Overview:The workshop is the Android (very) short version of a 3-days training dedicated to learning the basics to be able to assess the security of Android mobile applications.
Guillaume Lopes (@Guillaume_Lopes) will share many techniques, tips and tricks to deliver to pentesters, bug bounty researchers, app makers or just curious about a 100% hands-on Android workshop. The goals are:
- Understand Android basics
- Learn how to use the common tools (adb, apktool, JADX, Frida and Objection) in order to assess Android applications
- Practice on how to resolve the OWASP Android crackmes (Levels 1, 2 and 3)
Agenda:This 2 hours workshop is divided in 4 main parts:
1. Setup your environment: Presentation of the tools used during this workshop and creation of an Android Virtual Device with Android Studio
2. Resolution of the UnCrackable Level 1:
a) Defeat root detection
- Using only tampering (aka apktool and your favorite text editor)
- Using Frida on a rooted device
- Using Frida on a non rooted-device
- Using Objection
2. Resolution of the UnCrackable Level 2
a) Defeat root detection
b) Handle native code with Frida
4. Resolution of the UnCrackable Level 3
a) Defeat root detection, anti-hooking and anti-tampering with Frida
Prerequisites:- Download a specially crafted Virtual Machine (based on Kali). - Link will be emailed *to attendees only* a few days before the workshop.
- Need a laptop with 30 Gb of free space
- Download and install VMWare Workstation Player 16 (DO NOT use Virtual Box) :
https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html