AppVeil Milestone 1 Presentation by Joey Berringer and Iordanis Fostiropoulos

Goals of this Milestone The goals of this milestone have been to: ●

Research

●

Design

●

Document

●

Develop

Research A project of this nature requires a lot of research to determine the feasibility of the features and the approaches attempted. During this phase, we researched and determined which solution best fits the project at hand. We investigated how to manipulate Android APK files and learned how Android’ s Dalvik Bytecode is encoded.

Design After researching an overall design of the application was created and how it is expected to work.

Mockup Design - Main Page

Mockup Design - APK Install

Mockup Design - Permissions

Mockup Design - Log Files

Mockup Design - Main Page

Document Features Summary: User interface to patch apps and view log data Patching mechanism which modifies target apps Patched-in code that blocks access to certain features Patched-in code that records logs of feature accesses

Modifying APKs ●

Extract (unzip) classes.dex from the APK

●

Tweak dex file as needed ○

Use dexdump and docs to help understand dex files

●

Zip the modified dex file back into the APK

●

Compute SHA-1 checksum of the APK

●

Resign the APK with our own RSA key (jarsigner)

●

Use zip alignment on the APK (zipalign)

Modifying APKs - Example

Modifying APKs - Example $ mkdir demo1 $ cd demo1 $ wget https://f-droid.org/repo/org.droidparts.battery_widget_201205220.apk $ mkdir widget $ cd widget $ unzip ../*.apk $ build-tools/dexdump -d classes.dex > dump.txt $ less dump.txt $ tweak classes.dex $ zip -r ../battery1.apk classes.dex AndroidManifest.xml resources.arsc res $ cd .. $ keytool -genkey -v -keystore appveil.keystore -alias myalias \ -keyalg RSA -keysize 2048 -validity 10000 $ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 \ -keystore appveil.keystore battery1.apk myalias $ build-tools/zipalign -v 4 battery1.apk battery2.apk $ platform-tools/adb start-server $ platform-tools/adb install battery2.apk

Modifying APKs - Example Hex diff: classes.dex -++ -++

00000000 00000000 00001e30 00001e30

64 64 1a 1a

65 65 05 05

78 78 bf bf

0a 0a 01 01

30 30 6e 6e

33 33 30 30

35 35 21 21

00 00 00 00

ef fc 59 59

f0 f0 06 06

fa 47 0a 0a

3e c9 03 03

b6 b6 12 12

ca ca 01 01

Dalvik instruction diff: -- 001e3e: 3a02 0800 ++ 001e3e: 2920 0800

|001b: if-ltz v2, 0023 // +0008 |001b: goto/16 0023 // +0008

Java source snippet: int level = 0; if (rawlevel >= 0 && scale > 0) { level = (rawlevel * 100) / scale; } mBatteryChargeLevel = level;

39 39 3a 29

23 23 02 20

|dex.035....>..9#| |dex.035...G...9#| |....n0!.Y.....:.| |....n0!.Y.....) |

Questions