1
00:00:00,600 --> 00:00:02,970
‫Instructor: Hi, within this lecture we are going

2
00:00:02,970 --> 00:00:07,970
‫to see what happens if we use JDX on an obfuscated APK

3
00:00:08,190 --> 00:00:11,250
‫like we created within the previous one,

4
00:00:11,250 --> 00:00:13,050
‫previous lecture, okay?

5
00:00:13,050 --> 00:00:15,780
‫So over here I'm gonna open my terminal

6
00:00:15,780 --> 00:00:18,600
‫and make sure you're on Cali if you're on Windows

7
00:00:18,600 --> 00:00:21,353
‫because we want to use JDX one more time

8
00:00:21,353 --> 00:00:26,353
‫and make sure you're on the same page with your own APK.

9
00:00:26,610 --> 00:00:30,770
‫And I'm going to use both APK tool and JDX one more time

10
00:00:30,770 --> 00:00:34,711
‫in order to see if there is something changing

11
00:00:34,711 --> 00:00:38,460
‫with the app when we use APK tool.

12
00:00:38,460 --> 00:00:43,393
‫So I actually executed APK tool D app released APK

13
00:00:44,340 --> 00:00:49,320
‫as we did before and now I'm going to execute JDX as well.

14
00:00:49,320 --> 00:00:52,710
‫So I remember JDX, we use dash D

15
00:00:52,710 --> 00:00:57,710
‫and then some kind of folder name like JDX D compile

16
00:00:57,750 --> 00:01:02,750
‫and then the app name itself like this, app release dot APK.

17
00:01:03,090 --> 00:01:05,850
‫If you hit enter it'll decompile it

18
00:01:05,850 --> 00:01:08,190
‫in a way that we have seen before.

19
00:01:08,190 --> 00:01:13,190
‫However, if you want to de-obfuscate an obfuscated APK

20
00:01:14,370 --> 00:01:17,957
‫then you should add a new parameter.

21
00:01:17,957 --> 00:01:21,750
‫And if you search for JDX help

22
00:01:21,750 --> 00:01:24,720
‫then you can see that parameter over here.

23
00:01:24,720 --> 00:01:28,230
‫As you can see there is a D obf parameter

24
00:01:28,230 --> 00:01:32,040
‫and it activates the D obfuscation.

25
00:01:32,040 --> 00:01:35,834
‫So within this case I believe we will get better results

26
00:01:35,834 --> 00:01:38,220
‫if we use that option.

27
00:01:38,220 --> 00:01:42,666
‫So I'm going to delete this and I'm going to run JDX D,

28
00:01:42,666 --> 00:01:47,295
‫JDX D compile app release dot APK one more time

29
00:01:47,295 --> 00:01:52,295
‫but adding D obf at the end like this with two dashes.

30
00:01:53,370 --> 00:01:55,020
‫So it will do the same thing

31
00:01:55,020 --> 00:01:57,630
‫but it'll activate the obfuscation.

32
00:01:57,630 --> 00:02:01,590
‫Sometimes it succeeds, sometimes it doesn't succeed

33
00:02:01,590 --> 00:02:06,590
‫it just tries to do its best to de-obfuscate the encryption

34
00:02:06,930 --> 00:02:10,590
‫and we will see the results in a minute, right?

35
00:02:10,590 --> 00:02:13,454
‫So let me open the APK tool again

36
00:02:13,454 --> 00:02:17,383
‫and see if there is something changing

37
00:02:17,383 --> 00:02:20,620
‫like let me open the Android manifest.

38
00:02:20,620 --> 00:02:23,820
‫And as you can see in the Android manifest

39
00:02:23,820 --> 00:02:25,930
‫we still get the same result.

40
00:02:25,930 --> 00:02:29,520
‫Like we can still see the platform settings

41
00:02:29,520 --> 00:02:32,520
‫like minimum SDK, compile SDK,

42
00:02:32,520 --> 00:02:35,463
‫icon activity names and stuff.

43
00:02:35,463 --> 00:02:39,245
‫We still get the res and everything over here.

44
00:02:39,245 --> 00:02:42,240
‫We still have this smali folder.

45
00:02:42,240 --> 00:02:44,340
‫It's a little bit obfuscated

46
00:02:44,340 --> 00:02:47,550
‫like we don't see the folder names.

47
00:02:47,550 --> 00:02:50,054
‫Now we see some kind of folder names

48
00:02:50,054 --> 00:02:55,054
‫but also we have this A and B folders, which is nonsense.

49
00:02:55,500 --> 00:03:00,500
‫And we have the smali MD main activity dot smali file

50
00:03:01,560 --> 00:03:03,180
‫like we did before.

51
00:03:03,180 --> 00:03:06,060
‫Now if I try to open this

52
00:03:06,060 --> 00:03:10,983
‫with Genie or any other script editor like this

53
00:03:11,910 --> 00:03:16,380
‫then I will get the Dalvik bytecode.

54
00:03:16,380 --> 00:03:18,120
‫And if you look closely

55
00:03:18,120 --> 00:03:21,254
‫you will see the same things that we have seen before.

56
00:03:21,254 --> 00:03:23,755
‫Even though it's obfuscated

57
00:03:23,755 --> 00:03:28,410
‫it's still Dalvik bytecode because it's transformed

58
00:03:28,410 --> 00:03:31,041
‫from the Java source code to Dalvik bytecode.

59
00:03:31,041 --> 00:03:34,080
‫So it really doesn't affect much.

60
00:03:34,080 --> 00:03:37,440
‫So I can zoom in and see it in a better way.

61
00:03:37,440 --> 00:03:41,970
‫Maybe we can't see some kind of different stuff over here

62
00:03:41,970 --> 00:03:44,602
‫but they will be minor differences.

63
00:03:44,602 --> 00:03:48,840
‫Okay, so not major differences.

64
00:03:48,840 --> 00:03:51,090
‫We can still see the text view definitions

65
00:03:51,090 --> 00:03:52,980
‫we can still see the strings.

66
00:03:52,980 --> 00:03:55,260
‫That's exactly what we were looking

67
00:03:55,260 --> 00:03:58,590
‫for before and now we can see them again.

68
00:03:58,590 --> 00:04:03,590
‫So in Dalvik bytecode, of course you got affected

69
00:04:03,870 --> 00:04:06,540
‫by the obfuscation but not so much

70
00:04:06,540 --> 00:04:09,720
‫as you would get out of JDX, okay?

71
00:04:09,720 --> 00:04:13,110
‫So make sure you used both tools

72
00:04:13,110 --> 00:04:17,370
‫before you go ahead and try to decompile everything

73
00:04:17,370 --> 00:04:21,480
‫with JDX or with only APK tool.

74
00:04:21,480 --> 00:04:23,460
‫For example, you can see the strings

75
00:04:23,460 --> 00:04:28,130
‫you can see the other values over here again

76
00:04:28,130 --> 00:04:30,720
‫so that's all for APK tool.

77
00:04:30,720 --> 00:04:33,390
‫Let's go and look for JDX.

78
00:04:33,390 --> 00:04:35,160
‫So open the sources folder

79
00:04:35,160 --> 00:04:39,990
‫and you will see the same folder that we have seen before.

80
00:04:39,990 --> 00:04:43,260
‫And now try to open main activity dot java

81
00:04:43,260 --> 00:04:45,363
‫with Genie one more time.

82
00:04:46,230 --> 00:04:50,070
‫Now if you look at the codes

83
00:04:50,070 --> 00:04:53,790
‫you will see some of the codes again.

84
00:04:53,790 --> 00:04:56,802
‫So let me zoom in and you will see what I mean.

85
00:04:56,802 --> 00:05:00,450
‫Let me zoom in a little bit more like this.

86
00:05:00,450 --> 00:05:01,560
‫Here we go.

87
00:05:01,560 --> 00:05:04,977
‫Now we see the codes like we did before.

88
00:05:04,977 --> 00:05:08,976
‫They're kind of obfuscated, they're kind of encrypted

89
00:05:08,976 --> 00:05:13,590
‫but since there is little code over here like few lines

90
00:05:13,590 --> 00:05:17,880
‫of codes, then we cannot understand the obfuscation.

91
00:05:17,880 --> 00:05:21,960
‫We cannot actually see it in a proper way.

92
00:05:21,960 --> 00:05:23,400
‫This is good for hackers.

93
00:05:23,400 --> 00:05:26,040
‫We can still see the things

94
00:05:26,040 --> 00:05:29,010
‫but as you can see some of the things that we cannot see

95
00:05:29,010 --> 00:05:31,320
‫like it's important sub class

96
00:05:31,320 --> 00:05:32,850
‫but we don't know what it is.

97
00:05:32,850 --> 00:05:35,430
‫It's kind of gibberish right now to us.

98
00:05:35,430 --> 00:05:40,260
‫And we can see it still uses layout activity main

99
00:05:40,260 --> 00:05:42,840
‫it still uses some text views and it still

100
00:05:42,840 --> 00:05:46,626
‫changes some text using that set text method.

101
00:05:46,626 --> 00:05:49,569
‫And we still see the majority of the codes

102
00:05:49,569 --> 00:05:53,460
‫but some of them are encrypted.

103
00:05:53,460 --> 00:05:56,850
‫So if we had a longer code,

104
00:05:56,850 --> 00:06:01,306
‫if we had a longer application like a game or a big project

105
00:06:01,306 --> 00:06:05,970
‫then it would look a little bit different

106
00:06:05,970 --> 00:06:10,026
‫because much more will be encrypted in this case.

107
00:06:10,026 --> 00:06:11,340
‫And we're going to see

108
00:06:11,340 --> 00:06:14,130
‫that within the following lecture, believe me.

109
00:06:14,130 --> 00:06:18,681
‫But right now you see the effects of using pro guard.

110
00:06:18,681 --> 00:06:21,000
‫So make sure you use pro guard

111
00:06:21,000 --> 00:06:23,490
‫if you are a developer and if you're a hacker

112
00:06:23,490 --> 00:06:26,670
‫if you're an ethical hacker concentrating

113
00:06:26,670 --> 00:06:29,730
‫on mobile applications, you will see what to

114
00:06:29,730 --> 00:06:32,600
‫do when you deal with an obfuscated game

115
00:06:32,600 --> 00:06:37,323
‫or deal with an obfuscated application within the next one.