Description: Fino is a brand new tool we designed to perform dynamic android applications analysis in a pythonic and scriptable way. We ended up with a very powerful tool, allowing any reverse-engineer to remotely control any android application, from its main component (user interface) to every internal and obscure class. This talk focuses on how Fino may makes the Android reverse-engineer's life easier and to use it to perform effective and powerful assessments on Android applications.
Summary of research:
We recently presented and released a tool called Fino during the 29C3 event last December, which allows to dynamically and remotely interact with android applications by injecting a small piece of code into them. We focused our presentation on how we designed this tool and quickly showed some cool features is provides us with.
Fino is a brand new (and young) tool providing many ways to remotely interact with a target application installed on a smartphone or even in an emulator, and also a dedicated Python API. Android applications may be scripted, internal components remotely instanciated and used in a pythonic way and much more. With Fino, no need to understand how a protocol was designed and used by the application (and the remote server), just reuse the core components implemented in the application itself to get a working client in order to fuzz the server. With Fino, even text string obfuscation is useless since the methods retrieving the clear text strings may be called directly. Fino is a great and powerful tool to perform dynamic analysis of android applications from a connected computer and to automate the whole process.
This talk will not focus on the tool itself (even if Fino will be shortly presented) but more on the practical aspects of this tool from a reverse-engineer's point of view. That is, we will demonstrate this tool may be used when performing Android application assessments, how this tool may help the reverse-engineer to solve some of the recurrent problems he encounters during his assessments and eventually how to improve the tool itself to fit his needs.
For More Information Please Visit : - https://www.hackinparis.com/talks-2013
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.