Tags
Language
Tags
November 2024
Su Mo Tu We Th Fr Sa
27 28 29 30 31 1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30

Android App Hacking - Black Belt Edition (updated 9/2022)

Posted By: ELK1nG
Android App Hacking - Black Belt Edition (updated 9/2022)

Android App Hacking - Black Belt Edition (updated 9/2022)
Last updated 9/2022
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 41.11 GB | Duration: 50h 4m

Becoming the lead expert in android app security

What you'll learn
Deep understanding of the android app structure
How to exploit Activities, BroadcastReceiver and ContentProvider (SQL injection & Path Traversal)
Bypassing Rooting Detection (SMALI and FRIDA)
Bypassing Certificate Pinning (SMALI and FRIDA)
Performing a man-in-the-middle attack
Analyzing-/ Manipulating the network traffic of a mobile app
Creating call- and flow graphs to reverse engineer strong obfuscated apps
Manipulating Java and C/C++ methods (FRIDA & SMALI)
Reading- / Writing SMALI code
Injecting own (custom) code into existing applications
Deep understanding of the android permission model
Modifying games (infinite lives, high score, invisble, invincible) - Writing a trainer
Analzying bluetooth low energy connections
Dealing with different encryption types (e.g. AES)
Ethical and legal principles
Requirements
Android knowledge is not required (This course teaches everything)
No real smartphone required
Laptop / PC
Description
In this course you will learn absolutely everything about android app hacking. This course teaches you the ethical principles and enables you to become the top expert of your company regarding to app security. We learn really complex attacks in the most funny way that's possible, by hacking a mobile game. Legal note:The game we are going to hack is licensed under the GNU GPL, which means, we are allowed to perform such modifications. Hacking apps without having the permission of the author is strongly forbidden! The things you learn are related to security research. I am teaching you all of this in a legal and ethical way. Course - Structure:In the installation chapter we will analyze different smartphone setups, their strength and their weaknesses. We unlock our device and use certain features to already start hacking our first apps. We will learn how to analyze bluetooth low energy connections and get familiar with the Android Debug Bridge (ADB).We move on to the android app structure. Here we gain a rock solid understanding about the key components of an android app. We will analyze the AndroidManifest.xml and learn how to exploit activities, broadcast receiver and content provider. We will write our own small apps to exploit SQL injections and path traversals.Afterwards we take a deep dive into reverse engineering. We will learn how to decompile an android app and reconstruct the Java code. We will have a look at different decompilers and create flow- and call graphs to deal with highly obfuscated apps. Finally a nice application is waiting for us to practice all the things we have learned so far.Then we have the treasure of this course, the SMALI chapter. SMALI is like an assembly language of an android application and gives us unlimited power in hacking them. We practice our skills by modifying our mobile game to have infinite lives, become invisible or invincible. We add multiple player shots, manipulate the fire rate and many more. In the man-in-the-middle chapter we will learn how to analyze the network traffic of a mobile app. We will gain an understanding about HTTPS and how to analyze these connections. We will learn how certificate pinning works and bypass several different types of it. The last thing that is missing is FRIDA, which is an amazing framework to perform runtime manipulations within an app. We will hook into the pseudorandom number generator (PRNG) to modify a dice application. We will learn how to scan the memory for certain instances and how to interact with the UI thread of an app. We will create new objects and practice all of this by writing our own trainer for a gaming application. The cherry on top will be the analysis of a native c function with Ghidra and the manipulation and modification with FRIDA.After getting through all these chapters you will be the top expert in android app security of your company. Therefore, what you are wainting for? :)

Overview

Section 1: Installation and Setup

Lecture 1 Setup - Theory

Lecture 2 Installation (System & Android Studio)

Lecture 3 Emulator - Installation

Lecture 4 Emulator - Usage (Secret Features)

Lecture 5 Androidx86 Virtual Machine - Setup

Lecture 6 Developer Options

Lecture 7 Developer Options - Secrets ( Game Hacking )

Lecture 8 Developer Options - Bluetooth Low Energy Hacking

Lecture 9 Bluetooth Low Energy - Furby App Hacking

Lecture 10 Android Debug Bridge - Theory

Lecture 11 Android Debug Bridge (ADB) - HandsOn (White - Belt)

Section 2: App Structure

Lecture 12 Filestructure of an APK

Lecture 13 Dalvik / Dex

Lecture 14 Classes.dex

Lecture 15 Decompiling - Preperation

Lecture 16 Decompiling - HandsOn

Lecture 17 AndroidManifest.xml

Lecture 18 App - Permissions

Lecture 19 Activities

Lecture 20 Activities - Hacking

Lecture 21 Activity - Bonus (Bypassing Login - Own Application)

Lecture 22 Intents

Lecture 23 Intents - Examples

Lecture 24 BroadcastReceiver

Lecture 25 BroadcastReceiver - Hacking (Alarm App)

Lecture 26 BroadcastReceiver - Hacking via own App

Lecture 27 Services

Lecture 28 ContentProvider

Lecture 29 ContentProvider - SQL Injection

Lecture 30 ContentProvider - Database Attacks (SQLi - Permission / Bypass)

Lecture 31 ContentProvider - PathTraversal Attack

Lecture 32 Application Signing

Lecture 33 Application Signing - Deep Dive

Lecture 34 BlueBox Master Key Vulnerability (Signing)

Section 3: Reverse Engineering Android Apps

Lecture 35 Dex2Jar

Lecture 36 Jadx-Gui

Lecture 37 Jadx-Gui HandsOn

Lecture 38 Secret Super Weapon

Lecture 39 Reversing Apps

Lecture 40 Creating a CallGraph (CG)

Lecture 41 Creating a FlowGraph (FG)

Lecture 42 Challenge - Intro

Lecture 43 Challenge - Hacking Activities

Lecture 44 Challenge - Hacking Content Provider

Lecture 45 Challenge - Hacking BroadCast Receiver

Lecture 46 Challenge - Password (Decryption)

Section 4: Smali

Lecture 47 Recap

Lecture 48 Smali - Introduction

Lecture 49 Smali - Patching

Lecture 50 Challenge - Solution

Lecture 51 Registers

Lecture 52 Types

Lecture 53 P0 - Register

Lecture 54 Dalvik Opcodes

Lecture 55 Smali File Structure

Lecture 56 Practice - Smali

Lecture 57 Practice - Solution

Lecture 58 Orange Belt - Intro

Lecture 59 Orange Belt - Solution

Lecture 60 IF - Intro

Lecture 61 IF / ELSE / GOTO

Lecture 62 IF / ELSE / GOTO - Code Analysis

Lecture 63 IF / ELSE / GOTO - Blocks

Lecture 64 IF / ELSE / GOTO - Practice

Lecture 65 Smali Patching - Flipping the logic

Lecture 66 Smali Patching - Deleting Code

Lecture 67 Smali Patching - Jump Instructions

Lecture 68 Rooting Detection - Intro

Lecture 69 Rooting Detection (bypass) - Solution

Lecture 70 Rooting Detection - Solution2 (Bonus)

Lecture 71 Smali - Objects and Methods

Lecture 72 Smali - Static Methods

Lecture 73 Smali - Hello World (Yes, this late)

Lecture 74 Printing out secrets - System.out (Written in Smali)

Lecture 75 Patching XOR encryption

Lecture 76 One challenge to recap all - Intro

Lecture 77 One challenge to recap all - Part 1

Lecture 78 One challenge to recap all - Part 2

Lecture 79 One challenge to recap all - Part 3

Lecture 80 One challenge to recap all - Solution

Lecture 81 Blue Belt - Challenge (Intro)

Lecture 82 Blue Belt - Challenge (Hint)

Lecture 83 Blue Belt - Challenge (Solution)

Section 5: Man in the Middle

Lecture 84 Adress Resolution Protocol (ARP)

Lecture 85 MitM - Setup

Lecture 86 Intercepting - Theory

Lecture 87 BurpSuite - Setup

Lecture 88 Reset the Setup

Lecture 89 HTTPS - Technical View

Lecture 90 Installing a Certificate

Lecture 91 MitM Setup - Virtual Machine (VM)

Lecture 92 Certificate Pinning - Theory

Lecture 93 Certificate Pinning - OpenSSL (Bonus)

Lecture 94 Certificate Pinning - Patching Fingerprint

Lecture 95 Certificate Pinning - Patching Certificate

Lecture 96 Certificate Pinning - Objection (Bypass)

Section 6: FRIDA

Lecture 97 Introduction

Lecture 98 Install

Lecture 99 Hooking - Theory

Lecture 100 Dize Game - HandsOn

Lecture 101 Dize App - Analysis

Lecture 102 Dize App - Observing Parameters

Lecture 103 Dize App - Modifying Parameters

Lecture 104 Function Overloading

Lecture 105 Timing (Hooking)

Lecture 106 Challenge - Rooting Detection (bypass)

Lecture 107 Challenge - Rooting Detection (solution)

Lecture 108 Actively calling a method

Lecture 109 Instance Methods

Lecture 110 Working with Instances

Lecture 111 HandsOn

Lecture 112 HandsOn - Solution

Lecture 113 Instance as a parameter

Lecture 114 Existing instance as a parameter

Lecture 115 Challenge - Create multiple player shots

Lecture 116 Challenge - Mulitple player shots (solution)

Lecture 117 Constructor hooking

Lecture 118 Manipulating UI Thread

Lecture 119 Writing a trainer

Lecture 120 Hooking the Native Development Kit (NDK)

Lecture 121 NDK hooking - Easy Way

Lecture 122 NDK hooking - Hard way

Lecture 123 NDK hooking - timing

Lecture 124 Manipulating NDK methods (overwriting)

Lecture 125 Reversing C - function in ghidra (Bonus)

Lecture 126 Hooking C - function in frida (Bonus)

Section 7: Additional Files

Lecture 127 CheatSheet

Security Analyst / Ethical Hacker,Android app developer,Bug Bounty Hunter,Everyone who likes to manipulate android apps / games :)