2022 INTERNSHIPS With the creators of ProGuard - Guardsquare
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
2022 INTERNSHIPS With the creators of ProGuard
INTERNSHIPS
All of the following positions are within the “iXGuard” and “DexGuard”
teams, some of them focus on improving in-house tooling while others
set the first steps towards future obfuscation and analysis techniques.
You will work as a member of the team reporting on your progress in
our weekly meetings and having a lot of opportunities to learn more
about compilers, obfuscation, code analysis, Java and Java bytecode, the
C++ language, reverse engineering, the LLVM compiler framework, etc.
jobs@guardsquare.com www.guardsquare.com/careers
2AVAILABLE POSITIONS
Implement LLVM obfuscation transformations 4
GPU based obfuscation 5
State of the art opaque predicates 6
Realistic looking name generation 7
Test engineer 8
Assembler Kotlin metadata support 9
Easier ProGuard desktop/server app integration 10
Open source framework for application post-processin 11
Symbolic execution with SMT solvers 12
JavaScript analysis 13
Visualization of elements of Android applications 14
Reflection reconstruction 15
IDE plugin 16
Detection of outdated libraries 17
Large scale analysis 18
Obfuscation detection 19
Yet another app with security issues 20
Performance analysis 21
31+ MONTHS
Implement LLVM
obfuscation transformations
The LLVM compiler framework and its pass system makes it very easy to
add additional code transformations to the clang compiler. While these
transformations usually optimize or instrument code they can be used
for different purposes, e.g. obfuscation of code.
This internship will focus on extending the obfuscation techniques avail-
able in iXGuard through LLVM passes. You will have to both research
and implement additional techniques.
PROFILE
• A general understanding of the compilation process
• Ability to independently perform structured research
• C++ experience
ASSIGNMENT
Write an LLVM ModulePass that prints the function names encountered
in a program. Test the pass with opt.
jobs@guardsquare.com www.guardsquare.com/careers
4GPU based obfuscation 2+ MONTHS
As mobile phones keep increasing in computational abilities, they have
more powerful and efficient graphics capabilities through dedicated
GPUs. Interacting with the GPU requires specific tooling for both writing
code as well as debugging and inspecting it. This means there is obfus-
cation potential that can be leveraged to further diversify our obfusca-
tion techniques.
In this internship you get the opportunity to research various obfusca-
tion ideas that would leverage the GPU, as well as implement them into
a prototype.
PROFILE
• An understanding of the GPU’s computational model
• Ability to independently perform structured research into a topic
• C++ experience
ASSIGNMENT
Write an algorithm in C that you compile into a GPU kernel, show us you
executed it on the GPU of your machine.
5State of the art 1.5+ MONTHS
opaque predicates
Opaque predicates are expressions that will evaluate to a known val-
ue, but still have to be evaluated at runtime for one reason or another.
These opaque predicates are the building blocks for several obfuscation
techniques. However, modern static analyzers in combination with sym-
bolic execution are becoming very effective in removing “naïve” opaque
predicates.
There are several ways to create more resilient opaque predicates that
would be harder to remove through symbolic execution. The goal of this
internship is to implement some state of the art opaque predicates with
LLVM, based on the various available research papers.
PROFILE
• Ability to independently perform structured research into a topic
• Interest in automated reverse engineering
• Interest in symbolic execution
• C++ experience
ASSIGNMENT
Write a simple C program that prints a value. Then write an LLVM Func-
tionPass that modifies the value that will be printed by the compiled
program. Use the opt tool to execute your FunctionPass on the small C
program.
jobs@guardsquare.com www.guardsquare.com/careers
6Realistic looking 1+ MONTHS
name generation
An important part of obfuscation is changing semantically rich identifiers
to random names, for example: function names, variables, classname
etc. The obfuscation can be made less obvious by using realistic looking
names instead of random gibberish.
In this internship you implement techniques to generate identifiers that
are realistic looking and look like they could have been written by a real
developer. This can be achieved by aggregating data from real world
projects, using markov chains, neural networks or any other relevant
NLP techniques.
PROFILE
• C++ experience
ASSIGNMENT
Write a C++ program that takes as input: a maximum length and an
arbitrary collection of strings. The output of the program should be 10
newly generated strings based on the input strings, and not exceeding
the maximum length given. You can be creative with the algorithm used
to generate the strings.
7Test engineer 1+ MONTHS
Any successful software project requires a ton of automated testing.
DexGuard & iXGuard is currently being tested on several different levels
all of which could be extended.
This internship will focus on extending our test suite both in size and
depth. You will not only test our software on various open source proj-
ects but also create some scripts to display the change in effectiveness
and try new approaches like e.g. fuzzing our inputs.
PROFILE
• Attention to detail and a knack for finding edge cases
• Android application development knowledge
ASSIGNMENT
Create a simple, single screen Hello Guardsquare Android application
with a button.
jobs@guardsquare.com www.guardsquare.com/careers
8Assembler Kotlin 1+ MONTHS
metadata support
The ProGuard Assembler and Disassembler can assemble and disas-
semble Java class files:
https://github.com/Guardsquare/proguard-assembler
The disassembler takes class files and converts them to readable jbc
(Java ByteCode) files, following the ProGuard Assembly Language speci-
fication. The assembler does the opposite; it takes readable jbc files and
converts them to class files.
In order to support Kotlin on the JVM (Java Virtual Machine), the Kotlin
compiler adds annotations to Kotlin classes. These are currently printed
by the assembler as any other Java annotation and are not easily read-
able or editable.
This internship will focus on supporting human-readable Kotlin meta-
data in the jbc files which can be disassembled and assembled by the
ProGuard Assembler/Disassembler.
PROFILE
• Java/Kotlin experience
• Java bytecode/JVM-level experience
ASSIGNMENT
Write a small Java application that reads XML (or alternatively, JSON)
data files (with some available library) and prints them out in a readable
format (with your own printing code).
9Easier ProGuard desktop/server 3+ WEEKS
app integration
ProGuard can be applied to Java and Kotlin applications but often re-
quire some difficult configuration to process more complicated applica-
tions such as Spring Boot applications.
Spring Boot is a popular framework for developing mostly server appli-
cations which uses a specific Jar layout for executable Jar projects1.
It is currently possible to process Spring Boot applications with ProGuard
but requires some Gradle task juggling2 to make it happen.
This internship will focus on improving the user experience for process-
ing Spring Boot applications. In the ideal scenario a single Spring Boot
jar could be passed as input to ProGuard which then produces a single
obfuscated version of that Jar.
PROFILE
• Java experience
• Spring experience
ASSIGNMENT
Summarize the difference in Jar layout between standard Jars and Spring
Jars in half a page.
__
1. https://docs.spring.io/spring-boot/docs/current/reference/html/executable-jar.html
2. https://github.com/Guardsquare/proguard/blob/master/examples/spring-boot/build.
gradle#L31
jobs@guardsquare.com www.guardsquare.com/careers
10Open source framework for 1+ MONTHS
application post-processing
ProGuardCORE1 is an open source library for manipulating Java byte-
code. It can be used together with dex2jar (an open source tool for trans-
forming Android applications into jar files) and d8 (the Java bytecode to
Dalvik bytecode compiler) to create programs to perform post-process-
ing on Android applications. However, setting up this pipeline is not very
user friendly. This approach also introduces overhead, as intermediate
files need to be written out between each step in the pipeline.
This internship will focus on integrating these tools into an open source
framework that allows users to focus on implementing their post-pro-
cessing logic, without worrying about the various steps involved in the
pipeline.
PROFILE
• Java experience
• Java bytecode and/or Dalvik bytecode interest
ASSIGNMENT
Write a small Java program that uses ProGuardCORE to read all classes
from a jar and print out a list of each class and its methods. You can use
the Log4Shell project as a starting point.
__
1. https://github.com/Guardsquare/proguard-core
11Symbolic execution 3+ MONTHS
with SMT solvers
Static program analysis typically creates results for all possible execu-
tion paths of a program. However, if not all paths are feasible the re-
sult of such analysis will be inaccurate. Depending on the conditions,
those may be resolved based on the statically available information us-
ing predicate analysis. This analysis simulates the program with logical
formulae, capturing both the variable values and the execution paths
leading to specific states of the program, indicating if a path can be tak-
en, and under which conditions.
In this internship you will build upon ProGuardCORE1 and implement
symbolic execution for predicate analysis using SMT solvers.
PROFILE
• Java experience
• Familiarity with static analysis
• Interest in advanced analysis techniques
ASSIGNMENT
Use ProGuardCORE1 to load an arbitrary Java class, and print all con-
tained conditional statements.
__
1. https://github.com/Guardsquare/proguard-core
jobs@guardsquare.com www.guardsquare.com/careers
12JavaScript analysis 1+ MONTHS
Different static analysis tools exist for a variety of programming lan-
guages. This internship will focus on analysis of Javascript code. For this,
you will create an overview of existing open source JavaScript analysis
tools, as well as setting up a proof-of-concept using the most promising
tool.
PROFILE
• Experience with Javascript
• Interest in code analysis
• Ability to independently perform structured research into a topic
ASSIGNMENT
Research 2 common security issues in Javascript code, and describe
what the problem is, how it can be exploited, how it could be detected
by an analysis, and how a developer should fix it.
13Visualization of elements 2+ MONTHS
of Android applications
Android applications can contain multiple elements e.g., describing the
screens a user can see, or services running in the background. In this
internship, you will investigate different approaches on how to visualize
these, and develop a proof-of-concept performing such visualization.
PROFILE
• Experience with Java or Kotlin
• Ability to independently perform structured research into a topic
ASSIGNMENT
Write an Android app with a simple screen containing a text box and a
button. Compile the app and extract the xml file of this screen from the
apk file. Describe the extracting process in short.
jobs@guardsquare.com www.guardsquare.com/careers
14Reflection reconstruction 2+ MONTHS
Java code can contain reflection calls to perform method calls or to ma-
nipulate objects. In this internship you will research typical reflection
usages. To analyze the calls in an automated way, you will use ProGuard-
CORE1 for creating a proof-of-concept to exchange the reflective calls
with traditional method calls. The proof-of-concept will then be used to
show the limitations of the approach, for instance showing which types
of reflections can and cannot be replaced.
PROFILE
• Experience with Java
• Interest in code analysis
• Ability to independently perform structured research into a topic
ASSIGNMENT
Write a simple program using ProGuardCORE1 to load an arbitrary Java
class, and print all contained methods.
__
1. https://github.com/Guardsquare/proguard-core
15IDE plugin 1+ MONTHS
Recent development environments can be easily extended using one
of many existing plugins. In this internship, you will write a plugin for
Android Studio that better integrates some of our free tools into the
workflow of the developer.
PROFILE
• Experience with Java or Kotlin
• Experience with Android Studio
ASSIGNMENT
Write an Android Studio plugin that adds a simple button to the IDE. On
click of the button, a popup should appear showing some text.
jobs@guardsquare.com www.guardsquare.com/careers
16Detection of outdated libraries 1+ MONTHS
Java programs often contain different libraries not written by the de-
velopers themselves. In this internship, you will research how to detect
such libraries in compiled Java programs, and what limitations such de-
tections have.
You will write a proof-of-concept which takes a Java program as in-
put and produces a list of contained libraries. This list is then checked
against the most recent version of each library, and a warning is shown
for each outdated library.
PROFILE
• Experience with Java
• Ability to independently perform structured research into a topic
ASSIGNMENT
Write a simple program using ProGuardCORE1 which takes an arbitrary
jar file as input, and then outputs all contained classes.
__
1. https://github.com/Guardsquare/proguard-core
17Large scale analysis 1+ MONTHS
To generate statistics on the state of Android applications, it is necessary
to analyze a lot of apps. In this internship, infrastructure will be created
and set up to enable large scale analysis of Android apps. You will cre-
ate a proof-of-concept including all steps necessary for large scale app
analysis.
PROFILE
• Experience with Python
• Ability to independently perform structured research into a topic
ASSIGNMENT
Write a Python script which outputs a list of 100 random, but valid, An-
droid package names.
jobs@guardsquare.com www.guardsquare.com/careers
18Obfuscation detection 1+ MONTHS
Android app developers can use different obfuscation tools to hide the
app’s internals from reverse engineers. In this internship, you will inves-
tigate different approaches to determine if an app is obfuscated, and
write a proof-of-concept which takes an app as input and shows the
parts that are obfuscated.
PROFILE
• Experience with Java
• Interest in code analysis
• Ability to independently perform structured research into a topic
ASSIGNMENT
Write a simple program using ProGuardCORE1 to load an arbitrary Java
class, and print all contained methods.
__
1. https://github.com/Guardsquare/proguard-core
19Yet another app 1+ MONTHS
with security issues
Android apps in the wild can contain a multitude of security problems.
In this internship, you will write an Android app that contains as many
problems as possible. You will learn in detail what problems can exist in
Android apps, how they affect the security of the user’s device, and how
they can be prevented.
PROFILE
• Experience with Java
• Interest in code analysis
• Ability to independently perform structured research into a topic
ASSIGNMENT
Write a small Android application containing one specific security prob-
lem, documenting what the problem is, and how it can be mitigated or
fixed.
jobs@guardsquare.com www.guardsquare.com/careers
20Performance analysis 1+ MONTHS
In this internship you will learn the ins and outs of program profiling,
i.e., the analysis of a program’s performance. You will set up a profiling
environment which can be used for repeatable performance measures,
and then use it to generate profiling data of a real world application.
PROFILE
• Experience with Java and Python
• Interested in understanding how programs work on a low level
• Ability to independently perform structured research into a topic
ASSIGNMENT
Write a small Python script which executes an arbitrary Java program,
and measures and outputs its runtime and memory consumption.
21Triggered?
Have a look at our career & internship openings and join our teams in
Leuven (BE) | Munich (DE) | Boston (US)
CAREERS
scan the QR or visit:
guardsquare.com/careers
jobs@guardsquare.com www.guardsquare.com/careers
2223
The creators of ProGuard guardsquare.com
You can also read
