Training | Android Applications: From a Reverse Point of View

SYNOPSIS

This training aims to give you the keys to analyze Android applications as well as their interactions with the system. The first part is focused on applications analysis, the second part on the system itself and the third part on a topic involving both the application and the system.

TARGET AUDIENCE

Reverse engineers or analysts that are familiar with Android and who wish to understand Android internals as well as applications reversing.

DURATION

5 days

PREREQUISITES

Basic knowledge on Linux and Android applications.

OBJECTIVES

Be able to analyze Android applications and understand their interactions with the system.

MODULES

Day 1

• Introduction:
  • Android Ecosystem
  • The SDK / NDK
  • AOSP
  • Environment setup
• Android Application
  • File components (Manifest, Resources, Libraries, …)
  • Application components (Activities, Services, …)
  • Entrypoints
  • JNI

Day 2

• Android Application
  • Reverse engineering techniques (Static analysis, dynamic analysis, hooking, …)
  • Protections (Obfuscation, packer, anti-debug, …)

Day 3: Android Internals

• Overview
• ARM architecture
• [Optional] JNI reversing
• Filesystem (/system/app, /user/data/, etc)
• Zygote process

Day 4: Android Internals

• Android Runtime and file formats (DEX, ART, OAT, ODEX, VDEX, ELF)
• IPC and Binder
• Boot process
• Securities (dm-verity, SELinux, …)

Day 5:

• Malware: Analysis of techniques used by advanced malwares such as Chrysaor
• Introduction to obfuscation: Techniques and tools to address obfuscated applications