGoogle App Engine for Java
Google App Engine for JavaLars Vogel
 
Plugin-based software design with Ruby and RubyGems
Plugin-based software design with Ruby and RubyGemsPlugin-based software design with Ruby and RubyGems
Plugin-based software design with Ruby and RubyGemsSadayuki Furuhashi
 
OOP_chapter _1.pptx
OOP_chapter _1.pptxOOP_chapter _1.pptx
OOP_chapter _1.pptxAbdexAliyi
 
PERFORMANCE COMPARISON ON JAVA TECHNOLOGIES - A PRACTICAL APPROACH
PERFORMANCE COMPARISON ON JAVA TECHNOLOGIES - A PRACTICAL APPROACHPERFORMANCE COMPARISON ON JAVA TECHNOLOGIES - A PRACTICAL APPROACH
PERFORMANCE COMPARISON ON JAVA TECHNOLOGIES - A PRACTICAL APPROACHcscpconf
 
Performance comparison on java technologies a practical approach
Performance comparison on java technologies a practical approachPerformance comparison on java technologies a practical approach
Performance comparison on java technologies a practical approachcsandit
 
iOS Client Side Analysis
iOS Client Side AnalysisiOS Client Side Analysis
iOS Client Side AnalysisAadarsh N
 
Droid con 2013 workshop unit testing in android [robolectirc]
Droid con 2013 workshop unit testing in android [robolectirc]Droid con 2013 workshop unit testing in android [robolectirc]
Droid con 2013 workshop unit testing in android [robolectirc]Leena N
 
Towards SLA-based Scheduling on YARN Clusters
Towards SLA-based Scheduling on YARN ClustersTowards SLA-based Scheduling on YARN Clusters
Towards SLA-based Scheduling on YARN ClustersDataWorks Summit
 
Javascript Frameworks Comparison
Javascript Frameworks ComparisonJavascript Frameworks Comparison
Javascript Frameworks ComparisonDeepu S Nath
 
Introduction to Android Development Part 1
Introduction to Android Development Part 1Introduction to Android Development Part 1
Introduction to Android Development Part 1Kainda Kiniel Daka
 
Android For Java Developers
Android For Java DevelopersAndroid For Java Developers
Android For Java DevelopersMike Wolfson
 
Test automation
Test automationTest automation
Test automationXavier Yin
 

Ähnlich wie Reverse engineering android apps to instrument network calls with Smali (20)

Tools/Processes for serious android app development
Tools/Processes for serious android app developmentTools/Processes for serious android app development
Tools/Processes for serious android app development
 
Javascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and BackboneJavascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
Javascript Frameworks Comparison - Angular, Knockout, Ember and Backbone
 
TripCase Unit Testing with Jasmine
TripCase Unit Testing with JasmineTripCase Unit Testing with Jasmine
TripCase Unit Testing with Jasmine
 
An Introduction to AngularJS
An Introduction to AngularJSAn Introduction to AngularJS
An Introduction to AngularJS
 
Ruby meetup 7_years_in_testing
Ruby meetup 7_years_in_testingRuby meetup 7_years_in_testing
Ruby meetup 7_years_in_testing
 
Use Ruby to Write (and Test) Your Next Android App
Use Ruby to Write (and Test) Your Next Android AppUse Ruby to Write (and Test) Your Next Android App
Use Ruby to Write (and Test) Your Next Android App
 
Mobile development in 2020
Mobile development in 2020 Mobile development in 2020
Mobile development in 2020
 
Google App Engine for Java
Google App Engine for JavaGoogle App Engine for Java
Google App Engine for Java
 
PhpStorm for WordPress
PhpStorm for WordPressPhpStorm for WordPress
PhpStorm for WordPress
 
Plugin-based software design with Ruby and RubyGems
Plugin-based software design with Ruby and RubyGemsPlugin-based software design with Ruby and RubyGems
Plugin-based software design with Ruby and RubyGems
 
OOP_chapter _1.pptx
OOP_chapter _1.pptxOOP_chapter _1.pptx
OOP_chapter _1.pptx
 
PERFORMANCE COMPARISON ON JAVA TECHNOLOGIES - A PRACTICAL APPROACH
PERFORMANCE COMPARISON ON JAVA TECHNOLOGIES - A PRACTICAL APPROACHPERFORMANCE COMPARISON ON JAVA TECHNOLOGIES - A PRACTICAL APPROACH
PERFORMANCE COMPARISON ON JAVA TECHNOLOGIES - A PRACTICAL APPROACH
 
Performance comparison on java technologies a practical approach
Performance comparison on java technologies a practical approachPerformance comparison on java technologies a practical approach
Performance comparison on java technologies a practical approach
 
iOS Client Side Analysis
iOS Client Side AnalysisiOS Client Side Analysis
iOS Client Side Analysis
 
Droid con 2013 workshop unit testing in android [robolectirc]
Droid con 2013 workshop unit testing in android [robolectirc]Droid con 2013 workshop unit testing in android [robolectirc]
Droid con 2013 workshop unit testing in android [robolectirc]
 
Towards SLA-based Scheduling on YARN Clusters
Towards SLA-based Scheduling on YARN ClustersTowards SLA-based Scheduling on YARN Clusters
Towards SLA-based Scheduling on YARN Clusters
 
Javascript Frameworks Comparison
Javascript Frameworks ComparisonJavascript Frameworks Comparison
Javascript Frameworks Comparison
 
Introduction to Android Development Part 1
Introduction to Android Development Part 1Introduction to Android Development Part 1
Introduction to Android Development Part 1
 
Android For Java Developers
Android For Java DevelopersAndroid For Java Developers
Android For Java Developers
 
Test automation
Test automationTest automation
Test automation
 

Kürzlich hochgeladen

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 

Kürzlich hochgeladen (20)

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 

Reverse engineering android apps to instrument network calls with Smali

  • 1. Reverse engineering and instrumenting android apps Gaurav Lochan Little Eye Labs Friday 13 December 13
  • 2. Outline Motivation? Instrumentation Guts of an android app Instrumentation approaches Chosen approach Friday 13 December 13
  • 3. Motivation? Little Eye Measures, Analyzes and helps optimize app resource usage on Android. But network stats are aggregates only Friday 13 December 13
  • 4. Motivation (2) Needed granular network stats - each endpoint/URL, Latency, Data transferred Considered different approaches Implement a VPN client app Use a proxy Looked at OS stats - didn’t find anything Java debug wire protocol (JDWP) Instrumentation Friday 13 December 13
  • 5. Instrumentation ie, Rewriting parts of a binary (in this case, android app) Allows us to intercept HTTP calls, with code-level context (parameters, errors) for each call Works on any app Works on practically any android version/device Opens up a lot of exciting possibilities... Friday 13 December 13
  • 6. Instrumentation (2) Can be: Static or Runtime Examples Android Traceview (startMethodTracing) Android test automation framework iOS instruments Purify (Rational / IBM) JVM -javaagent option AspectJ Friday 13 December 13
  • 7. Guts of an app Friday 13 December 13
  • 8. classes.dx Dalvik is the custom android VM (different from JVM) Dex = Dalvik EXecutable format. It’s a custom bytecode format designed for android Build process: compile .java code into .class files dx converts each .class file into .dx representation, and stores them in the single classes.dx all ref’d library code also goes into classes.dex Friday 13 December 13
  • 9. Reverse engineering tools Smali (by JesusFreke) - dex disassembler ApkTool - decodes resources, repackage app dex2jar - disassembles dex to .class format JD-GUI - Decompiles .class into .java Androguard - Tool for deep analysis of android app ApkAnalyzer - Tool for analysis of app, also supports instrumentation of the app. Friday 13 December 13
  • 10. Smali: Before Friday 13 December 13
  • 11. Smali: After Friday 13 December 13
  • 14. Instrumentation Approaches Explored the following approaches on android Runtime Instrument .class files during build process Instrument .dex file Friday 13 December 13
  • 15. Runtime instrumentation A JVM allows this - pass in a java.lang.instrumentation (using the -javaagent flag) which can transform class at class-load time Dalvik doesn’t support this It supports passing in a android.app.instrumentation, but that has a limited set of methods, mostly for automated testing Friday 13 December 13
  • 16. Instrumenting .class files Considered modifying .class files, in two ways: Using the JavaAssist tool/library AspectJ Both are well understood tools, but need to be done at build time Requires a process change, plus not all of our users have access to the build (e.g. 3rd party QA team) Friday 13 December 13
  • 17. Instrumenting .dex file Found some tools - none of these looked solid enough dexpler - research project redexer - research project apkil - google summer of code project Tried dex2jar to convert .dx into .class - but this is not a reliable method. Fine for reading code (skip the failed conversions), but not for this use case. Friday 13 December 13
  • 18. Instrumenting .dex file (2) Smali A simple tool that decompiles the .dx into an intermediate format (also known as smali) This is well-used (e.g. ApkTool, ApkAnalyzer, and apkil use it) Active project, well supported by JesusFreke I disassemble an app, modified the smali code, and reassembled and repackaged, and it just worked! Friday 13 December 13
  • 19. Automating instrumentation Challenges: Need a way to find all the appropriate calls in the app to replace Need to do it without side-effects. Tried many approaches, JesusFreke pointed me to MutableMethod which did what i needed Called my approach Umbreyta (icelandic for transform). https://github.com/LittleEyeLabs/smali Friday 13 December 13