2. #Whoami
• 6+ years of experience in Information technology
• Security consultant in NotSoSecure, Developer
3. Agenda
• What is Static analysis?
• How to do Static analysis?
• Extra layer security bypass techniques
• Smali debgging
• Frida - Dynamic instrumentation framework
4. Android Menifest checks
Exported activities, content
providers, broadcast
receivers, services
debuggable flag is true
(debuggable="true")
bakcup flag is true
(allowBackup="true")
Sensitive information in
application source code (
Encyption Keys, API Keys,
Credentials)
5. Static Analysis
Senstive information in
logs
using Logcat tool
Sensitive information in
memory
(DDMS, Frida)
Sesnsitive information in
application local storage
(SharedPrefernce xml, sqlite
database etc.)
6. Common Tools Used
• MobSF
• drozer
• Inspackage
• Exposed framework
• SSLUnpinning
7. Extra layer of security
• Root detection
• Exposed framework detection
• SSL Pinning
• Source Code obfuscation
• Integrity checks
• Hashing/Encryption in Request/Response
8. Smali debugging
• Powerful technique to bypass client side checks
• Tools
• Android studio
• smalidea android studio plugin
• Android enulator / mobile device
• Knowledge of Java programming langauge
Demo
9. Frida
• It's a dynamic instrumentation framework
• Which allow us to write custom script
• Language supported
• Javascript
• python
• C
• etc...
• To hijack the function call
• More about Frida
• https://www.frida.re/docs/android/
Demo
10. Fridump
• Open source memory dumping tool
• Primarily aimed to penetration testers and developers
• It can be used from
• Windows
• Linux
• Mac OS X system
• To dump the memory of
• iOS
• Android
• Windows application.
Demo