Debuggers are really powerful - Pwning all of the Android things presented at ekoparty 2013

by Mathew Rowley,

Summary : Last year my talk - how we tear into that little green man - received much appreciated, positive feed back. However, for people who perform Android reverse engineering regularly it was a bit bland. This talk is designed to compliment that and explain new, advanced reverse engineering techniques. Since last year I have been at work developing new reverse engineering approaches and creating new tools that will help facilitate previously unseen techniques and much quicker reverse engineering of application. I have developed a scriptable debugging framework which will be the main focus of this talk. The power of the Java debugger has makes reverse engineering of applications as easy as falling off a log. The only problem: the Java Platform Debugger Architecture (JPDA) is not very well documented and there is nobody around to give you help. This debugging framework, which wraps the JPDA, has the ability to act as a proxy to perform almost any action, while an application is running, as if you were actively developing the application. Have you ever wanted to passively monitor internal IPC? Have you ever wanted to dynamically change the value of a variable? Have you ever wanted to just dump all encryption keys used in an application? Have you ever wanted to understand how Intents are constructed and passed? Have you ever wanted to call a method of a compiled application while it was running? Well, thats all possible with the debugging framework. Whats even better, I wrote all the wrapper scripts for you!