Explore the challenges of JNI obfuscation in the Android Operating System through this informative conference talk from Derbycon 2015. Delve into the Android build process, software stack, and Java Native Interface (JNI) fundamentals. Understand the motivations behind code obfuscation and examine Proguard configuration. Follow along with static and dynamic analysis techniques, including device rooting, debugging processes, and using gdbserver. Investigate why obfuscation fails and consider potential solutions, such as registering natives. Gain insights into the complexities of Android security and learn practical approaches to address JNI obfuscation issues.
Overview
Syllabus
About the Speaker
Android Build Process
Android Software Stack
Java Native Interface (JNI)
Why JNI?
Why Obfuscate Code?
Proguard Configuration
JNI EXAMPLE CODE
RE Time: Static Analysis!!
All eyes on the JNI Class!!
Make sure device is rooted
Step O: Make sure the application is debuggable.
Verify device is listed
List Debugable Processes
Verify that it is the correct PID
Forward Connection
Launch JDB
List Methods
Step 6: Break on method
RE Time: Dynamic Analysis!!
Retrieve APK and unzip its contents.
Create Directories
Pull System Libraries
Find the Applications Process ID
Move gdbserver on to the device.
Launch gdbserver on to the device.
Port Forward from computer to the device.
Launch arm-linux-androideabi gdb
Load Libraries and set target
RE Time: Dynamic Analysis Step 11: Set Remote Target
Set Breakpoints
Step Through and get results.
Why did obfuscation fail?
How do we solve this problem?
Solution 1: Register Natives
Problems with Solution 1?
Classes
Problems with Solution 2?
Suggestions
