intro

main.typ

@@ -71,7 +71,7 @@
     year: 2025,
     month: 12,
     day: 9,
-  ).display("[year]-[month]-XX"), //[day]"),
+  ).display("[year]-[month]-[day]"),
   jury-content: jury-content,
   university: "CS",
   keywords-en: keywords-en,

slides.typ

@@ -1,6 +1,21 @@
 #import "@preview/polylux:0.4.0": *
 #import "slides/lib.typ": *
 
+#import "@preview/codly:1.3.0": *
+#import "@preview/codly-languages:0.1.1": *
+#show: codly-init.with()
+#let default-codly = (
+  display-name: false, 
+  display-icon: false, 
+  zebra-fill: none, 
+  fill: luma(240),
+  radius: 1em,
+  inset: (y: 0.15em),
+  highlighted-default-color: highlight-color,
+  highlight-fill: it => it.lighten(40%), //highlight-color,
+)
+#codly-disable()
+
 #set text(lang: "en")
 #set list(marker: none)
 
@@ -32,6 +47,7 @@
   date            : datetime(year: 2025, month: 12, day: 9),
 )
 
+
 /*
 * Intro:
 * Dear jury, gentle people of the audience, here and online, thank you for your presence.
@@ -67,6 +83,8 @@
   #v(2em)
 ]
 
+#counter("logical-slide").update( n => n - 1 )
+
 #slide(
   foreground: ghost-4(x: 60%, y: 25%, rot: 45deg)
 )[
@@ -123,6 +141,208 @@
   #highlight-block(pb1-text)
 ]
 
+#slide(
+  title: [Obfuscation],
+  //foreground: eye-1(x: 95%, y: 85%, mirror: true)
+)[
+  #set list(marker: [-])
+
+  Applications might use *obfuscation* to either:
+
+  - protect their IP
+  - hide malicious behaviour 
+  
+  #v(1em)#uncover(2)[
+
+  We will focus on two techniques:
+
+  - *Dynamic Code Loading*
+  - *Reflection*
+  ]
+]
+
+#for i in range(4) {
+  if i != 0 {
+    counter("logical-slide").update( n => n - 1 )
+  }
+  show: yes-codly
+
+  slide(
+    title: [Obfuscation],
+    subtitle: if i == 0 [Example] else if i == 1 [Dynamic Code Loading] else if i in (2, 3) [Reflection] else { none },
+    foreground: eye-1(x: 95%, y: 85%, mirror: true)
+  )[
+    #if i == 0 {
+      codly(..default-codly)
+    } else if i == 1 {
+      codly(
+        highlighted-lines: (1, 5, 6, 7, 8),
+        ..default-codly
+      )
+    } else if i == 2 {
+      codly(
+        highlighted-lines: (2, 3),
+        highlights: (
+          (line: 10, start: 42, end: 59, fill: pirat-color.blue),
+          (line: 13, start: 3, end: 21, fill: pirat-color.blue),
+        ),
+        ..default-codly
+      )
+    } else if i == 3 {
+      codly(
+        highlighted-lines: (10,),
+        highlights: (
+          (line: 12, start: 14, end: 34, fill: pirat-color.blue),
+          (line: 15, start: 2, end: 19, fill: pirat-color.blue),
+        ),
+        ..default-codly
+      )
+    }
+    #scale(70%, reflow: true)[
+    ```java
+    String DEX = "ZGV4CjA [...] EAAABEAwAA";
+    String className = "W5f3 [...] 3sls=";
+    String methodName = "n6WGYJzjDrUvR9cYljlNlw==";
+  
+    ClassLoader cl = new InMemoryDexClassLoader(
+      ByteBuffer.wrap(Base64.decode(DEX, 2)), 
+      Main.class.getClassLoader()
+    );
+  
+    Class<?> loadedClass = this.cl.loadClass(decrypt(className));
+    Object obj = "FooBar";
+    Object ret = loadedClass.getMethod(
+      decrypt(methodName), 
+      String.class
+    ).invoke(null, obj);
+    ```]
+  ]
+}
+
+#counter("logical-slide").update( n => n - 1 )
+#slide(
+  title: [Obfuscation],
+  subtitle: [Deobfuscated],
+)[
+  #show: yes-codly
+  #codly(
+    skips: ((3, 10), (5, 10), (6, 10)),
+    ..default-codly
+  )
+  #scale(100%)[
+  ```java
+  public class Foo {
+    public static String bar(String arg) {
+    }
+  }
+      String ret = Foo.bar("FooBar");
+
+  ```]
+]
+
+#slide(
+  title: [Class Loading],
+)[
+  #set align(center)
+  #show: yes-codly
+  #grid(
+    columns: (2fr, 1em, 1fr),
+    scale(70%, reflow: true)[
+      #codly(
+        highlights: (
+          (line: 1, start: 0, end: 11, fill: pirat-color.blue),
+          (line: 1, start: 22, end: 43, fill: pirat-color.blue),
+          (line: 3, start: 14, end: 27, fill: pirat-color.blue),
+          (line: 6, start: 32, end: 40, fill: pirat-color.blue),
+        ),
+        ..default-codly
+      )
+      ```java
+      ClassLoader cl = new InMemoryDexClassLoader(
+        ByteBuffer.wrap(Base64.decode(DEX, 2)),
+        Main.class.getClassLoader()
+      );
+  
+      Class<?> loadedClass = this.cl.loadClass(decrypt(className));
+      ```
+    ], [], uncover(2, scale(70%, reflow: true)[
+      #codly(
+        ..default-codly
+      )
+      ```java
+      class A {
+        public static void foo() {
+          B b = new B();
+          b.bar();
+        }
+      }
+      ```
+
+      Where is the class loader?
+    ])
+  )
+]
+
+#counter("logical-slide").update( n => n - 1 )
+#slide(
+  title: [Class Loading],
+)[
+  #item-by-item[
+    - Used to select classes implementation
+    - More complexe than it looks
+    - Doubious documentation
+    - Not studied in the context of Android Static Analysis
+  ]
+]
+
+#counter("logical-slide").update( n => n - 1 )
+#slide(
+  title: [Class Loading],
+)[
+  #highlight-block(pb2-text)
+]
+
+#slide(
+  foreground: ghost-5(x: 10%, y: 7%)
+)[
+  #set align(center+horizon)
+  #grid(
+    columns: (1fr, 1fr),
+    gutter:  2em,
+    [
+      == Dynamic Analysis
+      #item-by-item[
+        - Run the application
+        - _See_ dynamically loaded bytecode
+        - _See_ reflection calls
+        - Limited by code coverage
+      ]
+    ],
+    [
+      == Static Analysis
+      #item-by-item(start: 5)[
+        - Do *not* run the application
+        - *Not* limited by code coverage
+        - Some values cannot be computed
+      ]
+
+    ],
+    grid.cell(colspan: 2, uncover(7)[
+      #text(size: 30pt)[Can we combine both?]
+    ]),
+  )
+]
+
+#slide[
+  #highlight-block(pb3-text)
+]
+
+#slide[
+  #highlight-block(pb1-text)
+  #highlight-block(pb2-text)
+  #highlight-block(pb3-text)
+]
+
 #new-section-slide([Tool Reusability])
 
 #slide[

slides/lib.typ

@@ -38,6 +38,37 @@ pirat-color.red,
   }
 ]
 
+#let highlight-color = pirat-color.blue.lighten(40%)
+
+/* don't work ? at least for raw block?
+#let scale-down-to-page(body) = {
+  layout(size => {
+    let size_body = measure(body)
+    let ratio = if size_body.width == 0pt and size_body.height == 0pt {
+      none
+    } else if size_body.width == 0pt {
+      size.height / size_body.height
+    } else if size_body.height == 0pt {
+      size.width / size_body.width
+    } else {
+      let r_x = size.width / size_body.width
+      let r_y = size.height / size_body.height
+      calc.max(r_x, r_y)
+    }
+    if ratio == none or ratio >= 1 {
+      body
+    } else {
+      scale(ratio * 100%, body)
+    }
+    repr(size)
+    linebreak()
+    repr(size_body)
+    linebreak()
+    repr(ratio*100%)
+  })
+}
+*/
+
 #let ghost(
   img, x: 0pt, 
   y: 0pt,