# Dynamic Binary Instrumentation ## Why? * Requests to APIs are further encrypted or signed or MITM is not available. * MITM and packet sniffers are useless. * Application has obfuscated values in RAM, created dynamically, and received from the network. * Static analysis and Decompilation are useless. * Code is loaded dynamically with objects received. * Static analysis and Decompilation will have no code to analyze. * Many values are hard coded (keys, urls…). * Patching takes too long and becomes expensive. Custom Signatures are used. ``` POST /login HTTP/1.1 Host: social.io Proxy-Connection: keep-alive Content-Length: X Accept: text/html, application/xhtml- xml,application/xml;q=0.9,image/webp,*/*,q=0.8 Origin: http://social.io Content-Type: application/x-www-form-urlencoded Cookie: SessionId=O+qxnaYZLjpnLwHBcKmRcTexTWk= username=john&password=xpto&signature=2rf+roJPEdCOSL0XXusHBcA0BGk= ``` Data is encrypted. ``` POST /login HTTP/1.1 Host: social.io Proxy-Connection: keep-alive Content-Length: X Accept: text/html, application/xhtml- xml,application/xml;q=0.9,image/webp,*/*,q=0.8 Origin: http://social.io Content-Type: application/x-www-form-urlencoded Cookie: SessionId=O+qxnaYZLjpnLwHBcKmRcTexTWk= authData=3NH71S+7P8YeafgnBvXzJ1RzJdXm51VNPQYMWFiIMl8ZNr7+vGDNTcms8LHDUaC/lK2xRF/L bPMwQ0pB+ZyB6PfYNaf5fIh/IGdlQZJrgXXgDDT7Mn2d259vzcdmBA3pJ04cLxGNnLSvdorYF+mLN7yik zEagUWGfQe1nYzu3OT3947kqSORQuc4PTzuFKUXlolCcuVYvr5gt6ykfk9ACGVwyywGBG3OeFxNKi0kme iBYxB8EJlmCF/xojM59gcGDv61ytidhVs= ``` ## Other purposes * Retrieving a call flow. * Map which methods are used, and what is the actual code execution flow. * Identify arguments of Android API methods. * Log traffic and calls. * Allows intercepting data even with encrypted connections. * Interception happens before data is encrypted. * Modify arguments of Android API methods. * Fuzzing. * Filter/modify data to trigger additional behaviour. * Trigger custom events. * Circumvent protections to enable further analysis. * The application is obfuscated and it is difficult to obtain the actual algorithm. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://davidjosearaujo.gitbook.io/notes-mcs/reverse-engineering/android-dynamic-analysis/dynamic-binary-instrumentation.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.