Unboxing Android: Everything you wanted to know about Android packers

DEF CON 25

Presented by: Avi Bashan, Slava Makkaveev
Date: Sunday July 30, 2017
Time: 10:00 - 10:45
Location: 101 Track

To understand the Android ecosystem today, one must understand Android packers. Whether used for protecting legitimate apps' business logic or hiding malicious content, Android packer usage is on the rise. Android packers continue to increase their efforts to prevent reverse engineers and static analysis engines from understanding what's inside the package. To do so they employ elaborate tactics, including state of the art ELF tampering, obfuscation and various anti-debugging techniques.

In this talk, we will provide an overview of the packer industry and present real world test cases. We will do a deep technical dive into the internal workings of popular Android packers, exposing the different methods which protect the app's code. As a countermeasure, we will provide various techniques to circumvent them, allowing hackers and security researchers to unpack the secrets they withhold.

Avi Bashan

Avi Bashan is a Team Leader at Check Point, former security researcher at Lacoon Mobile Security. His daily job is to play around with Android Internals, writing Linux kernel code and drinking a lot of coffee.

Slava Makkaveev

Slava Makkaveev is a Security Researcher at Check Point. Slava has vast academic and professional experience in the security field. Slava's day to day is mostly composed from reversing and hacking malwares and operating systems for fun and profit.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats