Why are Frida and QBDI a Great Blend on Android?
Action | Key |
---|---|
Play / Pause | K or space |
Mute / Unmute | M |
Toggle fullscreen mode | F |
Select next subtitles | C |
Select next audio track | A |
Show slide in full page or toggle automatic source change | V |
Seek 5s backward | left arrow |
Seek 5s forward | right arrow |
Seek 10s backward | shift + left arrow or J |
Seek 10s forward | shift + right arrow or L |
Seek 60s backward | control + left arrow |
Seek 60s forward | control + right arrow |
Decrease volume | shift + down arrow |
Increase volume | shift + up arrow |
Decrease playback rate | < |
Increase playback rate | > |
Seek to end | end |
Seek to beginning | beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
Reverse engineering of Android applications is usually considered as somewhat effortless because of the possibility of retrieving the Java representation of the application’s code. An attacker is basically able to read through a human-readable version of the code in order to quickly extract the intellectual property, gather some assets, find vulnerabilities and so on. Nowadays, most of the Android application editors are aware of this weakness and try their best to make reverse engineers’ work harder. They often rely on integrating obfuscation strategies or shifting sensitive features from Java/Kotlin side to native code thanks to Java Native Interface (shortened JNI). However, the reverse engineering process gets much more complex when they decide to use both – that is, obfuscated native code. As a result, statically looking into the native library’s disassembly turns out to be pretty tedious and time-consuming. Fortunately, inspection at runtime is still possible and offers a convenient way to efficiently grasp the inner mechanisms of the application, even over obfuscation. Since protections against regular debuggers are quite common among popular applications, using a Dynamic Binary Instrumentation (DBI) framework such as Frida, remains a great option for a thorough examination. Technically speaking, Frida allows users to inject their own code at the beginning and the end of a native function or replace the whole implementation. Though, Frida lacks granularity at some point, especially when it comes to inspecting the execution at the instruction scale. In this context, QBDI, a DBI framework we have developed at Quarkslab, can give Frida a hand determining which parts of the code have been executed when calling a given native function. This talk aims to present how Frida and QBDI can be used together for making the native reverse engineering process easier on Android.
Speaker
Tom Czayka (Quarkslab)
Other media in the channel "2020"
- 18 views, 1 this year, 1 this monthConclusion talkJuly 2nd, 2020
- 204 views, 12 this yearPique curiosity, not diabetic fingersJuly 2nd, 2020
- 39 views, 2 this yearWars of the machines: build your own Seek and Destroy RobotJuly 2nd, 2020
- 51 viewsTackling security issues in virtualizationJuly 2nd, 2020
- 30 views, 2 this yearEnarx - secured, attested execution on any cloudJuly 2nd, 2020
- 55 views, 1 this yearRemote Forensic Investigations For The WinJuly 2nd, 2020