Advanced
Breaking a White-Box implementation embedded in an Android Application (Hard Level)
This practical course targets an Android Application containing a native white-box library protected with device binding mechanisms. You will learn how to defeat these mechanisms to extract the white- box library, and how to execute and attack it to recover the secret key.
Covered Topics
What you will learn:
- APK decompilation
- Java code analysis
- Identify the White-Box implementation
- Create a launcher to execute the White-Box
- Recover the White-Box key
- Defeat Device Binding Protections
- Understand how to compute the application cryptogram
Exercises
Attack a White-Box implementation embedded in an Android payment application. You will have to recover the PIN code and the White-Box key to understand how to generate a correct payment cryptogram. This application is protected with device binding mechanisms.
Requirements
- Native code analysis
- Basic ARM Assembly language
- Basic knowledge in side-channel analyses
- Execute/Trace a binary (module WBC.1)
2000€
Practical informations
Overall duration: 1-day if in-person / flexible duration if online.
Schedule: 9am-1pm - 2pm-6 pm (in-person)
Number of trainees: 1 max.
Our Coaches
Guillaume
Vinet
© eShard 2021. All rights reserved
Bâtiment GIENAH
11 avenue de Canteranne
33600 Pessac
France
eShard Nudge
7 rue Gaston de Flotte
13012 Marseille
France
eShard GmbH
Beethovenallee 21
53173 Bonn
Germany
Paya Lebar Quarter
#04-01 Paya Lebar Link
408533
Singapore