In last year's session "Build a strong and easy-to-use mobile app security product", we introduced some approaches to implementing packing service (or packer). Today, more and more Android developers use packers to protect their source code against being reverse-engineered or modiﬁed. However, the packing techniques are usually used by malware to prevent detection or analysis by anti-virus. Although there are already many unpacking approaches, they all need to be carried out on rooted or custom ROM devices. Moreover, many packers crash apps on rooted or custom ROM devices to prevent unpacking.
In this session, we will propose a novel unpacking approach. We will start by implementing a virtual space with the capacity of unpacking packers on non-rooted and factory ROM devices, and then launch samples that are packed by a commercial packer in the virtual space. Finally, the virtual space will unpack sample apps packed by the packer, and recover all protected Dex ﬁles.
Jason Wang is a senior security engineer of Fourdesire, he is focusing on research reverse engineering, mobile app penetration testing and mobile app security protection. In response to the government's independent R&D policy, he is working hard to build Taiwan's first independent R&D product for app security.
Education & Experience:
Speaker of CYBERSEC 2019
Speaker of CSA Taiwan Summit 2017
Security Consultant of Digicentre
Security Engineer of Gamania
Bachelor Degree from Department of Applied Mathematics, NCTU
Patent & Certification:
Protective system of program code, No.M553450, ROC (Taiwan)
EC-Council Certified Ethical Hacker (CEH)