"Automated analysis and Deobfuscation of Android Apps & Malware", presented at AthCON 2013

by Jurriaan Bremer,

Tags: Security

Summary : During this presentation we will walk through various obfuscation techniques used by both legitimate and malicious applications in order to hide potentially malicious activities, as well as to make reverse engineering (much) harder. We will then learn about various scripts involving both static and dynamic analysis (based on a framework which I will publish after this talk) that aid in the analysis of these applications by automatically deobfuscating, stripping, and rebuilding the applications to something that resembles the original form. After the deobfuscation steps, existing tools will be able to make more sense out of the application and will therefore show a much more complete analysis, making the life of reverse engineers easier (as well as more efficient.) After all the theory, we will see a demonstration of analyzing a certain well-known, legitimate, application before and after the magic deobfuscation in order to evaluate the effectiveness of the proposed scripts and techniques.