Sunday, March 27, 2011

Reversing Android Malware And Honeynet Project Workshop

I honored by Honeynet Project folks for allowing to present on a new topic "Reverse Engineering Android Malware" for the Honeynet Project Security Workshop in Paris, France last week. My first part of the presentation, covered on introduction into APK, Dalvik and processes involve for Android app development into packaging in details. 

For the second part of the presentation, i focused on methods and tools for reversing android malware or app. When dealing with reverse engineering android app (or malware), it is an ideal goal to be able to have decompile code in Java (normally), but unfortunately, decompiling is hard!. :). So, an understanding on disassemble code for Dalvik is a good skill to have when dealing with reverse engineering on the Android platform.

The third part the presentation is a few cases studies on various Android malwares. The malware samples are SMS.Trojon, Geinimi, ADDR and DreamDroid. These are quite interesting samples. I sorted the case study samples from simple to intermediate level of complexity of the malwares. On Geinimi and DreamDroid, I demoed on how we can perform and reverse engineering on cryptography implemented within the malware samples. 

Honeynet Project already released my presentation slide. You can get it from here


The video for my presentation is published.

#The First Part of the Presentation

#The Second Part of The Presentation