Podcast
Questions and Answers
Which of the following is NOT a pure Dalvik decompiler?
Which of the following is NOT a pure Dalvik decompiler?
- dex2jar
- Androguard's DAD
- JEB
- Apktool (correct)
What is the primary benefit of using a pure Dalvik decompiler over a traditional Java decompiler for Android apps?
What is the primary benefit of using a pure Dalvik decompiler over a traditional Java decompiler for Android apps?
- Pure Dalvik decompilers produce better decompiled output by skipping the conversion to Java bytecode (correct)
- Pure Dalvik decompilers are faster than Java decompilers
- Pure Dalvik decompilers are open source, while Java decompilers are typically commercial
- Pure Dalvik decompilers are better at handling obfuscated code
Which of the following is a recommended countermeasure against decompiling, disassembly, and repackaging of Android apps?
Which of the following is a recommended countermeasure against decompiling, disassembly, and repackaging of Android apps?
- Avoid using any obfuscation techniques
- Obfuscate the source code using tools like ProGuard or Arxan (correct)
- Store sensitive information on the client-side
- Rely on client-side authentication and validation
What is the primary purpose of ProGuard in the context of Android app development?
What is the primary purpose of ProGuard in the context of Android app development?
Which of the following tools is commonly used for decompiling Android apps to Java source code?
Which of the following tools is commonly used for decompiling Android apps to Java source code?
What is the purpose of using declared registers in Dalvik bytecode?
What is the purpose of using declared registers in Dalvik bytecode?
What is the main drawback of transforming DEX to JAR when decompiling Android apps?
What is the main drawback of transforming DEX to JAR when decompiling Android apps?
Which tool is commonly used to sign an Android app with a generated key?
Which tool is commonly used to sign an Android app with a generated key?
What is a potential malicious action that can be performed by inserting Trojan code into an Android app?
What is a potential malicious action that can be performed by inserting Trojan code into an Android app?
Which type of register in Dalvik bytecode is used for parameters?
Which type of register in Dalvik bytecode is used for parameters?
What is the consequence of changing variables to bypass client-side authentication or input validation in an Android app?
What is the consequence of changing variables to bypass client-side authentication or input validation in an Android app?
What is the primary reason for decompiling Android apps to an intermediate format like Smali rather than directly to Java?
What is the primary reason for decompiling Android apps to an intermediate format like Smali rather than directly to Java?
Which of the following tools is used to convert the Dalvik Executable (DEX) format used by Android to the Java Archive (JAR) format?
Which of the following tools is used to convert the Dalvik Executable (DEX) format used by Android to the Java Archive (JAR) format?
What is the primary advantage of using a runtime debugger to manipulate an Android app, compared to decompiling and modifying the app's code directly?
What is the primary advantage of using a runtime debugger to manipulate an Android app, compared to decompiling and modifying the app's code directly?
Which of the following statements is true regarding decompiling an Android app to Java bytecode?
Which of the following statements is true regarding decompiling an Android app to Java bytecode?
Which of the following tools is used to view the decompiled Java bytecode of an Android app after converting it from the DEX format using Dex2jar?
Which of the following tools is used to view the decompiled Java bytecode of an Android app after converting it from the DEX format using Dex2jar?
What is the purpose of the Baksmali tool in the context of decompiling Android apps?
What is the purpose of the Baksmali tool in the context of decompiling Android apps?
Which of the following is a potential countermeasure against command injection vulnerabilities in Android apps?
Which of the following is a potential countermeasure against command injection vulnerabilities in Android apps?
What is the primary disadvantage of using open-source or free application analysis tools for Android apps?
What is the primary disadvantage of using open-source or free application analysis tools for Android apps?
Which of the following statements is true regarding the decompilation of iOS apps?
Which of the following statements is true regarding the decompilation of iOS apps?
What is the primary purpose of the Apktool utility in the context of decompiling Android apps?
What is the primary purpose of the Apktool utility in the context of decompiling Android apps?
Flashcards are hidden until you start studying
Study Notes
Mobile Application Analysis and Reverse Engineering
- Application analysis provides security information, but manual analysis is time-consuming and requires a developed skill set.
- Automated analysis can be done using third-party tools, which are faster but often limited and buggy.
Application Analysis Tools
- Snoop-it: a user-friendly runtime iOS application analysis tool that requires a jailbroken iOS device.
- iNalyzer: a tool that decrypts an app installed on an iOS 6.1 device and generates a HTML interface to explore classes, plist files, strings, and view controllers.
- Xcode Clang Static Analyzer: a direct static analysis tool that integrates with the Xcode build system and helps developers.
- Androwarn: an automated static analysis tool for Android applications that reads APK files and reports on potentially malicious behavior.
Android Components and Intents
- Android components are declared in the AndroidManifest.xml file, including filters and who/what can invoke the intent.
- Parameters for Intent (Extras) are not declared and must be retrieved from decompiled source.
- Intents are the primary inter-process communication (IPC) method used by Android apps.
- Malicious intents can launch other apps and inject data into them.
Command Injection
- Command injection can occur when an app saves files on the SD card with a vulnerable Intent Filter.
- Exploitation can expose secrets the app can access.
- Countermeasures include not making Intents "exported" unless necessary, performing input validation, and blocking special characters in filenames.
Decompilation and Disassembly
- Decompilation and disassembly can be used to analyze binary, compiled apps.
- Smali assembly code is used for Android apps.
- iOS code is generally difficult to decompile.
- Decompiling an Android app to Java is possible, but not recompiling from Java.
- Apktool and Dex2jar can be used to decompile Android apps to bytecode.
Decompilation Tools
- Baksmali/Smali: an intermediate disassembler/assembler designed for Dalvik executables.
- Java vs. Pure Dalvik decompilers: Java decompilers skip the step of converting to bytecode, producing better output.
- Open-source decompilers include Androguard's DAD, while commercial options include JEB.
Countermeasures
- Every binary can be reverse-engineered given enough time and effort.
- Never store secrets on the client-side or rely on client-side authentication or validation.
- Obfuscate the source code using tools like ProGuard or Arxan.
Dalvik Bytecode
- Dalvik bytecode uses declared registers as placeholders for objects, variables.
- Syntax is always destination, then source.
- Object types are specified with capital letter identifying type.
- Types in Dalvik bytecode use uppercase letter to denote type.
Signing an Android App
- Create a key with keytool and sign with jarsigner.
- Keytool is used to generate a key, while jarsigner is used to sign the APK file.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
