Explore the intricacies of Android's dex file format and learn how to protect against potential vulnerabilities in mobile malware analysis tools in this Black Hat USA 2012 conference talk. Dive deep into the Dalvik VM and dex file interpreters to understand how malicious apps can slip through the cracks of common analysis techniques. Discover the evolution of mobile malware detection evasion methods, from simple tricks to more advanced techniques. Examine the APKfuscator proof-of-concept tool, designed to exploit flaws in dex file analysis tools. Learn about post-compilation file modification detection, endian reversal theory, and strategies for fighting decompilers. Gain valuable insights into practicing safe dex analysis and improving the security of mobile app examination processes.
Overview
Syllabus
Intro
Dex Education How can we examine dex files?
How are attackers hiding currently? Simple methods employed
Kickin' It Old School
Pushing the Bounds
Fighting the Decompiers
Slightly Newer School
Dexception
Endian Reversal Theory
Taught by
Black Hat