Hello, welcome to the Thursday, June 23rd, 2016 edition of the Sandton and Storm Center's Stormcast.

My name is Johannes Ulrich and the I'm recording from Jackson, Florida.

Boyang got a quick diary up today with some de-obfuscation tricks in one of the Java decompilers that he likes to use to look at Android applications.

In Android, of course, the application is written in Java.

Typically, Java isn't really that difficult to decompile, but in particular in application

that being shipped to users, developers often use off-use

gators in this case ProGuard. ProGard pretty much removes variable names and

like making it very difficult to reverse engineer a binary but as Boyan points out

even his free Java decompiler has a little tool that at least

returns some useful variable in class names to the application to help with reverse engineering.

And talking about obfuscation, Apple apparently is moving away from some of the obfuscation

they have done in the past in the latest iOS 10 beta.

The kernel is no longer encrypted.

These encrypted kernels were not easily reverse engineerable, but apparently the latest version of iOS beta arrived

unencrypted, meaning it should be easier for testers to find vulnerabilities.

There is no official statement about this from Apple, so it's actually possible this was

a mistake, even though that's quite unlikely, but instead it's actually possible this was a mistake even though that's

quite unlikely but instead it's more likely that they're trying through this

beta phase to get more people to look under the hood of this software and to try

to figure out more vulnerabilities to have them fixed before the final product is released.

In Microsoft released another beta for its simple encrypted arithmetic library or seal.

This library is something that developers certainly should take a look at in that it does allow for something called

...