Internship: Java Team: Reflection reconstruction @ Guardsquare in Leuven (BE)

Duration: 1+ months

Team:

In our Leuven-based Java team we work on manipulating Java bytecode. All our software is based on our open source bytecode manipulation library ProGuardCORE ( https://github.com/Guardsquare/proguard-core ).
On top of ProguardCORE we mainly develop 2 different products: ProGuard and DexGuard. ProGuard is a shrinker and optimizer for all Java and Android applications, it makes them smaller and faster. DexGuard is a code hardening tool, which makes Android apps harder to understand for a reverse engineer.

Project:

Java code can contain reflection calls to perform method calls or to manipulate objects. In this internship you will research typical reflection usages. To analyze the calls in an automated way, you will use ProGuardCORE to create a proof-of-concept to exchange the reflective calls with traditional method calls. The proof-of-concept will then be used to show the limitations of the approach, for instance showing which types of reflections can and cannot be replaced.

ProGuard already implements some support for reflection in a few different ways: 

• Automatic support for initializing simple Class.forName(“StringConstant”) constructs
• -addconfigurationdebugging which instruments reflection calls
• Optimization of GSON

A first implementation of the tool could replace simple Class.forName(“StringConstant”) constructs where possible. Further research can follow on other reflection use-cases that could be automatically supported (for example, this could be another specific library like GSON) and implement a tool that could automatically apply them to some input classes.

Profile:

• Experience with Java
• Interest in code analysis
• Ability to independently perform structured research into a topic

About Guardsquare:

Guardsquare offers the most complete approach to mobile application security on the market. Built on the open source ProGuard technology, Guardsquare’s software integrates seamlessly across the development cycle. From app security testing to code hardening to real-time visibility into the threat landscape, Guardsquare solutions provide enhanced mobile application security from early in the development process through publication.

More than 900 customers worldwide across all major industries rely on Guardsquare to help them identify security risks and protect their mobile applications against reverse engineering and tampering.

Guardsquare is based in Leuven (Belgium) with offices in Boston (USA) and Munich (Germany).

Culture:

At Guardsquare, we take pride in being a diverse and multicultural company with team members representing numerous nationalities. We value different perspectives and opinions throughout the business which has contributed to our being the market leader in mobile application security. 

You will be part of a dynamic team that strives for excellence and focuses on continuous education and enhancement in skills. We encourage & empower our trusted colleagues to share their opinions, actively collaborate, and continue to learn and grow.