The Android training has been designed to address two problematics:
=> How to analyze and reverse-engineering an application?
=> How applications interact with Android internal components?
- The first two days start with application analysis in which we introduce general concepts about APK:
=> Dalvik Bytecode
=> Java Native interface
- The next two days cover the second problematic. Students will learn how APK are really executed through the Android runtime, how instrumentation frameworks manage to
hook Java methods and how to take advantage of the system to reverse applications. Another part is focused on Android formats (OAT, VDEX, ART, ...) and their evolution over the versions.
We also introduce concept about Binder, SELinux, Permissions, ...
It ends up with library loading restriction introduced in Android Nougat and API restriction (Hiddenapi) introduced in Android Pie.
- The last day is dedicated to longer laboratories that involve the two previous parts. For example, we will analyze the Chrysaor spyware and its keylogging module.
Finally, we will provide a solution to the Android challenge and some explanations about its construction.
The syllabus is available here