Semi-Interactive Simplification of Hardened Android Malware

About the speaker

Abdullah Joseph
adjust GmbH, Berlin, Germany

Abdullah Joseph is the mobile security team lead of Adjust, providing mobile analytics services to clients around the globe and overseeing the security of mobile open-source libraries integrated in over 22,000 mobile apps and hitting over 400+ billion data points per month. His team works on researching current and future mobile ad fraud schemes and developing appropriate countermeasures. He is also the holder of GREM, GMOB and GPEN certifications.

Abstract

One of the prime features of modern binary protection is having an obfuscated nature to deter analysis and remain obscure. Both Nation-state actors, as well as your typical cyber-criminal, have a vested interest in keeping their codebase closed and locked with the key out of the window.

Modern malware analysis has also progressed to a very mature stage with the advent of maintained symbolic execution frameworks, binary instrumentation, and automated analysis environments.

In this talk, the speaker will:

  • Showcase a few common obfuscation techniques.
  • Present semi-automated methods to simplify a hardened Android codebase.

Furthermore, this talk will present a modular Smali parser created for this talk, usage of instrumentation frameworks to analyze Dalvik system calls, and realigning a distorted APK to ease automated analysis.