Binary Protections

Java and Kotlin are strictly typed programming languages, and in most cases are immune to stack overflow vulnerabilities. The exception is when the application includes library files that are written in C/C++, which then opens the overflow window. These files should be checked for proper stack canaries.

Extract the APK file

The $BINARY that is used in the examples below refers to the main app executable file.

apktool d -o Example ExampleApp.apk
cd Example/lib/{arch}

Stack Protection

Android applications can include external libraries written in C/C++ which can suffer from the same buffer overflow vulnerabilities as traditional C/C++ code. All shared libraries should be in a single 'lib' directory in the application's output when decompiled with apktool.

After decompilation with apktool, shared object libraries can be in <outdir>/lib/<arch>
Each library properly protected should match the output of the following grep command. If not, stack protection is not present:
```
cd <lib dir>
for o in `ls`; do echo && echo && echo $o: && strings $o | grep stack_chk; done
```
Additionally, you could use Radare2 to check for proper stack protections:
```
rabin2 -I ${LIBRARY} | grep canary
```

Extract the APK file​

Stack Protection​

Extract the APK file

Stack Protection