Annual Computer Security Applications Conference 2015

Full Program »

M2. Introduction to Android Reversing

Monday, 7 December 2015
08:30 - 12:00

Salon 6B

[This is a full day session.]

Ever wonder, “How did they do that?” for an app on your phone? Some cool functionality and you want to know how it works! Or maybe you need to know the effects of some malicious software such as, “Did it upload your data?” “Capture your password?” “Corrupt your files?”

This course introduces you to reverse engineering Android applications. I demonstrate how to create and install programs on Android devices and emulators using basic applications as examples. Then we’ll explore the phone with the Android Debug Bridge (ADB) illustrating the various capabilities and techniques you can use to debug your applications. Of course, debugging is great when you have source code but what if you don’t? So we’ll learn about the Dalvik virtual machine and the byte code it executes. Using 3rd party tools available online for free, I’ll show you how to do a static analysis by decompiling the applications and examining the smali byte code. Finally, we’ll do a dynamic analysis using an advanced technique to hijack an application’s functions during execution. We can view relevant data before/after a function call during the execution of the application for even better comprehension.

Prerequisites. None.

Outline:

  1. Introduction to Developing Android Applications     
    • A Simple Application –Using Android Studio to make your phone smarter
    • Testing and Debugging a Simple Application using an Emulator
    • Running the Application on your phone
  2. Debugging using Android Debug Bridge (ADB)
    • Enabling ADB Debugging
    • ADB Commands
    • Transferring Files
  3. Decompiling with APKTool
    • The Dalvik Virtual Machine
    • Decompiling an Android Application
    • Reading and Analyzing the smali code
  4. Dynamic Hijacking of Android Apps for Analysis
    • Hijacking Tool
    • Getting the Input Data
    • Getting the Output Data

About the Instructor:

John Ortiz is currently a senior computer engineering consultant for Harris Global Communications Systems, applying his reverse engineering skills to various malicious applications. Prior to that he developed defensive tools to protect the Air Force’s internal networks and researched novel techniques to solve practical cyber security problems. Included are autonomous network traffic analysis, malware analysis, security testing and forensics. Prior to working at Harris, he spent 5 years at SRA International and 5 years at General Dynamics developing various defense related software, researching data hiding techniques, and analyzing malware.

Mr. Ortiz also teaches at the University of Texas at San Antonio for the Computer Science and Electrical and Computer Engineering Departments. He teaches a broad spectrum of courses including microcomputers, microelectronic circuits, solid state device physics, C++ and Data Structures, steganography, and recently, reverse engineering. Additionally, Mr. Ortiz developed Steganography and Reverse Engineering courses specifically for UTSA. Steganography covers a broad spectrum of data hiding techniques in both the spatial and transform domains. Additionally, Mr. Ortiz developed several steganographic programs for testing and analysis. The Reverse Engineering course covers Intel x86 and the use of various tools to analyze application programs.

Prior to working in the private sector, Mr. Ortiz served in the U.S. Air Force for 12 years as a communications officer. In this role he developed and maintained database software, managed various Air Force missions, and taught a 7 week network course.

Mr. Ortiz holds two master’s degrees from the Air Force Institute of Technology, one in Electrical Engineering and one in Computer Engineering and a BSEE from Rose-Hulman Institute of Technology.

 

 

Powered by OpenConf®
Copyright©2002-2015 Zakon Group LLC