Android applications: From a Reverse Point of View 16th of April, 2018
This training aims to give you the keys to analyze Android applications as well as their interactions with the system. The first part is focused on applications analysis, the second part on the system itself and the third part on a topic involving both the application and the system.
Reverse engineers or analysts that are familiar with Android and who wish to understand Android internals as well as applications reversing.
Basic knowledge on Linux and Android applications
Be able to analyze Android applications and understand the interaction with the system
- The training will take place in Paris. The exact location will be specified later.
- It is limited to 12 participants maximum.
- It will only be given if a minimum of 8 participants.
- Fore more information and to apply, please contact us at: trainings(AT)quarkslab.com
- Android Ecosystem
- The SDK / NDK
- Environment setup
- File components (Manifest, Resources, Libraries, ...)
- Application components (Activities, Services, ...)
- The entrypoints
- Reverse engineering techniques (Static analysis, dynamic analysis, hooking, ...)
- Protections (Obfuscation, packer, anti-debug, ...)
- ARM architecture
- [Optional] JNI reversing
- Filesystem (/system/app, /user/data/, etc)
- Zygote process
- Service manager and permissions
- Android Runtime and file formats (DEX, ART, OAT, ODEX, VDEX, ELF)
- IPC and Binder
- Boot process
- Securities (dm-verity, SELinux, ...)
- [Optional] Malware analysis
Analysis of some techniques used by advanced malwares such as Chrysaor
- [Optional] ROM analysis
How they are structured, how to identify components added by a constructor, …
- [Optional] Vulnerabilities Researching
Overview of vulnerabilities affecting android (Deserialization, Weak crypto, Unsecured Android components, …)
- [Optional] Rooting techniques
Different mechanisms to root a device