Presentations - Android Packers: Separating from the Pack

  • Location: Security Dome
  • Speaker: Ruchna Nigam
  • Date and time: 11. October 2014. 11:20 - 12:05

By definition, packers are wrappers put around pieces of software to compress and/or obfuscate their contents.

In the context of Android applications, packers were introduced with the intention of providing protection for legitimate applica- tions from modifications and tampering. The flipside of the coin is that the same functionality can be used by malware authors to their advantage, making reverse engineering of malware difficult for the analyst.
The packers discussed in this talk - Bangcle and ApkProtect - rely on encrypted code in DEX files that the application loads using native code in shared libraries during runtime. This method, along with the anti-debugging tricks employed, render static analysis pretty much ineffective and dynamic analysis tricky.
The talk chronicles my (mis)adventures with reverse engineering applications packed using these packers. It ends with an assess- ment of the extent of packed malware in the wild and the implications this could have for AV vendors.


Sponsors:

Gold
Gold
Gold
Silver
Silver
Silver
Silver
Silver
Silver
Bronze
JOB
Technical