1
00:00:01,550 --> 00:00:07,190
One of the things that would be very helpful in terms of analyzing Android applications for vulnerabilities

2
00:00:07,190 --> 00:00:13,580
is the ability to D compile the application back into its source code with Java and languages that are

3
00:00:13,580 --> 00:00:18,950
similar to Java that compile into a bite code that is run against virtual machine.

4
00:00:18,950 --> 00:00:25,130
It's possible for us to reverse the compilation process to turn the bike code back in to something that

5
00:00:25,130 --> 00:00:27,270
resembles the original source code.

6
00:00:27,290 --> 00:00:29,260
Now the matching won't always be perfect.

7
00:00:29,270 --> 00:00:32,230
You will do some information typically from it.

8
00:00:32,270 --> 00:00:35,570
However most of the important pieces are going to still be there.

9
00:00:35,660 --> 00:00:40,760
And since those pieces will be there we'll be able to not only understand what the application is doing

10
00:00:41,000 --> 00:00:45,140
but actually be able to see the source code and be able to pick out specific vulnerable aspects that

11
00:00:45,140 --> 00:00:46,880
we want to be able to work with.

12
00:00:47,270 --> 00:00:54,000
So in this video may demonstrate how we can reverse reverse engineer essentially or compile an application.

13
00:00:54,170 --> 00:00:57,800
So there's a lot of different ways that people will typically use to do this.

14
00:00:57,800 --> 00:01:06,260
There are tools like API key tool and JD that will allow us to actually D compile the application and

15
00:01:06,260 --> 00:01:08,960
then reverse it back into Java code.

16
00:01:08,960 --> 00:01:17,360
I actually use one called GTD at JD X. And again I'll put links to these inside of a resources section

17
00:01:17,390 --> 00:01:23,870
but inside of here there is essentially in the bin there's a gooey that we can launch when we launch

18
00:01:23,870 --> 00:01:30,800
this we're able to actually compile any AP K that we may have on our computer so it come into our directory

19
00:01:30,800 --> 00:01:36,620
here and I'm going to go grab the diva application that we installed and run this through the compiler

20
00:01:37,840 --> 00:01:42,620
and what you'll see here is that we'll get a set of source code and a set of resources that are used

21
00:01:42,620 --> 00:01:45,020
inside of this application.

22
00:01:45,020 --> 00:01:48,950
When you're first looking at an application there's a lot of different information that's valuable to

23
00:01:48,950 --> 00:01:49,430
us.

24
00:01:49,460 --> 00:01:53,290
The manifest file is one that's going to be extremely useful.

25
00:01:53,340 --> 00:01:57,610
It's gonna tell you a lot of different things such as the permissions that are used by the application.

26
00:01:57,650 --> 00:02:00,560
It will tell you what activities exist inside the application.

27
00:02:00,560 --> 00:02:02,340
It will tell you about intense.

28
00:02:02,360 --> 00:02:07,390
It will tell you about things like content providers and such if they exist.

29
00:02:07,430 --> 00:02:10,770
It will tell you what versions we target.

30
00:02:10,790 --> 00:02:15,200
It will give you a whole plethora of high level information that will allow you to better understand

31
00:02:15,200 --> 00:02:17,760
the attack surface that you're working with.

32
00:02:17,810 --> 00:02:23,900
So this is one file that would be very useful for us to be able to look at resources are going to be

33
00:02:23,900 --> 00:02:29,210
a lot of like the graphical interfaces and such that you're gonna be working with a lot of this really

34
00:02:29,210 --> 00:02:31,780
isn't particularly useful I don't think.

35
00:02:32,240 --> 00:02:37,990
Most of the time this is just sort of like you know trivial information that comes from this process.

36
00:02:38,390 --> 00:02:40,570
The meta info will tell you different information.

37
00:02:40,580 --> 00:02:47,360
There's some cert details that are sometimes potentially helpful as well as the manifest file which

38
00:02:47,870 --> 00:02:53,000
could tell you a bit of valuable information potentially gives you a bit of a layout of some of the

39
00:02:53,000 --> 00:02:59,960
things that exists inside of like the rest folder and it will allow you to get a bit of an understanding

40
00:02:59,960 --> 00:03:06,740
behind like the contents of of the manifest for instance and then we also have this lib folder in this

41
00:03:06,740 --> 00:03:11,540
lib folder has any sort of shared objects libraries that are used inside of the application.

42
00:03:11,540 --> 00:03:18,620
These are typically written in C or C++ and compiled these can't be d compiled what we can do with these

43
00:03:18,620 --> 00:03:23,330
is we can analyze like strings that may exist inside of them we might be able to break it down into

44
00:03:23,900 --> 00:03:29,750
something that might be able to tell us some information about the shared library or shared object but

45
00:03:30,290 --> 00:03:35,190
a lot of time these are things that we won't be able to necessarily dig into too deeply.

46
00:03:35,210 --> 00:03:40,340
You'll see in a few examples we actually can go through these and gain some form of relevant information

47
00:03:41,590 --> 00:03:45,710
and then finally we have our actual source code files which are the actual source of the application

48
00:03:45,710 --> 00:03:46,830
itself.

49
00:03:46,850 --> 00:03:50,750
If you take a look at these you'll be able to see you make each of the different pieces that goes into

50
00:03:50,750 --> 00:03:52,880
building the actual application itself.

51
00:03:53,000 --> 00:03:57,950
So you could pull up any of the code that actually exists and you'll be able to see exactly what code

52
00:03:57,950 --> 00:03:59,620
is being used.

53
00:03:59,690 --> 00:04:01,950
You can do this sort of thing with all.

54
00:04:02,330 --> 00:04:06,560
I would say basically any Android application you should be able to get source code and that's it's

55
00:04:06,560 --> 00:04:11,190
like heavily encrypted or obscured in some way.

56
00:04:11,240 --> 00:04:15,850
This will typically be possible so a few other things that are useful for this.

57
00:04:16,190 --> 00:04:21,410
We can search this for specific keywords so for instance we find an error message or something like

58
00:04:21,410 --> 00:04:23,200
that that we want to look up.

59
00:04:23,270 --> 00:04:24,780
We can try looking it up.

60
00:04:24,830 --> 00:04:27,090
We can try looking up common things like password.

61
00:04:27,200 --> 00:04:29,120
So you want to check off like what you actually a search.

62
00:04:29,120 --> 00:04:34,640
You could search classes you could search methods fields code for instance and you can see here we can

63
00:04:34,640 --> 00:04:37,970
sort of like pick out pieces of information that might be of interest to us.

64
00:04:38,000 --> 00:04:44,020
So here's an example here where we're inserting into sequel a user username and password it seems.

65
00:04:44,020 --> 00:04:49,860
So this for instance would be some information that might be able to gather from D compiling the application.

66
00:04:49,970 --> 00:04:55,130
So this gives you a bit of an idea of how we can actually D compile Android applications and from here

67
00:04:55,130 --> 00:05:01,380
we sort of have all the tools that we're going to need to have to be able to analyzed different applications

68
00:05:01,380 --> 00:05:03,600
to be able to look at common Android vulnerabilities.

69
00:05:03,600 --> 00:05:05,250
So that's what we will take a look at next.