athcon
TRANSCRIPT
-
8/11/2019 athcon
1/84
-
8/11/2019 athcon
2/84
Introduction
Who am I?
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 2 / 44
-
8/11/2019 athcon
3/84
Introduction
Who am I? Student (University of Amsterdam) Freelance Security Researcher Cuckoo Sandbox Developer (Malware Analysis System)
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 2 / 44
-
8/11/2019 athcon
4/84
Introduction
Android?
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 3 / 44
-
8/11/2019 athcon
5/84
Introduction
Android?
Smartphones
Runs custom Linux Millions of Devices
Hundreds of thousands of applications
etc..
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 3 / 44
-
8/11/2019 athcon
6/84
Android Applications
Android Applications?
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 4 / 44
-
8/11/2019 athcon
7/84
Android Applications
Android Applications?
Application Package File (APK) Download from Google Play Zip file Some Metadata (Manifest, Images, ..) classes.dex
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 4 / 44
-
8/11/2019 athcon
8/84
Android Applications
Android Applications?
Application Package File (APK) Download from Google Play Zip file Some Metadata (Manifest, Images, ..) classes.dex
All your code are belong to classes.dex More on this later.
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 4 / 44
-
8/11/2019 athcon
9/84
Android Applications
Android Applications?
Application Package File (APK) Download from Google Play Zip file Some Metadata (Manifest, Images, ..) classes.dex
All your code are belong to classes.dex More on this later.
Resources
Images Data files Native libraries
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 4 / 44
-
8/11/2019 athcon
10/84
Running Code on Android
There are two ways.
Running native libraries Extremely awesome
This talk does not focus on native
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 5 / 44
-
8/11/2019 athcon
11/84
Running Code on Android
There are two ways.
Running native libraries Extremely awesome
This talk does not focus on native
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 5 / 44
-
8/11/2019 athcon
12/84
Running Code on Android
There are two ways.
Running native libraries Extremely awesome
This talk does not focus on native Running Dalvik Bytecode
Dalvik is Compiled Java Dalvik != Java classes.dex
(More on this later)
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 6 / 44
-
8/11/2019 athcon
13/84
Dex File Format (I)
Dalvik Executable Format classes.dex
Container format to store Dalvik Bytecode with Metadata
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 7 / 44
-
8/11/2019 athcon
14/84
Dex File Format (I)
Dalvik Executable Format classes.dex
Container format to store Dalvik Bytecode with Metadata Various Data Pools
Strings Hello World
Classes Ljava/lang/String; Fields Ljava/lang/String;->value Prototypes (I)Ljava/lang/String;
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 7 / 44
-
8/11/2019 athcon
15/84
Dex File Format (I)
Dalvik Executable Format classes.dex
Container format to store Dalvik Bytecode with Metadata Various Data Pools
Strings Hello World
Classes Ljava/lang/String; Fields Ljava/lang/String;->value Prototypes (I)Ljava/lang/String;
Lots of headers Complex Cross-references between fields and headers The Classname is a String A Prototype has a String as return value A method links to a Prototype, etc..
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 7 / 44
-
8/11/2019 athcon
16/84
Dex File Format (II)
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 8 / 44
-
8/11/2019 athcon
17/84
Dalvik Bytecode Example
public static void hello() {
System.out.println(Hello AthCon);}
->
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 9 / 44
-
8/11/2019 athcon
18/84
Dalvik Bytecode Example
public static void hello() {
System.out.println(Hello AthCon);}
->
sget-object v0, Ljava/lang/System;->out:Ljava/io/PrintStream;
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 9 / 44
D l ik B d E l
-
8/11/2019 athcon
19/84
Dalvik Bytecode Example
public static void hello() {
System.out.println(Hello AthCon);}
->
sget-object v0, Ljava/lang/System;->out:Ljava/io/PrintStream;const-string v1, Hello AthCon
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 9 / 44
D l ik B d E l
-
8/11/2019 athcon
20/84
Dalvik Bytecode Example
public static void hello() {
System.out.println(Hello AthCon);}
->
sget-object v0, Ljava/lang/System;->out:Ljava/io/PrintStream;const-string v1, Hello AthConinvoke-virtual v0, v1,
Ljava/io/PrintStream;->println(Ljava/lang/String;)V
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 9 / 44
D l ik B t d E l
-
8/11/2019 athcon
21/84
Dalvik Bytecode Example
public static void hello() {
System.out.println(Hello AthCon);}
->
sget-object v0, Ljava/lang/System;->out:Ljava/io/PrintStream;const-string v1, Hello AthConinvoke-virtual v0, v1,
Ljava/io/PrintStream;->println(Ljava/lang/String;)Vreturn-void
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 9 / 44
Wh t i t?
-
8/11/2019 athcon
22/84
Whats your point?
Decompiling is mostly trivial JEB - http://android-decompiler.com/
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 10 / 44
Whats o oi t?
http://android-decompiler.com/https://code.google.com/p/smali/http://android-decompiler.com/ -
8/11/2019 athcon
23/84
What s your point?
Decompiling is mostly trivial JEB - http://android-decompiler.com/
Smali/Baksmali allows you to quickly modify code
Based on .smali files, a wrapper around Dalvik bytecode
Free and Open Sourcehttps://code.google.com/p/smali/
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 10 / 44
Lets welcome Obfuscators
http://android-decompiler.com/https://code.google.com/p/smali/https://code.google.com/p/smali/http://android-decompiler.com/ -
8/11/2019 athcon
24/84
Let s welcome Obfuscators
Commercial solutions
Make Reverse Engineering harder
Make automated analysis harder (what to look at?)
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 11 / 44
Lets welcome Obfuscators
-
8/11/2019 athcon
25/84
Let s welcome Obfuscators
Commercial solutions
Make Reverse Engineering harder
Make automated analysis harder (what to look at?)
What can we do..?
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 11 / 44
Lets welcome Obfuscators
-
8/11/2019 athcon
26/84
Let s welcome Obfuscators
Commercial solutions
Make Reverse Engineering harder
Make automated analysis harder (what to look at?)
What can we do..?
Deobfuscate the obfuscated code!
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 11 / 44
Lets welcome Obfuscators
-
8/11/2019 athcon
27/84
Let s welcome Obfuscators
Commercial solutions
Make Reverse Engineering harder
Make automated analysis harder (what to look at?)
What can we do..?
Deobfuscate the obfuscated code!
But first..
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 11 / 44
Introduction to Our Tools
-
8/11/2019 athcon
28/84
Introduction to Our Tools
readdex(1)
Custom utility to read .dex files
Not very strict
Works in cases where traditional tools fail
E.g., dexdump, dex2jar, sometimes even JEB (Will report JEB bugs later)
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 12 / 44
Introduction to Our Tools
-
8/11/2019 athcon
29/84
Introduction to Our Tools
readdex(1)
Custom utility to read .dex files
Not very strict
Works in cases where traditional tools fail
E.g., dexdump, dex2jar, sometimes even JEB (Will report JEB bugs later) Handles the following cases correctly
Invalid checksum hashes (fails dexdump) Unused opcodes (fails dex2jar/dexdump) Invalid Data Pool Indices (dexdump/dex2jar) Unicode function names (IDA Pro?!) Etc..
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 12 / 44
Introduction to Our Libraries
-
8/11/2019 athcon
30/84
Introduction to Our Libraries
Dalvik Disassembler
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 13 / 44
Introduction to Our Libraries
-
8/11/2019 athcon
31/84
Introduction to Our Libraries
Dalvik Disassembler Basic Dalvik Emulator
Supports most Dalvik Instructions Supports simple Java Classes (Strings, etc.)
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 13 / 44
-
8/11/2019 athcon
32/84
Introduction to Our Libraries
-
8/11/2019 athcon
33/84
Dalvik Disassembler Basic Dalvik Emulator
Supports most Dalvik Instructions Supports simple Java Classes (Strings, etc.)
Dex File Parser Dex File Creator is Work in Progress
Totalling more than 5kloc C (including readdex)
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 13 / 44
Introduction to Our Libraries
-
8/11/2019 athcon
34/84
Dalvik Disassembler Basic Dalvik Emulator
Supports most Dalvik Instructions Supports simple Java Classes (Strings, etc.)
Dex File Parser Dex File Creator is Work in Progress
Totalling more than 5kloc C (including readdex)
Not to mention basic Python wrappers
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 13 / 44
Introduction to Our Libraries
-
8/11/2019 athcon
35/84
Dalvik Disassembler Basic Dalvik Emulator
Supports most Dalvik Instructions Supports simple Java Classes (Strings, etc.)
Dex File Parser Dex File Creator is Work in Progress
Totalling more than 5kloc C (including readdex)
Not to mention basic Python wrappers
All of it will be Open Source soon (TM)
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 13 / 44
Whats next? This stuff is actually useful?
-
8/11/2019 athcon
36/84
y
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 14 / 44
Whats next? This stuff is actually useful?
-
8/11/2019 athcon
37/84
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 14 / 44
Class & Function Name Obfuscation
-
8/11/2019 athcon
38/84
Used by for example Dexguard & Freedom.apk..
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 15 / 44
Class & Function Name Obfuscation
-
8/11/2019 athcon
39/84
Used by for example Dexguard & Freedom.apk..
Welcome to China..
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 15 / 44
Class & Function Name Obfuscation
-
8/11/2019 athcon
40/84
Used by for example Dexguard & Freedom.apk..
Welcome to China..
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 15 / 44
Class & Function Name Obfuscation
-
8/11/2019 athcon
41/84
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 16 / 44
China?
-
8/11/2019 athcon
42/84
Unreadable identifiers
Problematic when Modifying Dalvik Code (.smali)
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 17 / 44
China?
-
8/11/2019 athcon
43/84
Unreadable identifiers
Problematic when Modifying Dalvik Code (.smali)
unchina.py to the rescue!
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 17 / 44
unchina.py
-
8/11/2019 athcon
44/84
Walks the Dex file Enumerates all classes and methods
Renames Chinese names with something readable
zmagic + number
(For now, can be changed of course..)
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 18 / 44
-
8/11/2019 athcon
45/84
unchina.py Demo
-
8/11/2019 athcon
46/84
Demo of Unchina.py..
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 19 / 44
Obfuscated Strings (I)
-
8/11/2019 athcon
47/84
Used by for example Dexguard, Whatsapp.apk, Freedom.apk
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 20 / 44
Obfuscated Strings (I)
-
8/11/2019 athcon
48/84
Used by for example Dexguard, Whatsapp.apk, Freedom.apk
Instead of using Hardcoded Strings
Build strings up at runtime
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 20 / 44
Obfuscated Strings (I)
-
8/11/2019 athcon
49/84
Used by for example Dexguard, Whatsapp.apk, Freedom.apk
Instead of using Hardcoded Strings
Build strings up at runtime
Makes it harder to analyze Strings usually have meaningful information (Function names, Debug information, URLs, etc.)
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 20 / 44
Obfuscated Strings (I)
-
8/11/2019 athcon
50/84
Used by for example Dexguard, Whatsapp.apk, Freedom.apk
Instead of using Hardcoded Strings
Build strings up at runtime
Makes it harder to analyze Strings usually have meaningful information (Function names, Debug information, URLs, etc.)
More code in the binary Normally one string Now entire functions for decoding, function calls, etc..
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 20 / 44
Obfuscated Strings (II)
-
8/11/2019 athcon
51/84
We want to reconstruct the obfuscated strings
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 21 / 44
-
8/11/2019 athcon
52/84
-
8/11/2019 athcon
53/84
Whatsapp (I)
-
8/11/2019 athcon
54/84
#1 - Whatsapp.apk
Defines for lots of classes Class Initialization function Called when the class is being loaded
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 23 / 44
Whatsapp (II)
-
8/11/2019 athcon
55/84
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 24 / 44
Whatsapp (III)
-
8/11/2019 athcon
56/84
We emulate the method Intercept the sput-object instruction
sput-object v0, mb->z:Ljava/lang/String;
Assign Static Class Variable
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 25 / 44
Whatsapp (III)
-
8/11/2019 athcon
57/84
We emulate the method Intercept the sput-object instruction
sput-object v0, mb->z:Ljava/lang/String;
Assign Static Class Variable
We now have the deobfuscated string
(or multiple strings, in some cases)
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 25 / 44
Whatsapp (III)
-
8/11/2019 athcon
58/84
We emulate the method Intercept the sput-object instruction
sput-object v0, mb->z:Ljava/lang/String;
Assign Static Class Variable
We now have the deobfuscated string
(or multiple strings, in some cases)
Roughly 5000 strings deobfuscated!
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 25 / 44
Freedom (I)
-
8/11/2019 athcon
59/84
#2 - Freedom.apk
Has xor decryption methods
Calls functions with magic decoding value
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 26 / 44
-
8/11/2019 athcon
60/84
Freedom (III)
-
8/11/2019 athcon
61/84
The xor decryption methods have a specific signature
Their prototype is always(B)Ljava/lang/String;
(Accepts an 8bit integer, returns a String.)
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 28 / 44
-
8/11/2019 athcon
62/84
Freedom (III)
-
8/11/2019 athcon
63/84
The xor decryption methods have a specific signature
Their prototype is always(B)Ljava/lang/String;
(Accepts an 8bit integer, returns a String.)
We scan every method in the Dex file Function Call to Decryption Method ->Decrypt the String
Roughly 600 strings deobfuscated!
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 28 / 44
Dexguard (I)
-
8/11/2019 athcon
64/84
#3 - Dexguard is a Commercial ObfuscatorAs example we use an obfuscated Cyanide.apk
Root exploit for some Motorala device
(Thanks to Justin Case for the sample)
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 29 / 44
Dexguard (II)
-
8/11/2019 athcon
65/84
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 30 / 44
Dexguard (III)
-
8/11/2019 athcon
66/84
Dexguard initializes a lookup table on
Decrypts strings using this lookup table
One dedicated decryption method Signature (III)Ljava/lang/String;
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 31 / 44
Dexguard (IV)
-
8/11/2019 athcon
67/84
Dexguard is a combination of Whatsapp and Freedom
(With regards to techniques)
First emulate
To obtain the lookup table
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 32 / 44
Dexguard (IV)
-
8/11/2019 athcon
68/84
Dexguard is a combination of Whatsapp and Freedom
(With regards to techniques)
First emulate
To obtain the lookup table Then scan every method in the Dex file
Find function calls to the decryption method
Decrypt strings!
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 32 / 44
Dexguard (IV)
-
8/11/2019 athcon
69/84
Original Dexguarded Cyanide.apk
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 33 / 44
Rewriting the Dex file (I)
-
8/11/2019 athcon
70/84
Rewriting Whatsapp, Freedom and Dexguarded Cyanide.apk
We have the decrypted strings
Obfuscated code always takes more instructions thandeobfuscated code
Patching time..!
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 34 / 44
-
8/11/2019 athcon
71/84
Rewriting the Dex file (II)
-
8/11/2019 athcon
72/84
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 36 / 44
Rewriting the Dex file (III)
-
8/11/2019 athcon
73/84
Some problems..
We have to introduce new strings Extend the String Data Pool Shuffle around half the Dex..
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 37 / 44
Rewriting the Dex file (III)
-
8/11/2019 athcon
74/84
Some problems..
We have to introduce new strings Extend the String Data Pool Shuffle around half the Dex..
Patch Dalvik instructions (straightforward) Remove obsolete functions
String Decryption Methods are now unused Quite painful.. Dex file-wise *Work in Progress*
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 37 / 44
Rewriting the Dex file (IV)
-
8/11/2019 athcon
75/84
We move all strings to EOF
We fixup other data structures
Demo time
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 38 / 44
Rewriting the Dex file (V)
-
8/11/2019 athcon
76/84
Demo of reconstructing Dexguarded Cyanide.apk
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 39 / 44
How do we go from here?
-
8/11/2019 athcon
77/84
Generic Deobfuscation Based on Heuristics with Prototypes etc
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 40 / 44
How do we go from here?
-
8/11/2019 athcon
78/84
Generic Deobfuscation Based on Heuristics with Prototypes etc
Classification based on stripped down binaries One binary can have many obfuscated representations
Deobfuscate to something like the original binary Allows more accurate classification
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 40 / 44
How do we go from here?
-
8/11/2019 athcon
79/84
Generic Deobfuscation Based on Heuristics with Prototypes etc
Classification based on stripped down binaries One binary can have many obfuscated representations
Deobfuscate to something like the original binary Allows more accurate classification
Did I mention plaintext strings?
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 40 / 44
How do we go from here?
-
8/11/2019 athcon
80/84
Generic Deobfuscation Based on Heuristics with Prototypes etc
Classification based on stripped down binaries One binary can have many obfuscated representations
Deobfuscate to something like the original binary Allows more accurate classification
Did I mention plaintext strings?
Plaintext Strings!
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 40 / 44
Automated Malware Analysis!
-
8/11/2019 athcon
81/84
Yesterday a new malware was found in the wild..
http://www.securelist.com/en/blog/8106/The_most_sophisticated_Android_Trojan
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 41 / 44
High Expectations Asian Dad strikes again!
http://www.securelist.com/en/blog/8106/The_most_sophisticated_Android_Trojanhttp://www.securelist.com/en/blog/8106/The_most_sophisticated_Android_Trojanhttp://www.securelist.com/en/blog/8106/The_most_sophisticated_Android_Trojanhttp://www.securelist.com/en/blog/8106/The_most_sophisticated_Android_Trojan -
8/11/2019 athcon
82/84
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 42 / 44
Backdoor.AndroidOS.Obad.a
-
8/11/2019 athcon
83/84
Seems like a pretty advanced android malware Multiple obfuscation layers (for strings)
Got a start, but far from complete.. *Quick Demo*
Some Plaintext Strings.. Tries to enable Bluetooth getSimSerialNumber .. (I need some more time)
June 10, 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 43 / 44
Questions?
-
8/11/2019 athcon
84/84
Any questions?
Cheers to..p1ra, nex, rep, blasty, thuxnder, diff-, jcase, George, jduck, ..
Interested in Android Security?Join #droidsec on irc.freenode.org (thanks jduck!)
June 10 2013 Jurriaan Bremer @skier t Analysis and Deobfuscation of Android Apps 44 / 44