Platform for Experts 
Reconciling how and how in a single and collaborative platform empowering experts.
SOLUTIONS

  • > Side Channel Analysis

    Ready-to-use side channel tools to assess cryptography algorithms.

  • > Laser & EM Fault Injection

    Make sure your chip withstands different techniques of physical fault injections.

  • > Firmware Security Analysis

    Qualify embedded code binaries without physical devices and benches.

  • > Security Failure Analysis

    Photoemission analysis to explore internal information in a chip.

  • > Vulnerability Research

    Dynamic analyses at a system level for investigating potential vulnerabilities.

TECHNOLOGIES

  • > Data Science Platform

    esDynamic is a complete data focused platform to leverage the know-how of your team for complex analyses.

  • > esFirmware Engine

    Assess the security of the firmware of IoT devices against logical and physical attacks.

  • > REVEN Engine

    Record and replay vulnerability researches within reverse engineering processes and tools.

PROFESSIONAL SERVICES

  • > Cybersecurity Training

    Grow your expertise with training modules driven by a coach.

Mobile & Backend Security Testing 
⬇️ Get the full report of the Security Benchmark of the Top 100 European Banking Apps.
EXPERTISE

  • > Mobile App Security

    Know the threats and risks of your Mobile App.

  • > DevSecOps

    Integrate the security protections verification in your CI/CD pipeline.

SOLUTIONS

  • > Automated Mobile App Security Testing

    esChecker SaaS: automating the security testing of your mobile app binary.

  • > Mobile App Penetration Testing

    Testing the resiliency of your Mobile App, SDK or RASP tool.

  • > Backend Penetration Testing

    Testing the resiliency of your Web App, API or Backend Systems.

PROFESSIONAL SERVICES

  • > Coaching for Mobile App Developers

    Providing insights into the mobile app threats and how attackers work by a learning-by-doing approach.

Our Company 
October is Cybersecurity Awareness Month - and our team of Software Security will be at a few events.
OUR COMPANY

  • > Our offices

  • > Events

CARREERS

  • > Meet our experts

  • > Open positions

    Join our team!

FOLLOW US
Blog
Contact us
eShard
/
escoaching
/
White Box Expert
Advanced

Breaking a White-Box implementation embedded in an Android Application (Hard Level)

This practical course targets an Android Application containing a native white-box library protected with device binding mechanisms. You will learn how to defeat these mechanisms to extract the white- box library, and how to execute and attack it to recover the secret key.

Covered Topics

What you will learn:

  • APK decompilation
  • Java code analysis
  • Identify the White-Box implementation
  • Create a launcher to execute the White-Box
  • Recover the White-Box key
  • Defeat Device Binding Protections
  • Understand how to compute the application cryptogram

Exercises

Attack a White-Box implementation embedded in an Android payment application. You will have to recover the PIN code and the White-Box key to understand how to generate a correct payment cryptogram. This application is protected with device binding mechanisms.

Requirements

  • Native code analysis
  • Basic ARM Assembly language
  • Basic knowledge in side-channel analyses
  • Execute/Trace a binary (module WBC.1)
Contact us

Practical informations

Overall duration: 1-day if in-person / flexible duration if online.

Schedule: 9am-1pm - 2pm-6 pm (in-person)

Number of trainees: 1 max.

Our Coaches

Guillaume
Vinet
CopyRights eShard 2022.
All rights reserved
Privacy policy | Legal Notice
PLATFORM FOR EXPERTS
Side Channel AnalysisLaser & EM Fault InjectionFirmware Security AnalysisSecurity Failure AnalysisVulnerability Research
SOLUTIONS FOR IC
Data Science PlatformesFirmware EngineREVEN Engine
MOBILE APP SECURITY TESTING
Automated Mobile App Security TestingPenetration Testing for Backend and WebAppPenetration Testing for Mobile ApplicationsDevSecOps
PROFESSIONAL SERVICES
Cybersecurity Training
COMPANY
About usJoin our team!EventsBlog