Have you ever been worried about wasting time to make single-use hook in order to deobfuscate an Android app ? Instrumentation techniques often require prior static analysis or a known generic method, and a lot of code to read. Would you like to generate dozens of hooks, to gather the data and to sort it with a single click ? Dexcalibur is a new tool with a GUI and an API, built on top of several tools (Frida, Baksmali, LIEF, Capstone, Smali VM, …). It provides a way to explore a generated view of the application built from static analysis (of the flat files and intercepted files at runtime) and data gathered from several instrumentation sessions. The idea : reduce your reverse time, enhance your security analysis.
In this talk I will explain how Dexcalibur mixes static analysis, file analysis, and DBI in order to build a more complete view of the application.
Georges is a software security engineer working at Thales. His passion is to develop new Android reverse engineering toolbox and to search for vulnerabilities. He loves (de)obfuscation, Android, TEE and browser exploitation.