Abstract:
Cryptographic algorithms are used in number of applications to provide different security services. Correctness of algorithm and their implementation is a question in the face of today's threat perspective. In the situation where companies are involved in manipulating the security algorithms, it becomes important that code used for providing security is analyzed for its correctness before they are being used. For open source applications, the subject analysis is possible but for proprietary applications and devices user has to trust the respective company. In recent years, some work can be found in the direction of reverse Engineering for the analysis of algorithms in researches as well as by companies. Reverse Engineering process involves disassembling the Binary code. Binary code of applications can be reverse engineered to get the working information, which can then be modified according to the requirements. Moreover, these can be tested for conformance that they are working according to expectations or otherwise. This research will focus on the disassembly and de-compilation of Cryptographic application to get the code. Then the decompiled code obtained can be used to analyze the correctness of implemented cryptographic algorithms and key management system. A solution is proposed in this research in which once we have the apk file we use ApkTool to decode the apk. Then extract the java code from the jar file. Now the next challenge is to get to the right code from thousands of java files, for this we introduced a tool “Crypto Surveillance” which in return give us only the files in which crypto code potentially exists, Then the code obtained can be used to analyze the correctness of implemented cryptographic algorithms and key management system. The second approach used in this research is using reflection API provided by java.it is useful in case when decompiled source code is not available and we have to work on .class files
