Android App Hacking – Black Belt Edition

Android App Hacking – Black Belt Edition

English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 127 lectures (50h 3m) | 41.1 GB

Becoming the lead expert in android app security

In this course you will learn absolutely everything about android app hacking. This course teaches you the ethical principles and enables you to become the top expert of your company regarding to app security. We learn really complex attacks in the most funny way that’s possible, by hacking a mobile game.

Legal note:

The game we are going to hack is licensed under the GNU GPL, which means, we are allowed to perform such modifications. Hacking apps without having the permission of the author is strongly forbidden! The things you learn are related to security research. I am teaching you all of this in a legal and ethical way.

Course – Structure:

In the installation chapter we will analyze different smartphone setups, their strength and their weaknesses. We unlock our device and use certain features to already start hacking our first apps. We will learn how to analyze bluetooth low energy connections and get familiar with the Android Debug Bridge (ADB).

We move on to the android app structure. Here we gain a rock solid understanding about the key components of an android app. We will analyze the AndroidManifest.xml and learn how to exploit activities, broadcast receiver and content provider. We will write our own small apps to exploit SQL injections and path traversals.

Afterwards we take a deep dive into reverse engineering. We will learn how to decompile an android app and reconstruct the Java code. We will have a look at different decompilers and create flow- and call graphs to deal with highly obfuscated apps. Finally a nice application is waiting for us to practice all the things we have learned so far.

Then we have the treasure of this course, the SMALI chapter. SMALI is like an assembly language of an android application and gives us unlimited power in hacking them. We practice our skills by modifying our mobile game to have infinite lives, become invisible or invincible. We add multiple player shots, manipulate the fire rate and many more.

In the man-in-the-middle chapter we will learn how to analyze the network traffic of a mobile app. We will gain an understanding about HTTPS and how to analyze these connections. We will learn how certificate pinning works and bypass several different types of it.

The last thing that is missing is FRIDA, which is an amazing framework to perform runtime manipulations within an app. We will hook into the pseudorandom number generator (PRNG) to modify a dice application. We will learn how to scan the memory for certain instances and how to interact with the UI thread of an app. We will create new objects and practice all of this by writing our own trainer for a gaming application. The cherry on top will be the analysis of a native c function with Ghidra and the manipulation and modification with FRIDA.

After getting through all these chapters you will be the top expert in android app security of your company. Therefore, what you are wainting for?

What you’ll learn

  • Deep understanding of the android app structure
  • How to exploit Activities, BroadcastReceiver and ContentProvider (SQL injection & Path Traversal)
  • Bypassing Rooting Detection (SMALI and FRIDA)
  • Bypassing Certificate Pinning (SMALI and FRIDA)
  • Performing a man-in-the-middle attack
  • Analyzing-/ Manipulating the network traffic of a mobile app
  • Creating call- and flow graphs to reverse engineer strong obfuscated apps
  • Manipulating Java and C/C++ methods (FRIDA & SMALI)
  • Reading- / Writing SMALI code
  • Injecting own (custom) code into existing applications
  • Deep understanding of the android permission model
  • Modifying games (infinite lives, high score, invisble, invincible) – Writing a trainer
  • Analzying bluetooth low energy connections
  • Dealing with different encryption types (e.g. AES)
  • Ethical and legal principles
Table of Contents

Installation and Setup
1 Setup Theory
2 Installation System & Android Studio
3 Emulator Installation
4 Emulator Usage Secret Features
5 Androidx86 Virtual Machine Setup
6 Developer Options
7 Developer Options Secrets Game Hacking
8 Developer Options Bluetooth Low Energy Hacking
9 Bluetooth Low Energy Furby App Hacking
10 Android Debug Bridge Theory
11 Android Debug Bridge ADB HandsOn White Belt

App Structure
12 Filestructure of an APK
13 Dalvik Dex
14 Classesdex
15 Decompiling Preperation
16 Decompiling HandsOn
17 AndroidManifestxml
18 App Permissions
19 Activities
20 Activities Hacking
21 Activity Bonus Bypassing Login Own Application
22 Intents
23 Intents Examples
24 BroadcastReceiver
25 BroadcastReceiver Hacking Alarm App
26 BroadcastReceiver Hacking via own App
27 Services
28 ContentProvider
29 ContentProvider SQL Injection
30 ContentProvider Database Attacks SQLi Permission Bypass
31 ContentProvider PathTraversal Attack
32 Application Signing
33 Application Signing Deep Dive
34 BlueBox Master Key Vulnerability Signing

Reverse Engineering Android Apps
35 Dex2Jar
36 JadxGui
37 JadxGui HandsOn
38 Secret Super Weapon
39 Reversing Apps
40 Creating a CallGraph CG
41 Creating a FlowGraph FG
42 Challenge Intro
43 Challenge Hacking Activities
44 Challenge Hacking Content Provider
45 Challenge Hacking BroadCast Receiver
46 Challenge Password Decryption

47 Recap
48 Smali Introduction
49 Smali Patching
50 Challenge Solution
51 Registers
52 Types
53 P0 Register
54 Dalvik Opcodes
55 Smali File Structure
56 Practice Smali
57 Practice Solution
58 Orange Belt Intro
59 Orange Belt Solution
60 IF Intro
62 IF ELSE GOTO Code Analysis
63 IF ELSE GOTO Blocks
64 IF ELSE GOTO Practice
65 Smali Patching Flipping the logic
66 Smali Patching Deleting Code
67 Smali Patching Jump Instructions
68 Rooting Detection Intro
69 Rooting Detection bypass Solution
70 Rooting Detection Solution2 Bonus
71 Smali Objects and Methods
72 Smali Static Methods
73 Smali Hello World Yes this late
74 Printing out secrets Systemout Written in Smali
75 Patching XOR encryption
76 One challenge to recap all Intro
77 One challenge to recap all Part 1
78 One challenge to recap all Part 2
79 One challenge to recap all Part 3
80 One challenge to recap all Solution
81 Blue Belt Challenge Intro
82 Blue Belt Challenge Hint
83 Blue Belt Challenge Solution

Man in the Middle
84 Adress Resolution Protocol ARP
85 MitM Setup
86 Intercepting Theory
87 BurpSuite Setup
88 Reset the Setup
89 HTTPS Technical View
90 Installing a Certificate
91 MitM Setup Virtual Machine VM
92 Certificate Pinning Theory
93 Certificate Pinning OpenSSL Bonus
94 Certificate Pinning Patching Fingerprint
95 Certificate Pinning Patching Certificate
96 Certificate Pinning Objection Bypass

97 Dize Game HandsOn
98 Dize App Analysis
99 Dize App Observing Parameters
100 Dize App Modifying Parameters
101 Function Overloading
102 Timing Hooking
103 Challenge Rooting Detection bypass
104 Challenge Rooting Detection solution
105 Actively calling a method
106 Instance Methods
107 Working with Instances
108 HandsOn
109 HandsOn Solution
110 Instance as a parameter
111 Existing instance as a parameter
112 Challenge Create multiple player shots
113 Challenge Mulitple player shots solution
114 Constructor hooking
115 Manipulating UI Thread
116 Writing a trainer
117 Hooking the Native Development Kit NDK
118 NDK hooking Easy Way
119 NDK hooking Hard way
120 NDK hooking timing
121 Manipulating NDK methods overwriting
122 Reversing C function in ghidra Bonus
123 Hooking C function in frida Bonus
124 Introduction
125 Install
126 Hooking Theory

Additional Files
127 CheatSheet