During this talk I demonstrate how to use purely native code as an obfuscation technique in Android. Together, we rewrite a standard Android Java applicaiton in C++ and remove all traces of the entrypoint. We even mask our Android framework API calls by using direct Binder invocations and messages.
- DirectBinderInvocations.zip
- Examples in Java and C++ for direct Binder invocations of dial() method
- PurelyNativeEmpty_Source.zip
- Example purely native empty application
- AnubisBenignPurelyNative.zip
- Purely native application based on benign fake Anubis sample
- Password: infected1
- JADX
- Android Studio
- Make sure the NDK is installed Install and configure the NDK and CMake
- Ghidra
- Android samples soure code
- Android framework NativeActivity class
- Rawdrawandroid