Why are Frida and QBDI a Great Blend on Android?
Key | Action |
---|---|
K or space | Play / Pause |
M | Mute / Unmute |
C | Select next subtitles |
A | Select next audio track |
V | Show slide in full page or toggle automatic source change |
left arrow | Seek 5s backward |
right arrow | Seek 5s forward |
shift + left arrow or J | Seek 10s backward |
shift + right arrow or L | Seek 10s forward |
control + left arrow | Seek 60s backward |
control + right arrow | Seek 60s forward |
shift + down arrow | Decrease volume |
shift + up arrow | Increase volume |
shift + comma | Decrease playback rate |
shift + dot or shift + semicolon | Increase playback rate |
end | Seek to end |
beginning | Seek to beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamInformation on this media
Links:
Number of views:
332 (this month: 12)Creation date:
June 29, 2020Speakers:
Tom CzaykaLicense:
CC BY-SA v4Description
Reverse engineering of Android applications is usually considered as somewhat effortless because of the possibility of retrieving the Java representation of the application’s code. An attacker is basically able to read through a human-readable version of the code in order to quickly extract the intellectual property, gather some assets, find vulnerabilities and so on. Nowadays, most of the Android application editors are aware of this weakness and try their best to make reverse engineers’ work harder. They often rely on integrating obfuscation strategies or shifting sensitive features from Java/Kotlin side to native code thanks to Java Native Interface (shortened JNI). However, the reverse engineering process gets much more complex when they decide to use both – that is, obfuscated native code. As a result, statically looking into the native library’s disassembly turns out to be pretty tedious and time-consuming. Fortunately, inspection at runtime is still possible and offers a convenient way to efficiently grasp the inner mechanisms of the application, even over obfuscation. Since protections against regular debuggers are quite common among popular applications, using a Dynamic Binary Instrumentation (DBI) framework such as Frida, remains a great option for a thorough examination. Technically speaking, Frida allows users to inject their own code at the beginning and the end of a native function or replace the whole implementation. Though, Frida lacks granularity at some point, especially when it comes to inspecting the execution at the instruction scale. In this context, QBDI, a DBI framework we have developed at Quarkslab, can give Frida a hand determining which parts of the code have been executed when calling a given native function. This talk aims to present how Frida and QBDI can be used together for making the native reverse engineering process easier on Android.
Speaker
Tom Czayka (Quarkslab)
Other media in the channel "2020"
17 viewsConclusion talkJuly 2nd, 2020
173 views, 3 this monthPique curiosity, not diabetic fingersJuly 2nd, 2020
37 views, 1 this monthWars of the machines: build your own Seek and Destroy RobotJuly 2nd, 2020
50 viewsTackling security issues in virtualizationJuly 2nd, 2020
26 views, 1 this monthEnarx - secured, attested execution on any cloudJuly 2nd, 2020
50 views, 1 this monthRemote Forensic Investigations For The WinJuly 2nd, 2020