This is a live recording of a talk I gave at TROOPERS23 in Heidelburg, Germany. The presentation explores writing Android applications in purely native code to obfuscate app flowofcontrol. It also uses direct communication with the Android Binder to bypass traditional method invocations.
If you would like to follow along, the slides, tools, as well as additional references are hosted on my github page here:
https://github.com/LaurieWired/Androi...
Timestamps:
00:00 Intro
00:39 Analysis Materials
01:20 Agenda
02:30 Obfuscation Background
05:16 Purely Native Application
06:45 Finding the Entrypoint
08:36 Bypassing the Entrypoint
11:58 Masking the Entrypoint
15:55 Further Obfuscation
17:38 Java to C++ Translation
19:16 Hands On Translation
27:06 JNI Call Drawbacks
28:00 Hiding API Calls Via Binder
30:22 Bypassing Common Targets
32:20 Binder Invocation Backend
33:30 ServiceManager
35:00 Reflection
36:19 Finding Callable Services
38:34 Bound Invokable Services
40:26 Invocation via Binder (Hands On)
44:32 Invocation of Binder with C++
45:48 Test Time!
50:38 Success!
51:58 Further Steps
54:43 Questions?
laurieWIRED Twitter:
/ lauriewired
laurieWIRED Github:
https://github.com/LaurieWired
laurieWIRED Website:
http://lauriewired.com
laurieWIRED HN:
https://news.ycombinator.com/user?id=...
laurieWIRED Reddit:
/ lauriewired