{"id":1749,"date":"2015-06-23T11:34:46","date_gmt":"2015-06-23T09:34:46","guid":{"rendered":"http:\/\/sseblog.ec-spride.de\/?p=1749"},"modified":"2015-06-23T11:34:46","modified_gmt":"2015-06-23T09:34:46","slug":"all-your-code-belongs-to-us-dismantling-android-secrets-with-codeinspect","status":"publish","type":"post","link":"https:\/\/blogs.uni-paderborn.de\/sse\/2015\/06\/23\/all-your-code-belongs-to-us-dismantling-android-secrets-with-codeinspect\/","title":{"rendered":"All Your Code Belongs To Us &#8211; Dismantling Android Secrets With CodeInspect"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_1749 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_1749')){$('.twoclick_social_bookmarks_post_1749').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blogs.uni-paderborn.de\\\/sse\\\/2015\\\/06\\\/23\\\/all-your-code-belongs-to-us-dismantling-android-secrets-with-codeinspect\\\/\",\"post_id\":1749,\"post_title_referrer_track\":\"All+Your+Code+Belongs+To+Us+%26%238211%3B+Dismantling+Android+Secrets+With+CodeInspect\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Steven will give a talk about <a href=\"http:\/\/sseblog.ec-spride.de\/tools\/codeinspect\/\">CodeInspect<\/a>\u00a0at the\u00a0leading international conference on software development <a href=\"http:\/\/gotocon.com\/cph-2015\/\">GOTO Copenhagen<\/a>. We are looking forward for a great conference.<\/p>\n<p>Title of the talk: &#8220;<span class=\"s1\">All Your Code Belongs To Us &#8211; Dismantling Android Secrets With CodeInspect<\/span>&#8221;<\/p>\n<p>Abstract of the\u00a0talk:<\/p>\n<p><!--more--><\/p>\n<p class=\"p1\"><em><span class=\"s1\">Android malware is getting more and more sophisticated. So-called &#8220;sleeper&#8221; applications only trigger their malicious behavior after a certain time has passed or event has happened, effectively evading many dynamic analysis techniques. Other techniques include integrity checks as well as detectors for emulators, rooted devices, and hooks. If any such sign is detected, the malware refrains from its actual malicious behavior. For countering static analyses, these apps apply code encryption, packers, and code obfuscators. Together, these features render most automated analyses ineffective, leaving a manual analysis as the only viable option &#8211; a very difficult and time-consuming undertaking.<\/span><\/em><\/p>\n<p class=\"p1\"><em><span class=\"s1\">To alleviate the problem, we propose CodeInspect, a new integrated reverse-engineering environment extending the Eclipse IDE and targeting sophisticated state-of-the-art malware apps for Android. With features such as interactive debugging on a human readable representation of the application\u2019s bytecode, CodeInspect aims to greatly reduce the time an analyst requires to understand and judge applications. Using CodeInspect, the engineer can debug an app in combination with the Android Open Source Project (AOSP) live, can rename (obfuscated) identifiers, jump to definitions, remove or add statements and more. Reverse engineers can even add new Java source classes or projects into the application, which can then be called from the original app\u2019s code. This is especially useful when implementing decryption methods which can be directly tested in place.<\/span><\/em><\/p>\n<p class=\"p1\"><em><span class=\"s1\">CodeInspect also includes new code-analysis techniques that, to the best of our knowledge, are not available in any other reverse-engineering tool. These techniques include a fully-automatic de-obfuscation of reflective method calls, string de-obfuscation and a very precise data-flow tracking component that shows suspicious flows from sensitive sources to public sinks, all of which can be easily used in combination. Aside from malware, these features of CodeInspect also allow an analyst to assess the security of closed-source libraries, detect unwanted behaviors in advertisement SDKs, and check apps for security vulnerabilities such as hard-coded secrets.<\/span><\/em><\/p>\n<p class=\"p3\"><em><span class=\"s2\">This talk is aimed at Software Engineers as well as Security Experts. For\u00a0Software Engineers we will demonstrate how fast users of CodeInspect can\u00a0extract data from their apps\u2019 bytecode, demonstrating that trying to hide\u00a0<\/span><span class=\"s1\">secrets in the code is not secure. If you include keys or passwords in your\u00a0app code, they are lost &#8211; even if you obfuscate them. We will also show how\u00a0to easily upgrade a trial-version of an application to a full (paid) version\u00a0with CodeInspect, circumventing prevalent mechanisms for in-app purchases.\u00a0<\/span><span class=\"s2\">The goal is to sensitize developers for the risks posed by current\u00a0<\/span><span class=\"s1\">technologies.<\/span><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Steven will give a talk about CodeInspect\u00a0at the\u00a0leading international conference on software development GOTO Copenhagen. We are looking forward for a great conference. Title of the talk: &#8220;All Your Code Belongs To Us &#8211; Dismantling Android Secrets With CodeInspect&#8221; Abstract &hellip; <a href=\"https:\/\/blogs.uni-paderborn.de\/sse\/2015\/06\/23\/all-your-code-belongs-to-us-dismantling-android-secrets-with-codeinspect\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":6581,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,1],"tags":[],"class_list":["post-1749","post","type-post","status-publish","format-standard","hentry","category-android","category-general"],"_links":{"self":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/1749","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/users\/6581"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/comments?post=1749"}],"version-history":[{"count":0,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/1749\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/media?parent=1749"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/categories?post=1749"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/tags?post=1749"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}