Professional Documents
Culture Documents
2
App Signing
- A certificate is
- the public key of a public/private key pair
- some other metadata identifying the owner of the key
4
Primer on cryptographic signatures
5
App Signing
7
App's certificate vs. SSL certificate
9
Resources (doc)
10
Resources example: strings.xml
- In strings.xml
<resources>
<string name="secret_string">Juicy Secret</string>
</resources>
11
Resources under the hood
invoke-virtual {p0},
Lcom/example/MyActivity;->getResources()Landroid/content/res/Resources;
move-result-object v3
const v4, 0x7f07002b
invoke-virtual {v3, v4},
Landroid/content/res/Resources;->getString(I)Ljava/lang/String;
move-result-object v1
From res/values/strings.xml
<string name="secret_string">Juicy Secret</string>
13
Reflection (doc)
14
Example of Reflection
peppa.pig();
try {
Method m = peppa.getClass().getMethod("pig");
m.invoke(peppa);
} catch (...) {
...
}
15
Reflection Benign Use Cases
16
Reflection Malicious Use Cases
- peppa.pig();
It's a string!
invoke-virtual {v3, v4},
Lcom/example/Peppa;->pig()V
- peppa.getClass().getMethod("pig").invoke(peppa)
???????
18
Dynamic Code Loading
class Peppa():
def __init__(self, n, s):
p = Peppa(42, "ciao")
self.n = n # int
self.s = s # string
pickle.dumps(p)
def pig(self):
return n*s
"(i__main__\nPeppa\np0\n(d
p1\nS's'\np2\nS'ciao'\np3\ns
S'n'\np4\nI42\nsb."
20
Serialization
21
Serialization