CanSecWest: Security Masters Dojo Vancouver
Reversing for the JVM and Android
Register for the March 12-13, 2-day course Instructor(s):
Marc Schoenefeld
Description
This course will provide an introduction into theory and practice of reversing Java applications. We present the technical foundations for both the Java and Android runtime environments that are important for understanding unknown binaries. This includes learning about bytecode dialects and the degrees of freedom to protect content of deployed applications.
Hands-on challenges will introduce students to both sides of the game - especially tools for obfuscation, de-obfuscation, binary analysis, and de-compilation.
PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.
Topics:
Part 1: Background about the common technical foundations (approx 30% of course)- The Java Virtual Machine, introduction to Bytecode and the tool chain
- Practical aspects of manipulating and protecting information within Bytecode
- Best practices to find and identify content (such as outdated components, weak crypto, insecure updates)
- Working around obfuscation directly towards "needles in the haystack"
- Understanding bundled and self-contained applications
- Special aspects of JNI
- Samples and assessments to deepen the featured knowledge
- The Android ecosystem, understanding runtime engines from Dalvik to ART
- Identifying additional runtime environments (.NET/Mono, game engines)
- Recap of relevant knowledge from Part 1 for usage within Android App reversing
- Introduction to DEX Bytecode and obfuscation approaches
- Understanding information flows in Androids apps
- Drilling into APKs, understanding where to expect which artefacts
- Understanding Android native code and interaction with managed code
- Samples and Assessments to deepen the featured knowledge
Pre-requisies:
Being fluent in Java and Python will help students to complete the hands-on exercises in the expected timeframe.What you will need to bring:
This Dojo uses freely available software (e.g. Radare2) for binary analysis, but guidance is given on how to transfer these techniques to be re-used with commercial tools, such as IDA.
Students require a working Docker infrastructure on their laptop, and we provide a standardized environment to work with pre-configured tools and toys. Brave students can work in their host OS, but the mileage may vary. Several examples will require you to analyse apps directly from the Play Store. For that purpose students should have their (alternative) Play Store credentials available.