For the second year in a row, BlackHat Asia was held in Singapore, at the end of March, in the luxury Marina Bay Sands hotel. As usual, the 2 days briefings were fully loaded of plenty of topics. 3 distinct tracks were offered, plus the business track (briefings sponsored by companies) and of course the technical Arsenal rooms. This year Fortinet had a booth, I was asked to help. We had a lot of great conversations with prospective customers and passerby generally interested in industry trends. I was also able to attend some briefings,... [Read More]
by RSS David Maciejak  |  Apr 02, 2015  |  Filed in: Industry Trends
Recently, I ran into a malicious sample (Android/Mseg.A!tr.spy) which was causing Baksmali to stall. This does not happen that often. I contacted Jesus Freke, the author of smali/baksmali, who quickly fixed the issue. A deeper look in the sample turned out to be quite interesting. The sample is highly obfuscated (perhaps actually a bit too much - we'll discuss that later) with very long and strange class and method names. For instance, we note a class named "AFHttpPacket;>" (yes, the ; and > are part of the name) in a no less strange namespace: "java/util/concurrent/BlockingQueue<Lcom/adfresca/sdk/packet"... [Read More]
by RSS Axelle Apvrille  |  Dec 16, 2013  |  Filed in: Security Research
I am back from Hashdays. For the (very) unfortunate ones ;) who missed my talk, you can download my slides from here, and also view my demo there. Click to download the slides Hashdays video of my demo Shortly, I think the key topics to my talk were: an Androguard-based script to disassemble DEX files at any offset dexrehash: a tool to re-checksum and re-hash hacked DEX files hooking system properties to evade Android emulator detection, and why you can't hook all properties at a single spot Next time, don't skip my talk :D --... [Read More]
by RSS Axelle Apvrille  |  Nov 05, 2012  |  Filed in: Security Research
Tim Strazzere's Android CrackMe It's Android challenge time, and Tim Strazzere provided an interesting Android CrackMe at BlackHat. As he agreed to my posting about it, here's my spoiler/solution below. The package is named droid-with-a-big-ego.apk and APKTool and Baksmali have difficulties processing it: I: Baksmaling... Exception in thread "main" org.jf.dexlib.Util.ExceptionWithContext: The header size is not the expected value (0x70) at org.jf.dexlib.Util.ExceptionWithContext.withContext( I worked around... [Read More]
by RSS Axelle Apvrille  |  Aug 23, 2012  |  Filed in: Security Research