The ART of Runtime-Based Obfuscation in Android

Presented at Kernelcon 2023, April 14, 2023, 2:30 p.m. (60 minutes).

Are you ready to dive into the diverse world of Android obfuscation? This talk will explore the ins and outs of runtime-based obfuscation, a technique used to hide malicious code from Reverse Engineers by subverting the Android Runtime. I’ll cover the offensive and defensive aspects of obfuscation, including the two primary techniques of runtime-based obfuscation: subverting DEX class loading and ART object manipulation. You'll learn about analyzing the Android kernel source code and how to alter runtime objects to replace or modify instructions. But the fun doesn't stop there! We'll take a look at real-world examples of runtime-based obfuscation and the challenges that accompany it. By the end of this talk, you'll have a deep understanding of the background of Android obfuscation and the primary techniques of runtime-based obfuscation. Join me for an entertaining and informative journey into the world of Android security.


Presenters:

  • Laurie Kirk - Microsoft
    I currently work as a Security Researcher at Microsoft in incident response. I specialize in cross-platform malware analysis with a focus on mobile threats. I also run a YouTube channel (@LaurieWired) that covers all sorts of in-depth Malware Analysis, Reverse-Engineering, Exploitation and security topics.

Similar Presentations: