Presented at
Black Hat Asia 2020 Virtual,
Oct. 1, 2020, 12:30 p.m.
(40 minutes).
Android applications are becoming more and more obfuscated to prevent reverse engineering. While obfuscation can be applied on both, the Dalvik bytecode and the native code, the former is more challenging to analyze due to the structure of the bytecode as well as the API provided by Android Runtime.
The purpose of this talk is to present dynamic binary instrumentation techniques that can help reverse engineers to deal with obfuscated codes.
These techniques aim to be obfuscator resilient so that it does not rely on a special kind of obfuscation neither a specific obfuscator.
Presenters:
-
Romain Thomas
- Security Engineer, Quarkslab
Romain Thomas is a security engineer working on the development of new tools to assist security researchers. Author of LIEF, a library to parse and manipulate executable file formats (ELF, PE, Mach-O), he enjoys going back and forth between reverse engineering and tool development to see which part of the process can be automated. He is also interested in (de)obfuscation, software protections and packer. He contributed in the past to the Triton project, especially on de-obfuscation based on symbolic execution.
Links:
Similar Presentations: