Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Android App Hacking - Black Belt Edition
Rating: 4.4 out of 5(1,102 ratings)
10,279 students

Android App Hacking - Black Belt Edition

Becoming the lead expert in android app security
Created byRoman Stuehler
Last updated 10/2024
English

What you'll learn

  • Deep understanding of the android app structure
  • How to exploit Activities, BroadcastReceiver and ContentProvider (SQL injection & Path Traversal)
  • Bypassing Rooting Detection (SMALI and FRIDA)
  • Bypassing Certificate Pinning (SMALI and FRIDA)
  • Performing a man-in-the-middle attack
  • Analyzing-/ Manipulating the network traffic of a mobile app
  • Creating call- and flow graphs to reverse engineer strong obfuscated apps
  • Manipulating Java and C/C++ methods (FRIDA & SMALI)
  • Reading- / Writing SMALI code
  • Injecting own (custom) code into existing applications
  • Deep understanding of the android permission model
  • Modifying games (infinite lives, high score, invisble, invincible) - Writing a trainer
  • Analzying bluetooth low energy connections
  • Dealing with different encryption types (e.g. AES)
  • Deep- / Web- / App-Links (Bug Bounty)
  • Reversing native libraries with Ghidra
  • Debugging Java code
  • Debugging SMALI code (live - with interpreter)
  • Webvies & JavaScriptInterfaces
  • XSS / SQL Injection Exploitation

Course content

8 sections138 lectures54h 42m total length
  • Setup - Theory10:22

    We will discuss the concept (setup) of this course. How we can interact with a device and we also talk about the advantages and disadvantages of an real smartphone vs an emulator / virtual machine.

  • Installation (System & Android Studio)25:38

    This video covers the core setup of an Ubuntu VM together with the installation of Android Studio. We will set our environment variables and get ready for this course :)

  • Emulator - Installation10:22

    We will have a look into the installation process of an android emulator. We will also find out, which images directly gives us root access and which not.

  • Emulator - Usage (Secret Features)35:10

    In this video, we will learn more about the emulator and the really amazing options it provides. We will also have a look into some secret interfaces, which helps us location spoofing. It is not the mocking feature in the developer options ;)

  • Androidx86 Virtual Machine - Setup13:20

    We will setup a virtual machine which is based on an android image. This can be faster if we have to deal with nested virtualization. You will find more information about this in the concept video (beginning).

  • Concept
  • Developer Options11:49

    Just a quick look into some useful developer options. Some of them are really underrated like the "bluetooth hci snoop log".

  • Developer Options - Secrets ( Game Hacking )23:03

    This video covers automating processes like inserting text or performing clicks on the device. This can be turned into playing games, without playing them :)

    You will find two versions of this game. They are identical regarding to the functionality but the one having "12" at the end has been compiled for android version >= 12. The other one will work on all lower versions.

  • Developer Options - Bluetooth Low Energy Hacking35:42

    We will learn how to create and dump the bluetooth log of a smartphone. Afterwards we will have a look into the connection parameters with wireshark.

  • Bluetooth Low Energy - Furby App Hacking19:40

    We move on with capturing and analyzing the traffic and start sending our own modified packages, without requiring the android application.

  • Android Debug Bridge - Theory10:43

    We will get a better understanding of the Android Debug Bridge (ADB) and it's components. This is very helpful to perform more advanced attacks, that also requires port forwarding.

  • Android Debug Bridge (ADB) - HandsOn (White - Belt)31:33

    The final video of this chapter will cover useful adb commands and shows some interaction with the device.

  • Scrcpy for Android version 142:40

    The scrcpy version has been updated regarding to certain vendors. Some things have changed in Android version 14 and therefore, the old scrcpy version does not work anymore. This only affects real devices. Within the emulator I do not have encountered any issues.

    In this video we will have a look into installing the new version to fix the problem for real devices :)

Requirements

  • Android knowledge is not required (This course teaches everything)
  • No real smartphone required
  • Laptop / PC

Description

In this course you will learn absolutely everything about android app hacking. This course teaches you the ethical principles and enables you to become the top expert of your company regarding to app security. We learn really complex attacks in the most funny way that's possible, by hacking a mobile game.


Legal note:

The game we are going to hack is licensed under the GNU GPL, which means, we are allowed to perform such modifications. Hacking apps without having the permission of the author is strongly forbidden! The things you learn are related to security research. I am teaching you all of this in a legal and ethical way.


Course - Structure:


In the installation chapter we will analyze different smartphone setups, their strength and their weaknesses. We unlock our device and use certain features to already start hacking our first apps. We will learn how to analyze bluetooth low energy connections and get familiar with the Android Debug Bridge (ADB).


We move on to the android app structure. Here we gain a rock solid understanding about the key components of an android app. We will analyze the AndroidManifest.xml and learn how to exploit activities, broadcast receiver and content provider. We will write our own small apps to exploit SQL injections and path traversals.


Afterwards we take a deep dive into reverse engineering. We will learn how to decompile an android app and reconstruct the Java code. We will have a look at different decompilers and create flow- and call graphs to deal with highly obfuscated apps. Finally a nice application is waiting for us to practice all the things we have learned so far.


Then we have the treasure of this course, the SMALI chapter. SMALI is like an assembly language of an android application and gives us unlimited power in hacking them. We practice our skills by modifying our mobile game to have infinite lives, become invisible or invincible. We add multiple player shots, manipulate the fire rate and many more.


In the man-in-the-middle chapter we will learn how to analyze the network traffic of a mobile app. We will gain an understanding about HTTPS and how to analyze these connections. We will learn how certificate pinning works and bypass several different types of it.


The last thing that is missing is FRIDA, which is an amazing framework to perform runtime manipulations within an app. We will hook into the pseudorandom number generator (PRNG) to modify a dice application. We will learn how to scan the memory for certain instances and how to interact with the UI thread of an app. We will create new objects and practice all of this by writing our own trainer for a gaming application. The cherry on top will be the analysis of a native c function with Ghidra and the manipulation and modification with FRIDA.


After getting through all these chapters you will be the top expert in android app security of your company. Therefore, what you are wainting for? :)

Who this course is for:

  • Security Analyst / Ethical Hacker
  • Android App Developer
  • Bug Bounty Hunter
  • Everyone who likes to manipulate android apps / games :)