Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library

Black Hat USA 2018

Presented by: Maddie Stone
Date: Thursday August 09, 2018
Time: 17:00 - 17:50
Location: Jasmine Ballroom

Malware authors implement many different techniques to frustrate analysis and make reverse engineering malware more difficult. Many of these anti-analysis and anti-reverse engineering techniques attempt to send a reverse engineer down an incorrect investigation path or require them to invest large amounts of time reversing simple code. This talk analyzes one of the most robust anti-analysis native libraries we've seen in the Android ecosystem.

I will discuss each of the techniques the malware author used in order to prevent reverse engineering of their Android native library including manipulating the Java Native Interface, encryption, run-time environment checks, and more. This talk discusses not only the techniques the malware author implemented to prevent analysis, but also the steps and process for a reverse engineer to proceed through the anti-analysis traps. This talk will give you the tools to expose what Android malware authors are trying to hide.

Maddie Stone

Maddie Stone is a Security Engineer on Google's Android Security where she reverses all the bytes to keep malware off the phones of Android users. Maddie has previously spent many years deep in the circuitry and firmware of embedded devices including 8051, ARM, C166, MIPS, PowerPC, BlackFin, the many flavors of Renesas, and more. She is the creator of the IDAPython Embedded Toolkit. Maddie has previously spoken at international security conferences including OffensiveCon, REcon Montreal, DerbyCon, and the Women in Cybersecurity Conference.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats