Chip & System Security Testing 
Mobile & Backend Security Testing 
Our Company 
Blog
Contact us
eShard
/
escoaching
/
White Box Expert
Advanced

Breaking a White-Box implementation embedded in an Android Application (Hard Level)

This practical course targets an Android Application containing a native white-box library protected with device binding mechanisms. You will learn how to defeat these mechanisms to extract the white- box library, and how to execute and attack it to recover the secret key.

Covered Topics

What you will learn:

  • APK decompilation
  • Java code analysis
  • Identify the White-Box implementation
  • Create a launcher to execute the White-Box
  • Recover the White-Box key
  • Defeat Device Binding Protections
  • Understand how to compute the application cryptogram

Exercises

Attack a White-Box implementation embedded in an Android payment application. You will have to recover the PIN code and the White-Box key to understand how to generate a correct payment cryptogram. This application is protected with device binding mechanisms.

Requirements

  • Native code analysis
  • Basic ARM Assembly language
  • Basic knowledge in side-channel analyses
  • Execute/Trace a binary (module WBC.1)
Contact us

Practical information

Overall duration: 1-day if in-person / flexible duration if online.

Schedule: 9am-1pm - 2pm-6 pm CET (in-person)

Number of trainees: 1 max.

Our Coaches

Guillaume
Vinet
CopyRights eShard 2023.
All rights reserved
Privacy policy | Legal Notice
SECURITY TESTING SOLUTIONS
Side Channel AnalysisLaser & EM Fault InjectionFirmware Security AnalysisSecurity Failure AnalysisVulnerability ResearchMAST: Mobile Application Security Testing