Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,550 --> 00:00:07,190 One of the things that would be very helpful in terms of analyzing Android applications for vulnerabilities 2 00:00:07,190 --> 00:00:13,580 is the ability to D compile the application back into its source code with Java and languages that are 3 00:00:13,580 --> 00:00:18,950 similar to Java that compile into a bite code that is run against virtual machine. 4 00:00:18,950 --> 00:00:25,130 It's possible for us to reverse the compilation process to turn the bike code back in to something that 5 00:00:25,130 --> 00:00:27,270 resembles the original source code. 6 00:00:27,290 --> 00:00:29,260 Now the matching won't always be perfect. 7 00:00:29,270 --> 00:00:32,230 You will do some information typically from it. 8 00:00:32,270 --> 00:00:35,570 However most of the important pieces are going to still be there. 9 00:00:35,660 --> 00:00:40,760 And since those pieces will be there we'll be able to not only understand what the application is doing 10 00:00:41,000 --> 00:00:45,140 but actually be able to see the source code and be able to pick out specific vulnerable aspects that 11 00:00:45,140 --> 00:00:46,880 we want to be able to work with. 12 00:00:47,270 --> 00:00:54,000 So in this video may demonstrate how we can reverse reverse engineer essentially or compile an application. 13 00:00:54,170 --> 00:00:57,800 So there's a lot of different ways that people will typically use to do this. 14 00:00:57,800 --> 00:01:06,260 There are tools like API key tool and JD that will allow us to actually D compile the application and 15 00:01:06,260 --> 00:01:08,960 then reverse it back into Java code. 16 00:01:08,960 --> 00:01:17,360 I actually use one called GTD at JD X. And again I'll put links to these inside of a resources section 17 00:01:17,390 --> 00:01:23,870 but inside of here there is essentially in the bin there's a gooey that we can launch when we launch 18 00:01:23,870 --> 00:01:30,800 this we're able to actually compile any AP K that we may have on our computer so it come into our directory 19 00:01:30,800 --> 00:01:36,620 here and I'm going to go grab the diva application that we installed and run this through the compiler 20 00:01:37,840 --> 00:01:42,620 and what you'll see here is that we'll get a set of source code and a set of resources that are used 21 00:01:42,620 --> 00:01:45,020 inside of this application. 22 00:01:45,020 --> 00:01:48,950 When you're first looking at an application there's a lot of different information that's valuable to 23 00:01:48,950 --> 00:01:49,430 us. 24 00:01:49,460 --> 00:01:53,290 The manifest file is one that's going to be extremely useful. 25 00:01:53,340 --> 00:01:57,610 It's gonna tell you a lot of different things such as the permissions that are used by the application. 26 00:01:57,650 --> 00:02:00,560 It will tell you what activities exist inside the application. 27 00:02:00,560 --> 00:02:02,340 It will tell you about intense. 28 00:02:02,360 --> 00:02:07,390 It will tell you about things like content providers and such if they exist. 29 00:02:07,430 --> 00:02:10,770 It will tell you what versions we target. 30 00:02:10,790 --> 00:02:15,200 It will give you a whole plethora of high level information that will allow you to better understand 31 00:02:15,200 --> 00:02:17,760 the attack surface that you're working with. 32 00:02:17,810 --> 00:02:23,900 So this is one file that would be very useful for us to be able to look at resources are going to be 33 00:02:23,900 --> 00:02:29,210 a lot of like the graphical interfaces and such that you're gonna be working with a lot of this really 34 00:02:29,210 --> 00:02:31,780 isn't particularly useful I don't think. 35 00:02:32,240 --> 00:02:37,990 Most of the time this is just sort of like you know trivial information that comes from this process. 36 00:02:38,390 --> 00:02:40,570 The meta info will tell you different information. 37 00:02:40,580 --> 00:02:47,360 There's some cert details that are sometimes potentially helpful as well as the manifest file which 38 00:02:47,870 --> 00:02:53,000 could tell you a bit of valuable information potentially gives you a bit of a layout of some of the 39 00:02:53,000 --> 00:02:59,960 things that exists inside of like the rest folder and it will allow you to get a bit of an understanding 40 00:02:59,960 --> 00:03:06,740 behind like the contents of of the manifest for instance and then we also have this lib folder in this 41 00:03:06,740 --> 00:03:11,540 lib folder has any sort of shared objects libraries that are used inside of the application. 42 00:03:11,540 --> 00:03:18,620 These are typically written in C or C++ and compiled these can't be d compiled what we can do with these 43 00:03:18,620 --> 00:03:23,330 is we can analyze like strings that may exist inside of them we might be able to break it down into 44 00:03:23,900 --> 00:03:29,750 something that might be able to tell us some information about the shared library or shared object but 45 00:03:30,290 --> 00:03:35,190 a lot of time these are things that we won't be able to necessarily dig into too deeply. 46 00:03:35,210 --> 00:03:40,340 You'll see in a few examples we actually can go through these and gain some form of relevant information 47 00:03:41,590 --> 00:03:45,710 and then finally we have our actual source code files which are the actual source of the application 48 00:03:45,710 --> 00:03:46,830 itself. 49 00:03:46,850 --> 00:03:50,750 If you take a look at these you'll be able to see you make each of the different pieces that goes into 50 00:03:50,750 --> 00:03:52,880 building the actual application itself. 51 00:03:53,000 --> 00:03:57,950 So you could pull up any of the code that actually exists and you'll be able to see exactly what code 52 00:03:57,950 --> 00:03:59,620 is being used. 53 00:03:59,690 --> 00:04:01,950 You can do this sort of thing with all. 54 00:04:02,330 --> 00:04:06,560 I would say basically any Android application you should be able to get source code and that's it's 55 00:04:06,560 --> 00:04:11,190 like heavily encrypted or obscured in some way. 56 00:04:11,240 --> 00:04:15,850 This will typically be possible so a few other things that are useful for this. 57 00:04:16,190 --> 00:04:21,410 We can search this for specific keywords so for instance we find an error message or something like 58 00:04:21,410 --> 00:04:23,200 that that we want to look up. 59 00:04:23,270 --> 00:04:24,780 We can try looking it up. 60 00:04:24,830 --> 00:04:27,090 We can try looking up common things like password. 61 00:04:27,200 --> 00:04:29,120 So you want to check off like what you actually a search. 62 00:04:29,120 --> 00:04:34,640 You could search classes you could search methods fields code for instance and you can see here we can 63 00:04:34,640 --> 00:04:37,970 sort of like pick out pieces of information that might be of interest to us. 64 00:04:38,000 --> 00:04:44,020 So here's an example here where we're inserting into sequel a user username and password it seems. 65 00:04:44,020 --> 00:04:49,860 So this for instance would be some information that might be able to gather from D compiling the application. 66 00:04:49,970 --> 00:04:55,130 So this gives you a bit of an idea of how we can actually D compile Android applications and from here 67 00:04:55,130 --> 00:05:01,380 we sort of have all the tools that we're going to need to have to be able to analyzed different applications 68 00:05:01,380 --> 00:05:03,600 to be able to look at common Android vulnerabilities. 69 00:05:03,600 --> 00:05:05,250 So that's what we will take a look at next. 7942