AMI : Take a picture of your app code using the new Android MRI Interpreter

Magnetic Resonance Imaging (MRI), a medical device, allows tomographic imaging of human organs and measurement of blood flow. Using these features, modern doctors can easily detect diseases without having to perform open surgery as in the past. If it were possible to perform tomography on the app's code through a simple procedure, such as taking a picture like an MRI without invasion the app's process, and trace the flow of data used within the code, it would be an effective way to find vulnerabilities. Therefore, this paper proposes a new OS (interpreter, runtime, kernel) that performs MRI functions based on Android 12. On this new Interpreter, the Android app takes a picture of the dalvik instruction and register value at runtime when the target (data or function) is used, generating a Control Flow Graph (CFG) that traces the target's forward and backward execution, providing an effective environment for analyzing the app and finding vulnerabilities. Furthermore, I will explain the vulnerabilities discovered in mobile apps using the developed OS.

 

About the Presenter: SungHyun Song

SungHyun Song is a security researcher at Financial Security Institute(FSI), in charge of mobile security for the financial Industry in Korea. He has experienced mobile security, reverse engineering, penetration test, and authentication mechanism for ten Years. Currently focusing on Linux kernel exploitation and Android OS. Also, he has participated in several international security conferences such as ITU-T, Black Hat USA/ASIA, Ekoparty, NULLCON, SEC-T, PacSec, HITCON, BlackAlps and beVX.

A profile picture of the presenter SungHyun Song.  A man wearing a dark blazer with a white open collar shirt. He has styled hair with black framed glasses.
Previous
Previous

An Insider's Perspective on Integer Overflow Vulnerabilities