DEF CON 31 - Runtime Riddles - Abusing Manipulation Points in the Android Source - Laurie Kirk

preview_player
Показать описание
Android malware creators constantly struggle to devise innovative methods to obscure apps and impede reverse engineering. As numerous standard techniques have lost efficacy, I'll unveil the next frontier in Android obfuscation: runtime manipulation. Runtime manipulation alters standard application flow-of-control to bypass decompilers and emulators.

In this talk, I'll reveal my strategy for pinpointing manipulation targets in Android's source code. I will describe how I craft manipulators in native C++ once a suitable target has been located. This is accomplished by hooking Java methods via the Java Native Interface (JNI) and typecasting the handle to a C-style pointer. Runtime manipulation can entirely remove traces of ClassLoader calls which are unavoidable for standard Dalvik Executable (DEX) packing, but are also easily discovered and hooked. This technique also effectively breaks cross-reference calculations within all Android decompilers.

I will demonstrate and equip attendees with a custom Android library for devices running Android 13, providing a new tool that enables runtime manipulation experimentation. In addition, I'll demonstrate my methodology for pinpointing Java targets and modifying their underlying native data structures.
  1. DEFCONConference
  2. DEF
  3. CON
  4. DEFCON
  5. DEF CON
  6. hacker conference
Рекомендации по теме
DEF CON 31 0:41:59

DEF CON 31 - Runtime Riddles - Abusing Manipulation Points in the Android Source - Laurie Kirk

How to know 0:10:19

How to know if your PC is hacked? Suspicious Network Activity 101

Boost Brightness and 0:04:15

Boost Brightness and Turbo Runtime In 5 MINS! | Calibrate Temperature, set Stepdown Limit (Anduril)

What are hardware 0:06:40

What are hardware security modules (HSM), why we need them and how they work.

you will never 0:08:03

you will never ask about pointers again after watching this video

How To Fix 0:01:21

How To Fix Run Time Error On Windows 10

TypeCheck Effortless 0:36:14

TypeCheck Effortless Runtime Type Checking | Wiebe-Marten Wijnja | ElixirConf EU 2022

Elizaveta Shashkova - 0:29:31

Elizaveta Shashkova - The Hidden Power of the Python Runtime

bpftime: Fast uprobes 0:31:24

bpftime: Fast uprobes with user space BPF runtime - Yusheng Zheng

Developer Skill Sprint: 0:34:27

Developer Skill Sprint: Unlocking the Windows Runtime on Windows 10

100Ah LiFePO4 Battery 0:04:08

100Ah LiFePO4 Battery vs 12V RV Fridge

Python dataclasses will 0:08:50

Python dataclasses will save you HOURS, also featuring attrs

CppCon 2019: Marco 0:31:55

CppCon 2019: Marco Magdy “The Design of the C++ Runtime for AWS Lambda”

Extend your JVM 0:19:10

Extend your JVM app at runtime with SPI

How to fix 0:03:31

How to fix Runtime Broker CPU Usage

Different App Language 0:21:53

Different App Language in Android Studio - Changing Language at Runtime #androiddevelopment

How to Secure 0:33:17

How to Secure Business-Critical Apps with Mirantis Container Runtime

Runtime i18n with 0:22:10

Runtime i18n with Ivy | Olivier Combe | AngularConnect 2018

Combining the power 0:21:56

Combining the power of Optimum, OpenVINO™, ONNX Runtime, and Azure

114. What's up 0:30:35

114. What's up with LLRT, AWS' new Lambda Runtime?

Adventures in the 0:46:20

Adventures in the Objective-C Runtime (/dev/world/2012)

Heaps in 3 0:03:29

Heaps in 3 minutes — Intro

'Compiler and Runtime 0:17:41

'Compiler and Runtime Support for Exploring AI-GPU Acceleration' - Yufei Ding

105 Everything You 1:31:55

105 Everything You Need to Know About IBM i Administration Runtime Expert (ARE)

Комментарии
Автор

Wait. Her surname isn't "wired" like in her youtube channel :O

dertyp
Автор

In the machine code hex at 29:16, I think the nibbles in each byte are backwards: if you swap the nibbles in 24 00 e0 you get 42 00 0e. The 0x2000 value is in there with a 4-bit offset.

kkiller
Автор

Android developers: "Sure, you can shoot yourself in the foot by modifying what android apis do within your own program."

Obfuscators: "Shoot myself in the foot ... like a fox! "

Aplysia
Автор

Her day job at Microsoft must be pretty gratifying if it is anything like the work that she did for reverse engineering this exploit.

kkiller
Автор

Was it ever explained how a sandboxes app without root access is overwriting ART memory? And if the app has root access, what is the point of this talk? Also the code assembly code shown was x86, not ARM, so this is x86 Android?

deckardpegasus
Автор

She talks like El Woods and is smart AF like El Woods

HyperVectra
Автор

Thanks these videos were incredibly helpful

SkyHighBeyondReach
Автор

I must say, on her channel you can pretend she is just reading a script or something, but here you have to conciliate the cute and the expert, and it's not easy! I'm happy to do it, but it's a task.

ciCCapROSTi
Автор

Very cool, like lain she is a tech god

zetopr
Автор

a somewhat "legitimate" application for this is for anti-cheat system, where you can swap out and/or "reinforce" function pointers at runtime to prevent cheat software from finding or modifying them.

somewhat ironic, though, that an incredibly unsafe memory modification is used to prevent unsafe memory modification lol

rigen
Автор

Real life software hacking and exploitation. She's gorgeous and smart.

drdr
Автор

She's so f-ing perfect. I wish I could find a girlfriend like her. 😢

nicolasfiore