Keith Makan
Keith Makan is an experienced cybersecurity consultant and researcher with a strong history of helping clients around the world manage information security risks. He is the co-founder of SonarSentry B.V. a cybersecurity startup based in the Netherlands. Keith is also a published author, having written "The Android Application Security Cookbook" and "Penetration Testing with the Bash Shell,". His security research contributions include identifying vulnerabilities in widely used software like Google Chrome. Recently, he completed his MSc in Computer Science, focusing on automated vulnerability analysis in binary formats.
Session
Android Java Native Interface (JNI) provides a means to bridge the Java and C/++ world. While the Java Bytecode is relatively straightforward to decompile and analyse, these compiled JNI libraries (.lib, .so files) have pretty much been left in the shadows, especially with regards to reverse engineering broader aspects of the JNI API. This lack of vision on JNI Binary-fu, is a significant hurdle for security researchers and reverse engineers. Binaries can house sensitive logic, custom encryption algorithms, or even malware, making their analysis crucial for a comprehensive security assessment.
The talk presented here aims to shed some light on practical methodologies to reverse engineer and even automate vulnerability assessment for Android's JNI Libraries. Security Researchers and anyone looking to expand their Android mobile security assessment skill set should give this talk a listen.