Learn how to implement and reverse engineer common tamper detection and attestation techniques
What you'll learn
APK Static Analysis
Patching Android Applications
Android Tamper Detection and Attestation Techniques
Getting started with SMALI
Requirements
An understanding of programming techniques, however, no upfront knowledge of Android or Java is required.
Description
This course was filmed as part of a workshop ran in January 2023. By the end of this course you'll be able to develop simple Android applications, reverse Android applications to both Java andSMALI, and apply other techniques to your reverse engineering efforts such as patching.This course has a specific focus on understanding, utilising, and subverting tamper detection and attestation techniques. These techniques are used by banks, online games, and streaming services to minimise the potential of their applications running while on compromised (e.g. rooted) devices. A common and mainstream example of this is the Google Play SafetyNet Attestation API. During this course, we explain what attestation and tamper detection is, how it is used inside of Android applications, and how as reverse engineers we can get around these techniques for security testing. This course also focuses on patching. This is the concept of statically altering an Android application before runtime to alter execution of the program. This can include anything from modifying variables, function calls, and classes. In this course we'll use patching to circumvent tamper detection and attestation techniques. About The Author:James Stevenson has been working in the programming and computer security industry for over 5 years, and for most of that has been working as an Android software engineer and vulnerability researcher. Prior to this, James graduated with a BSc in computer security in 2017. James has featured articles on both personal websites and industry platforms such as Infosecurity Magazine - covering topics from security principles to android programming and security to cyber terrorism. James is a full-time security researcher, part-time PhD student, and occasional conference speaker. Outside of Android internals, James' research has also focused on offender profiling and cybercrime detection capabilities.
Overview
Section 1: Introduction
Lecture 1 Introduction
Section 2: Building and Reverse Engineering Simple Android Apps
Lecture 2 Developing An Android Application
Lecture 3 Reverse Engineering Android Applications
Section 3: Tamper Detection In Android
Lecture 4 Creating A Tamper Detection Application
Lecture 5 Decompiling and Disassembling an APK
Section 4: Wrap Up
Lecture 6 Thank You
People interested in developing their skills in Android application reverse engineering.,People interested in learning more about Android application tamper protection and attestation.,People new to patching Android applications using SMALI.
Screenshots