際際滷

際際滷Share a Scribd company logo

LinkedIn - Disassembling Dalvik Bytecode

A
Alain Leon

The document discusses disassembling Dalvik bytecode on Android. It begins by providing background on Android, Dalvik VM, APK files, DEX files, and JIT compilation. It then discusses ways to hack at different levels: using macros to automate games, intercepting REST traffic, analyzing APK/DEX files by decompiling them and modifying bytecode, analyzing and modifying shared object libraries, and disassembling machine code. The key steps outlined are decompiling DEX to Smali bytecode, applying changes, recompiling to an APK, installing on a device, and analyzing shared object libraries by disassembling to machine code.

1 of 27
Downloaded 12 times
Disassembling Dalvik Bytecode Alain Leon
Background
What is Android? Android is an operating system by Google that uses a Linux kernel and runs its applications on a VM, formerly known as Dalvik The programs that run on Android are packaged and distributed as APK files Inside each APK file, there is an executable DEX file which is what actually gets run when the program starts Android has the largest installed base of all operating systems of any kind
What is Dalvik? It¨s a VM but it¨s not the Java VM Register-based VM made more efficient when running on battery-powered, relatively low CPU/RAM smartphones You write Java source that compiles to Java bytecode which then gets translated to Dalvik bytecode Successor is Android Runtime (ART), introduced in KitKat (4.4+), completely replaced Dalvik in Lollipop (5.0+), which compiles-on-install rather than JIT
What is an APK? Android Package This is what you download and install from the Google Play store It¨s really just a zip file containing an app Holds the app¨s assets and Dalvik bytecode (in .dex or .odex format)
What is bytecode? Not machine code DEX = Dalvik Executable Intermediate found in Java .class files and Dalvik .dex files Translated between .dex and .class using the dx tool Machine code is only created at runtime by the Just-In-Time (JIT) compiler
What is JIT compilation? Mix between traditional ahead-of-time compiling and interpreting Machine code is generated during runtime Combines the speed of compiled code with the flexibility of interpretation At the cost of overhead of an interpreter + the additional overhead of compiling Allows for adaptive optimization such as dynamic recompilation Think re.compile() from Python
What is the Android NDK? Android Native Development Kit A set of tools that allow you to leverage C and C++ code in your Android apps Uses the Java Native Interface (JNI) to expose Java calls to underlying system Used by Cocos2d-x, game development tools written in C++ Cocos is compiled as a shared library and shipped inside the APK
Hacking at the Surface Level
Use a Macro to ^Bot ̄ the Game Was the goal of my last talk Use macros or scripts to automate some repeatable circuit to gain in-game currencies all day every day Prone to errors Slow, human level gain Too Bad It¨s Not Really That Cool
Hacking at the REST Level
Wireshark Sniff the traffic to and from an Android emulator Make a malicious imposter client Replay the get/put/posts using curl or python Fail: Google Play Services uses OAuth 2.0 Sends ephemeral Base64-URL-encoded token
LinkedIn - Disassembling Dalvik Bytecode
Hacking at the APK/DEX level
Get the APK Find on Google Play and use that URL at an APK Downloader website or Enable USB Debugging, install Android SDK, connect your smartphone and: adb shell pm list packages | grep khux adb shell pm path com.square_enix.android_googleplay.khuxww adb pull /data/app/com.square_enix.android_googleplay.khuxww-1/base.apk
DEX Bytecode Disassembling (Baksmaling) Two ways, recommend doing both: Directly: Convert to bytecode to a readable format (Baksmali, Jasmine, etc.) apktool d -f ^khux.apk ̄ -o smali Indirectly: Convert to Java first, then use Java¨s decompiling tools dex2jar -> Java Decompiler (JD-Core, JD-GUI, etc.)
Smali Dalvik Bytecode Representation
Apply Changes Change variables, convert to hex first! const/16 v0, 9bff Output variables to the Android log const-string v0, "grep_for_this_breh:" invoke-static {v0, p1}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
APK Reassembling apktool b -f smali/ -o khux_rekt.apk jarsigner (Android SDK) - sign the apk with your own keystore or.. https://github.com/appium/sign java -jar sign.jar modded.apk zipalign (Android SDK) - (optional) ensures that all uncompressed data starts with a particular alignment relative to the start of the file, reducing app¨s RAM footprint zipalign 4 modded.s.apk aligned.apk
Reinstall the APK Uninstall the original APK if it¨s still on the device Install the modded APK adb install aligned.apk Disable or uninstall Facebook if you¨re having problems with Facebook login Watch the logs adb logcat | grep grep_for_this_breh
Hacking at the Shared Object Level
Shared Object Analysis libcocos2dcpp.so was the only meaningful difference When diff tells you ^Binary files differ ̄, you can convert to hex and try again. xxd hacked.so > hacked.hex vimdiff hacked.hex unhacked.hex You can also try a byte-for-byte comparison cmp -l file1.so file2.so This prints out the line number of the changes and their differences in octal
LinkedIn - Disassembling Dalvik Bytecode
Machine Code Disassembly Get the Android NDK Find the right objdump for your architecture For Android smartphones, it¨s usually ARM little endian, arm-linux-androideabi /path/to/arch/objdump -d haxt.so > haxt.asm You can also use Hex-Keys IDA Pro (Interactive Disassembler) for multiarch disassembly
LinkedIn - Disassembling Dalvik Bytecode
Machine Code Decompilation Bring the .so all the way back up to the C level (Hex-Rays Decompiler) Vs. disassembling, it¨s more readable but it can be inaccurate and it takes much longer.
The End

Recommended

Understanding the Dalvik bytecode with the Dedexer tool
Understanding the Dalvik bytecode with the Dedexer toolUnderstanding the Dalvik bytecode with the Dedexer tool
Understanding the Dalvik bytecode with the Dedexer tool
Gabor Paller
?
Inc0gnito 2015 Android DEX Analysis Technique
Inc0gnito 2015 Android DEX Analysis TechniqueInc0gnito 2015 Android DEX Analysis Technique
Inc0gnito 2015 Android DEX Analysis Technique
?? ?
?
Dancing with dalvik
Dancing with dalvikDancing with dalvik
Dancing with dalvik
Thomas Richards
?
The dedexer disassembler
The dedexer disassemblerThe dedexer disassembler
The dedexer disassembler
Gabor Paller
?
How to implement a simple dalvik virtual machine
How to implement a simple dalvik virtual machineHow to implement a simple dalvik virtual machine
How to implement a simple dalvik virtual machine
Chun-Yu Wang
?
NDK Primer (Wearable DevCon 2014)
NDK Primer (Wearable DevCon 2014)NDK Primer (Wearable DevCon 2014)
NDK Primer (Wearable DevCon 2014)
Ron Munitz
?
Java 7 - New Features - by Mihail Stoynov and Svetlin Nakov
Java 7 - New Features - by Mihail Stoynov and Svetlin NakovJava 7 - New Features - by Mihail Stoynov and Svetlin Nakov
Java 7 - New Features - by Mihail Stoynov and Svetlin Nakov
Svetlin Nakov
?
In Vogue Dynamic
In Vogue DynamicIn Vogue Dynamic
In Vogue Dynamic
Alexander Shopov
?
Debugging Python with gdb
Debugging Python with gdbDebugging Python with gdb
Debugging Python with gdb
Roman Podoliaka
?
Introduction to llvm
Introduction to llvmIntroduction to llvm
Introduction to llvm
Tao He
?
I Know Kung Fu - Juggling Java Bytecode
I Know Kung Fu - Juggling Java BytecodeI Know Kung Fu - Juggling Java Bytecode
I Know Kung Fu - Juggling Java Bytecode
Alexander Shopov
?
Introduction to the LLVM Compiler System
Introduction to the LLVM Compiler SystemIntroduction to the LLVM Compiler System
Introduction to the LLVM Compiler System
zionsaint
?
???????, VM???: ?? ???? LLVM
???????, VM???: ?? ???? LLVM???????, VM???: ?? ???? LLVM
???????, VM???: ?? ???? LLVM
Jung Kim
?
LLVM
LLVMLLVM
LLVM
guest3e5046
?
LLVM Compiler - Link Time Optimization
LLVM Compiler - Link Time OptimizationLLVM Compiler - Link Time Optimization
LLVM Compiler - Link Time Optimization
Vivek Pansara
?
PHP Development Tools 2.0 - Success Story
PHP Development Tools 2.0 - Success StoryPHP Development Tools 2.0 - Success Story
PHP Development Tools 2.0 - Success Story
Michael Spector
?
Open arkcompiler
Open arkcompilerOpen arkcompiler
Open arkcompiler
yiwei yang
?
NDK Primer (AnDevCon Boston 2014)
NDK Primer (AnDevCon Boston 2014)NDK Primer (AnDevCon Boston 2014)
NDK Primer (AnDevCon Boston 2014)
Ron Munitz
?
Lifting The Veil - Reading Java Bytecode
Lifting The Veil - Reading Java BytecodeLifting The Veil - Reading Java Bytecode
Lifting The Veil - Reading Java Bytecode
Alexander Shopov
?
Lifting The Veil - Reading Java Bytecode During Lunchtime
Lifting The Veil - Reading Java Bytecode During LunchtimeLifting The Veil - Reading Java Bytecode During Lunchtime
Lifting The Veil - Reading Java Bytecode During Lunchtime
Alexander Shopov
?
Specialized Compiler for Hash Cracking
Specialized Compiler for Hash CrackingSpecialized Compiler for Hash Cracking
Specialized Compiler for Hash Cracking
Positive Hack Days
?
(COSCUP 2015) A Beginner's Journey to Mozilla SpiderMonkey JS Engine
(COSCUP 2015) A Beginner's Journey to Mozilla SpiderMonkey JS Engine(COSCUP 2015) A Beginner's Journey to Mozilla SpiderMonkey JS Engine
(COSCUP 2015) A Beginner's Journey to Mozilla SpiderMonkey JS Engine
ZongXian Shen
?
C++ CoreHard Autumn 2018. Создание пакетов для открытых библиотек через conan...
C++ CoreHard Autumn 2018. Создание пакетов для открытых библиотек через conan...C++ CoreHard Autumn 2018. Создание пакетов для открытых библиотек через conan...
C++ CoreHard Autumn 2018. Создание пакетов для открытых библиотек через conan...
corehard_by
?
Toward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malwareToward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malware
ZongXian Shen
?
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ZongXian Shen
?
Part II: LLVM Intermediate Representation
Part II: LLVM Intermediate RepresentationPart II: LLVM Intermediate Representation
Part II: LLVM Intermediate Representation
Wei-Ren Chen
?
音侮音\ァ低JR LLVM (Found LLVM in your life)
音侮音\ァ低JR LLVM (Found LLVM in your life)音侮音\ァ低JR LLVM (Found LLVM in your life)
音侮音\ァ低JR LLVM (Found LLVM in your life)
Douglas Chen
?
C++ programming
C++ programmingC++ programming
C++ programming
Emertxe Information Technologies Pvt Ltd
?
Let's talk about jni
Let's talk about jniLet's talk about jni
Let's talk about jni
Yongqiang Li
?
Android internals 05 - Dalvik VM (rev_1.1)
Android internals 05 - Dalvik VM (rev_1.1)Android internals 05 - Dalvik VM (rev_1.1)
Android internals 05 - Dalvik VM (rev_1.1)
Egor Elizarov
?

More Related Content

What's hot (20)

Debugging Python with gdb
Debugging Python with gdbDebugging Python with gdb
Debugging Python with gdb
Roman Podoliaka
?
Introduction to llvm
Introduction to llvmIntroduction to llvm
Introduction to llvm
Tao He
?
I Know Kung Fu - Juggling Java Bytecode
I Know Kung Fu - Juggling Java BytecodeI Know Kung Fu - Juggling Java Bytecode
I Know Kung Fu - Juggling Java Bytecode
Alexander Shopov
?
Introduction to the LLVM Compiler System
Introduction to the LLVM Compiler SystemIntroduction to the LLVM Compiler System
Introduction to the LLVM Compiler System
zionsaint
?
???????, VM???: ?? ???? LLVM
???????, VM???: ?? ???? LLVM???????, VM???: ?? ???? LLVM
???????, VM???: ?? ???? LLVM
Jung Kim
?
LLVM
LLVMLLVM
LLVM
guest3e5046
?
LLVM Compiler - Link Time Optimization
LLVM Compiler - Link Time OptimizationLLVM Compiler - Link Time Optimization
LLVM Compiler - Link Time Optimization
Vivek Pansara
?
PHP Development Tools 2.0 - Success Story
PHP Development Tools 2.0 - Success StoryPHP Development Tools 2.0 - Success Story
PHP Development Tools 2.0 - Success Story
Michael Spector
?
Open arkcompiler
Open arkcompilerOpen arkcompiler
Open arkcompiler
yiwei yang
?
NDK Primer (AnDevCon Boston 2014)
NDK Primer (AnDevCon Boston 2014)NDK Primer (AnDevCon Boston 2014)
NDK Primer (AnDevCon Boston 2014)
Ron Munitz
?
Lifting The Veil - Reading Java Bytecode
Lifting The Veil - Reading Java BytecodeLifting The Veil - Reading Java Bytecode
Lifting The Veil - Reading Java Bytecode
Alexander Shopov
?
Lifting The Veil - Reading Java Bytecode During Lunchtime
Lifting The Veil - Reading Java Bytecode During LunchtimeLifting The Veil - Reading Java Bytecode During Lunchtime
Lifting The Veil - Reading Java Bytecode During Lunchtime
Alexander Shopov
?
Specialized Compiler for Hash Cracking
Specialized Compiler for Hash CrackingSpecialized Compiler for Hash Cracking
Specialized Compiler for Hash Cracking
Positive Hack Days
?
(COSCUP 2015) A Beginner's Journey to Mozilla SpiderMonkey JS Engine
(COSCUP 2015) A Beginner's Journey to Mozilla SpiderMonkey JS Engine(COSCUP 2015) A Beginner's Journey to Mozilla SpiderMonkey JS Engine
(COSCUP 2015) A Beginner's Journey to Mozilla SpiderMonkey JS Engine
ZongXian Shen
?
C++ CoreHard Autumn 2018. Создание пакетов для открытых библиотек через conan...
C++ CoreHard Autumn 2018. Создание пакетов для открытых библиотек через conan...C++ CoreHard Autumn 2018. Создание пакетов для открытых библиотек через conan...
C++ CoreHard Autumn 2018. Создание пакетов для открытых библиотек через conan...
corehard_by
?
Toward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malwareToward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malware
ZongXian Shen
?
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ZongXian Shen
?
Part II: LLVM Intermediate Representation
Part II: LLVM Intermediate RepresentationPart II: LLVM Intermediate Representation
Part II: LLVM Intermediate Representation
Wei-Ren Chen
?
音侮音\ァ低JR LLVM (Found LLVM in your life)
音侮音\ァ低JR LLVM (Found LLVM in your life)音侮音\ァ低JR LLVM (Found LLVM in your life)
音侮音\ァ低JR LLVM (Found LLVM in your life)
Douglas Chen
?
C++ programming
C++ programmingC++ programming
C++ programming
Emertxe Information Technologies Pvt Ltd
?
Debugging Python with gdb
Debugging Python with gdbDebugging Python with gdb
Debugging Python with gdb
Roman Podoliaka
?
Introduction to llvm
Introduction to llvmIntroduction to llvm
Introduction to llvm
Tao He
?
I Know Kung Fu - Juggling Java Bytecode
I Know Kung Fu - Juggling Java BytecodeI Know Kung Fu - Juggling Java Bytecode
I Know Kung Fu - Juggling Java Bytecode
Alexander Shopov
?
Introduction to the LLVM Compiler System
Introduction to the LLVM Compiler SystemIntroduction to the LLVM Compiler System
Introduction to the LLVM Compiler System
zionsaint
?
???????, VM???: ?? ???? LLVM
???????, VM???: ?? ???? LLVM???????, VM???: ?? ???? LLVM
???????, VM???: ?? ???? LLVM
Jung Kim
?
LLVM
LLVMLLVM
LLVM
guest3e5046
?
LLVM Compiler - Link Time Optimization
LLVM Compiler - Link Time OptimizationLLVM Compiler - Link Time Optimization
LLVM Compiler - Link Time Optimization
Vivek Pansara
?
PHP Development Tools 2.0 - Success Story
PHP Development Tools 2.0 - Success StoryPHP Development Tools 2.0 - Success Story
PHP Development Tools 2.0 - Success Story
Michael Spector
?
Open arkcompiler
Open arkcompilerOpen arkcompiler
Open arkcompiler
yiwei yang
?
NDK Primer (AnDevCon Boston 2014)
NDK Primer (AnDevCon Boston 2014)NDK Primer (AnDevCon Boston 2014)
NDK Primer (AnDevCon Boston 2014)
Ron Munitz
?
Lifting The Veil - Reading Java Bytecode
Lifting The Veil - Reading Java BytecodeLifting The Veil - Reading Java Bytecode
Lifting The Veil - Reading Java Bytecode
Alexander Shopov
?
Lifting The Veil - Reading Java Bytecode During Lunchtime
Lifting The Veil - Reading Java Bytecode During LunchtimeLifting The Veil - Reading Java Bytecode During Lunchtime
Lifting The Veil - Reading Java Bytecode During Lunchtime
Alexander Shopov
?
Specialized Compiler for Hash Cracking
Specialized Compiler for Hash CrackingSpecialized Compiler for Hash Cracking
Specialized Compiler for Hash Cracking
Positive Hack Days
?
(COSCUP 2015) A Beginner's Journey to Mozilla SpiderMonkey JS Engine
(COSCUP 2015) A Beginner's Journey to Mozilla SpiderMonkey JS Engine(COSCUP 2015) A Beginner's Journey to Mozilla SpiderMonkey JS Engine
(COSCUP 2015) A Beginner's Journey to Mozilla SpiderMonkey JS Engine
ZongXian Shen
?
C++ CoreHard Autumn 2018. Создание пакетов для открытых библиотек через conan...
C++ CoreHard Autumn 2018. Создание пакетов для открытых библиотек через conan...C++ CoreHard Autumn 2018. Создание пакетов для открытых библиотек через conan...
C++ CoreHard Autumn 2018. Создание пакетов для открытых библиотек через conan...
corehard_by
?
Toward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malwareToward dynamic analysis of obfuscated android malware
Toward dynamic analysis of obfuscated android malware
ZongXian Shen
?
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ZongXian Shen
?
Part II: LLVM Intermediate Representation
Part II: LLVM Intermediate RepresentationPart II: LLVM Intermediate Representation
Part II: LLVM Intermediate Representation
Wei-Ren Chen
?
音侮音\ァ低JR LLVM (Found LLVM in your life)
音侮音\ァ低JR LLVM (Found LLVM in your life)音侮音\ァ低JR LLVM (Found LLVM in your life)
音侮音\ァ低JR LLVM (Found LLVM in your life)
Douglas Chen
?
C++ programming
C++ programmingC++ programming
C++ programming
Emertxe Information Technologies Pvt Ltd
?

Viewers also liked (18)

Let's talk about jni
Let's talk about jniLet's talk about jni
Let's talk about jni
Yongqiang Li
?
Android internals 05 - Dalvik VM (rev_1.1)
Android internals 05 - Dalvik VM (rev_1.1)Android internals 05 - Dalvik VM (rev_1.1)
Android internals 05 - Dalvik VM (rev_1.1)
Egor Elizarov
?
Understanding the Dalvik Virtual Machine
Understanding the Dalvik Virtual MachineUnderstanding the Dalvik Virtual Machine
Understanding the Dalvik Virtual Machine
National Cheng Kung University
?
Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)
ClubHack
?
皆馨温鉛庄囂隈
皆馨温鉛庄囂隈皆馨温鉛庄囂隈
皆馨温鉛庄囂隈
xiaoshan8743
?
Reverse engineering android apps
Reverse engineering android appsReverse engineering android apps
Reverse engineering android apps
Pranay Airan
?
Toward Reverse Engineering of VBA Based Excel Spreadsheets Applications
Toward Reverse Engineering of VBA Based Excel Spreadsheets ApplicationsToward Reverse Engineering of VBA Based Excel Spreadsheets Applications
Toward Reverse Engineering of VBA Based Excel Spreadsheets Applications
REvERSE University of Naples Federico II
?
Reverse Engineering Android Application
Reverse Engineering Android ApplicationReverse Engineering Android Application
Reverse Engineering Android Application
n|u - The Open Security Community
?
Reverse Engineering .NET and Java
Reverse Engineering .NET and JavaReverse Engineering .NET and Java
Reverse Engineering .NET and Java
Joe Kuemerle
?
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skype
M│rio Almeida
?
Android JNI
Android JNIAndroid JNI
Android JNI
Siva Ramakrishna kv
?
How to reverse engineer Android applications!using a popular word game as an ...
How to reverse engineer Android applications!using a popular word game as an ...How to reverse engineer Android applications!using a popular word game as an ...
How to reverse engineer Android applications!using a popular word game as an ...
Christoph Matthies
?
Garbage Collection of Java VM
Garbage Collection of Java VMGarbage Collection of Java VM
Garbage Collection of Java VM
Yongqiang Li
?
Practice of Android Reverse Engineering
Practice of Android Reverse EngineeringPractice of Android Reverse Engineering
Practice of Android Reverse Engineering
National Cheng Kung University
?
Learning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorialLearning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorial
Landice Fu
?
Inside Android's Dalvik VM - NEJUG Nov 2011
Inside Android's Dalvik VM - NEJUG Nov 2011Inside Android's Dalvik VM - NEJUG Nov 2011
Inside Android's Dalvik VM - NEJUG Nov 2011
Doug Hawkins
?
Google ART (Android RunTime)
Google ART (Android RunTime)Google ART (Android RunTime)
Google ART (Android RunTime)
Niraj Solanke
?
IEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationIEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android Application
Rufatet Babakishiyev
?
Let's talk about jni
Let's talk about jniLet's talk about jni
Let's talk about jni
Yongqiang Li
?
Android internals 05 - Dalvik VM (rev_1.1)
Android internals 05 - Dalvik VM (rev_1.1)Android internals 05 - Dalvik VM (rev_1.1)
Android internals 05 - Dalvik VM (rev_1.1)
Egor Elizarov
?
Understanding the Dalvik Virtual Machine
Understanding the Dalvik Virtual MachineUnderstanding the Dalvik Virtual Machine
Understanding the Dalvik Virtual Machine
National Cheng Kung University
?
Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)
ClubHack
?
皆馨温鉛庄囂隈
皆馨温鉛庄囂隈皆馨温鉛庄囂隈
皆馨温鉛庄囂隈
xiaoshan8743
?
Reverse engineering android apps
Reverse engineering android appsReverse engineering android apps
Reverse engineering android apps
Pranay Airan
?
Toward Reverse Engineering of VBA Based Excel Spreadsheets Applications
Toward Reverse Engineering of VBA Based Excel Spreadsheets ApplicationsToward Reverse Engineering of VBA Based Excel Spreadsheets Applications
Toward Reverse Engineering of VBA Based Excel Spreadsheets Applications
REvERSE University of Naples Federico II
?
Reverse Engineering Android Application
Reverse Engineering Android ApplicationReverse Engineering Android Application
Reverse Engineering Android Application
n|u - The Open Security Community
?
Reverse Engineering .NET and Java
Reverse Engineering .NET and JavaReverse Engineering .NET and Java
Reverse Engineering .NET and Java
Joe Kuemerle
?
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skype
M│rio Almeida
?
Android JNI
Android JNIAndroid JNI
Android JNI
Siva Ramakrishna kv
?
How to reverse engineer Android applications!using a popular word game as an ...
How to reverse engineer Android applications!using a popular word game as an ...How to reverse engineer Android applications!using a popular word game as an ...
How to reverse engineer Android applications!using a popular word game as an ...
Christoph Matthies
?
Garbage Collection of Java VM
Garbage Collection of Java VMGarbage Collection of Java VM
Garbage Collection of Java VM
Yongqiang Li
?
Practice of Android Reverse Engineering
Practice of Android Reverse EngineeringPractice of Android Reverse Engineering
Practice of Android Reverse Engineering
National Cheng Kung University
?
Learning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorialLearning by hacking - android application hacking tutorial
Learning by hacking - android application hacking tutorial
Landice Fu
?
Inside Android's Dalvik VM - NEJUG Nov 2011
Inside Android's Dalvik VM - NEJUG Nov 2011Inside Android's Dalvik VM - NEJUG Nov 2011
Inside Android's Dalvik VM - NEJUG Nov 2011
Doug Hawkins
?
Google ART (Android RunTime)
Google ART (Android RunTime)Google ART (Android RunTime)
Google ART (Android RunTime)
Niraj Solanke
?
IEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationIEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android Application
Rufatet Babakishiyev
?

Similar to LinkedIn - Disassembling Dalvik Bytecode (20)

Advance Android Application Development
Advance Android Application DevelopmentAdvance Android Application Development
Advance Android Application Development
Ramesh Prasad
?
lecture-2-android-dev.pdf
lecture-2-android-dev.pdflecture-2-android-dev.pdf
lecture-2-android-dev.pdf
jakjak36
?
Introduction to the Android NDK
Introduction to the Android NDKIntroduction to the Android NDK
Introduction to the Android NDK
Sebastian Mauer
?
Mobile development in 2020
Mobile development in 2020 Mobile development in 2020
Mobile development in 2020
Bogusz Jelinski
?
Getting started with the NDK
Getting started with the NDKGetting started with the NDK
Getting started with the NDK
Kirill Kounik
?
Android Development
Android DevelopmentAndroid Development
Android Development
John Mark ジョンマ`ク
?
Alternatives to Java for Android development
Alternatives to Java for Android developmentAlternatives to Java for Android development
Alternatives to Java for Android development
ttogrul
?
To?rul Ta??yev - M┨xt?lif dill?rd? Android proqramla?d?rma
To?rul Ta??yev - M┨xt?lif dill?rd? Android proqramla?d?rmaTo?rul Ta??yev - M┨xt?lif dill?rd? Android proqramla?d?rma
To?rul Ta??yev - M┨xt?lif dill?rd? Android proqramla?d?rma
Farhad
?
To?rul Ta??yev - M┨xt?lif dill?rd? Android proqramla?d?rma
To?rul Ta??yev - M┨xt?lif dill?rd? Android proqramla?d?rmaTo?rul Ta??yev - M┨xt?lif dill?rd? Android proqramla?d?rma
To?rul Ta??yev - M┨xt?lif dill?rd? Android proqramla?d?rma
Farhad
?
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
viaForensics
?
Alternatives to Java for Android development
Alternatives to Java for Android developmentAlternatives to Java for Android development
Alternatives to Java for Android development
ttogrul
?
Getting Native with NDK
Getting Native with NDKGetting Native with NDK
Getting Native with NDK
ナム-Nam Nguy?n
?
Using the android ndk - DroidCon Paris 2014
Using the android ndk - DroidCon Paris 2014Using the android ndk - DroidCon Paris 2014
Using the android ndk - DroidCon Paris 2014
Paris Android User Group
?
Manish Chasta - Securing Android Applications
Manish Chasta - Securing Android ApplicationsManish Chasta - Securing Android Applications
Manish Chasta - Securing Android Applications
Positive Hack Days
?
Droidcon uk2012 androvm
Droidcon uk2012 androvmDroidcon uk2012 androvm
Droidcon uk2012 androvm
dfages
?
Calc app
Calc appCalc app
Calc app
Asad Ullah YousufZai
?
OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...
OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...
OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...
Paris Open Source Summit
?
Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011
pundiramit
?
Introduction to the Android NDK
Introduction to the Android NDKIntroduction to the Android NDK
Introduction to the Android NDK
BeMyApp
?
Android_Studio_Structure.docx
Android_Studio_Structure.docxAndroid_Studio_Structure.docx
Android_Studio_Structure.docx
KNANTHINIMCA
?
Advance Android Application Development
Advance Android Application DevelopmentAdvance Android Application Development
Advance Android Application Development
Ramesh Prasad
?
lecture-2-android-dev.pdf
lecture-2-android-dev.pdflecture-2-android-dev.pdf
lecture-2-android-dev.pdf
jakjak36
?
Introduction to the Android NDK
Introduction to the Android NDKIntroduction to the Android NDK
Introduction to the Android NDK
Sebastian Mauer
?
Mobile development in 2020
Mobile development in 2020 Mobile development in 2020
Mobile development in 2020
Bogusz Jelinski
?
Getting started with the NDK
Getting started with the NDKGetting started with the NDK
Getting started with the NDK
Kirill Kounik
?
Android Development
Android DevelopmentAndroid Development
Android Development
John Mark ジョンマ`ク
?
Alternatives to Java for Android development
Alternatives to Java for Android developmentAlternatives to Java for Android development
Alternatives to Java for Android development
ttogrul
?
To?rul Ta??yev - M┨xt?lif dill?rd? Android proqramla?d?rma
To?rul Ta??yev - M┨xt?lif dill?rd? Android proqramla?d?rmaTo?rul Ta??yev - M┨xt?lif dill?rd? Android proqramla?d?rma
To?rul Ta??yev - M┨xt?lif dill?rd? Android proqramla?d?rma
Farhad
?
To?rul Ta??yev - M┨xt?lif dill?rd? Android proqramla?d?rma
To?rul Ta??yev - M┨xt?lif dill?rd? Android proqramla?d?rmaTo?rul Ta??yev - M┨xt?lif dill?rd? Android proqramla?d?rma
To?rul Ta??yev - M┨xt?lif dill?rd? Android proqramla?d?rma
Farhad
?
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
Beginners guide-to-reverse-engineering-android-apps-pau-oliva-fora-viaforensi...
viaForensics
?
Alternatives to Java for Android development
Alternatives to Java for Android developmentAlternatives to Java for Android development
Alternatives to Java for Android development
ttogrul
?
Getting Native with NDK
Getting Native with NDKGetting Native with NDK
Getting Native with NDK
ナム-Nam Nguy?n
?
Using the android ndk - DroidCon Paris 2014
Using the android ndk - DroidCon Paris 2014Using the android ndk - DroidCon Paris 2014
Using the android ndk - DroidCon Paris 2014
Paris Android User Group
?
Manish Chasta - Securing Android Applications
Manish Chasta - Securing Android ApplicationsManish Chasta - Securing Android Applications
Manish Chasta - Securing Android Applications
Positive Hack Days
?
Droidcon uk2012 androvm
Droidcon uk2012 androvmDroidcon uk2012 androvm
Droidcon uk2012 androvm
dfages
?
Calc app
Calc appCalc app
Calc app
Asad Ullah YousufZai
?
OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...
OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...
OWF12/PAUG Conf Days Alternative to google's android emulator, daniel fages, ...
Paris Open Source Summit
?
Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011
pundiramit
?
Introduction to the Android NDK
Introduction to the Android NDKIntroduction to the Android NDK
Introduction to the Android NDK
BeMyApp
?
Android_Studio_Structure.docx
Android_Studio_Structure.docxAndroid_Studio_Structure.docx
Android_Studio_Structure.docx
KNANTHINIMCA
?

LinkedIn - Disassembling Dalvik Bytecode

  • 3. What is Android? Android is an operating system by Google that uses a Linux kernel and runs its applications on a VM, formerly known as Dalvik The programs that run on Android are packaged and distributed as APK files Inside each APK file, there is an executable DEX file which is what actually gets run when the program starts Android has the largest installed base of all operating systems of any kind
  • 4. What is Dalvik? It¨s a VM but it¨s not the Java VM Register-based VM made more efficient when running on battery-powered, relatively low CPU/RAM smartphones You write Java source that compiles to Java bytecode which then gets translated to Dalvik bytecode Successor is Android Runtime (ART), introduced in KitKat (4.4+), completely replaced Dalvik in Lollipop (5.0+), which compiles-on-install rather than JIT
  • 5. What is an APK? Android Package This is what you download and install from the Google Play store It¨s really just a zip file containing an app Holds the app¨s assets and Dalvik bytecode (in .dex or .odex format)
  • 6. What is bytecode? Not machine code DEX = Dalvik Executable Intermediate found in Java .class files and Dalvik .dex files Translated between .dex and .class using the dx tool Machine code is only created at runtime by the Just-In-Time (JIT) compiler
  • 7. What is JIT compilation? Mix between traditional ahead-of-time compiling and interpreting Machine code is generated during runtime Combines the speed of compiled code with the flexibility of interpretation At the cost of overhead of an interpreter + the additional overhead of compiling Allows for adaptive optimization such as dynamic recompilation Think re.compile() from Python
  • 8. What is the Android NDK? Android Native Development Kit A set of tools that allow you to leverage C and C++ code in your Android apps Uses the Java Native Interface (JNI) to expose Java calls to underlying system Used by Cocos2d-x, game development tools written in C++ Cocos is compiled as a shared library and shipped inside the APK
  • 9. Hacking at the Surface Level
  • 10. Use a Macro to ^Bot ̄ the Game Was the goal of my last talk Use macros or scripts to automate some repeatable circuit to gain in-game currencies all day every day Prone to errors Slow, human level gain Too Bad It¨s Not Really That Cool
  • 11. Hacking at the REST Level
  • 12. Wireshark Sniff the traffic to and from an Android emulator Make a malicious imposter client Replay the get/put/posts using curl or python Fail: Google Play Services uses OAuth 2.0 Sends ephemeral Base64-URL-encoded token
  • 14. Hacking at the APK/DEX level
  • 15. Get the APK Find on Google Play and use that URL at an APK Downloader website or Enable USB Debugging, install Android SDK, connect your smartphone and: adb shell pm list packages | grep khux adb shell pm path com.square_enix.android_googleplay.khuxww adb pull /data/app/com.square_enix.android_googleplay.khuxww-1/base.apk
  • 16. DEX Bytecode Disassembling (Baksmaling) Two ways, recommend doing both: Directly: Convert to bytecode to a readable format (Baksmali, Jasmine, etc.) apktool d -f ^khux.apk ̄ -o smali Indirectly: Convert to Java first, then use Java¨s decompiling tools dex2jar -> Java Decompiler (JD-Core, JD-GUI, etc.)
  • 17. Smali Dalvik Bytecode Representation
  • 18. Apply Changes Change variables, convert to hex first! const/16 v0, 9bff Output variables to the Android log const-string v0, "grep_for_this_breh:" invoke-static {v0, p1}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
  • 19. APK Reassembling apktool b -f smali/ -o khux_rekt.apk jarsigner (Android SDK) - sign the apk with your own keystore or.. https://github.com/appium/sign java -jar sign.jar modded.apk zipalign (Android SDK) - (optional) ensures that all uncompressed data starts with a particular alignment relative to the start of the file, reducing app¨s RAM footprint zipalign 4 modded.s.apk aligned.apk
  • 20. Reinstall the APK Uninstall the original APK if it¨s still on the device Install the modded APK adb install aligned.apk Disable or uninstall Facebook if you¨re having problems with Facebook login Watch the logs adb logcat | grep grep_for_this_breh
  • 21. Hacking at the Shared Object Level
  • 22. Shared Object Analysis libcocos2dcpp.so was the only meaningful difference When diff tells you ^Binary files differ ̄, you can convert to hex and try again. xxd hacked.so > hacked.hex vimdiff hacked.hex unhacked.hex You can also try a byte-for-byte comparison cmp -l file1.so file2.so This prints out the line number of the changes and their differences in octal
  • 24. Machine Code Disassembly Get the Android NDK Find the right objdump for your architecture For Android smartphones, it¨s usually ARM little endian, arm-linux-androideabi /path/to/arch/objdump -d haxt.so > haxt.asm You can also use Hex-Keys IDA Pro (Interactive Disassembler) for multiarch disassembly
  • 26. Machine Code Decompilation Bring the .so all the way back up to the C level (Hex-Rays Decompiler) Vs. disassembling, it¨s more readable but it can be inaccurate and it takes much longer.
AboutCopyright
? 2025 際際滷