Android Security Symposium 2015

Assessing Android applications using command-line fu

About the speaker

Pau Oliva Fora

NowSecure, Barcelona, Spain
Pau Oliva Fora (@pof) is a Senior Mobile Security Engineer with NowSecure and co-author of the "Android Hacker's Handbook". His passion for smartphones started back in 2004 when he had his first PocketPC phone with the Windows Mobile operating system, and he began reverse engineering and hacking HTC devices. Pau has been actively researching security aspects of the Android operating system since its debut with the T-Mobile G1 on October 2008. He has spoken at a variety of security conferences, such as DefCon and RSA in the US and RootedCon, NoConName and OWASP in Spain.


In this talk we will walk attendees through the process of taking apart an Android application using simple command line tools and bash magic tricks, breaking down awesome one-liners to loop through "adb shell" commands. The session will cover the current state of the art to disassemble Dalvik bytecode, obtain the decompiled Java source, checking the application's certificate, checking for source code obfuscation and easily find vulnerable code such as the SecureRandom bug or testing for the presence of MasterKey exploit in an APK among other fancy stuff you never imagined you could do just using the command line.


Get the slides here.