Parsing the Unparsable: Turning Analyzers into Victims

Botconf 2024
2024-04-24 | 15:20 – 15:50

Yusuf Kocadas 🗣 | Furkan Er 🗣

While thinking about how to prevent statical analysis on our customers’ applications. I have found myself analyzing publicly available apk parsers on github. I have walked through a bunch of issues to see which apps have broken/crashed their parsers, and collected many of both legit and malicious apps. Then, I started to extract their peculiarities and commonalities. After working on these outputs. I dived into analyzing open source parsers and bumped into many issues and some of them turned out to be crucial security problems. Furthermore, some of these parsers are backbone of many security products. In this talk, I will share my findings and how to turn analyzers into victims.

Scroll to Top