This is a live recording of a talk I gave at DEFCON (DC615) Nashville. The presentation explores how translating Java code into Native code thwarts many AV detections.
First, I go over a live example of translating Android Java code into Native code, and we watch the changes in AV detections. Later in the presentation, I examine some techniques of how a reverse engineer could analyze a sample with native code.
If you would like to follow along, the slides, tools, as well as example code is hosted on my github page here:
https://github.com/LaurieWired/AndroidNativeObfuscation_defcon615
Timestamps:
00:00 Introduction / Background
09:02 Anubis Java Code
16:08 Developing Native Cpp Code
19:57 Choosing the Method
22:30 Declaring a Native Method
24:40 Translating to Native
44:45 AV Detections
46:30 Reverse Engineering Native Code
49:07 Ghidra
54:03 Finishing Up / Real World Use
---
laurieWIRED Twitter:
https://twitter.com/lauriewired
laurieWIRED Github:
https://github.com/LaurieWired
laurieWIRED Website:
http://lauriewired.com/
laurieWIRED HN:
https://news.ycombinator.com/user?id=lauriewired
laurieWIRED Reddit:
https://www.reddit.com/user/LaurieWired
10 Comments