Android App Hacking – Black Belt Edition
Android App Hacking – Black Belt Edition, available at $84.99, has an average rating of 4.73, with 139 lectures, 3 quizzes, based on 526 reviews, and has 4550 subscribers.
You will learn about Deep understanding of the android app structure How to exploit Activities, BroadcastReceiver and ContentProvider (SQL injection & Path Traversal) Bypassing Rooting Detection (SMALI and FRIDA) Bypassing Certificate Pinning (SMALI and FRIDA) Performing a man-in-the-middle attack Analyzing-/ Manipulating the network traffic of a mobile app Creating call- and flow graphs to reverse engineer strong obfuscated apps Manipulating Java and C/C++ methods (FRIDA & SMALI) Reading- / Writing SMALI code Injecting own (custom) code into existing applications Deep understanding of the android permission model Modifying games (infinite lives, high score, invisble, invincible) – Writing a trainer Analzying bluetooth low energy connections Dealing with different encryption types (e.g. AES) Deep- / Web- / App-Links (Bug Bounty) Reversing native libraries with Ghidra Debugging Java code Debugging SMALI code (live – with interpreter) Webvies & JavaScriptInterfaces XSS / SQL Injection Exploitation This course is ideal for individuals who are Security Analyst / Ethical Hacker or Android App Developer or Bug Bounty Hunter or Everyone who likes to manipulate android apps / games 🙂 It is particularly useful for Security Analyst / Ethical Hacker or Android App Developer or Bug Bounty Hunter or Everyone who likes to manipulate android apps / games :).
Enroll now: Android App Hacking – Black Belt Edition
Summary
Title: Android App Hacking – Black Belt Edition
Price: $84.99
Average Rating: 4.73
Number of Lectures: 139
Number of Quizzes: 3
Number of Published Lectures: 138
Number of Published Quizzes: 3
Number of Curriculum Items: 150
Number of Published Curriculum Objects: 149
Original Price: $64.99
Quality Status: approved
Status: Live
What You Will Learn
- Deep understanding of the android app structure
- How to exploit Activities, BroadcastReceiver and ContentProvider (SQL injection & Path Traversal)
- Bypassing Rooting Detection (SMALI and FRIDA)
- Bypassing Certificate Pinning (SMALI and FRIDA)
- Performing a man-in-the-middle attack
- Analyzing-/ Manipulating the network traffic of a mobile app
- Creating call- and flow graphs to reverse engineer strong obfuscated apps
- Manipulating Java and C/C++ methods (FRIDA & SMALI)
- Reading- / Writing SMALI code
- Injecting own (custom) code into existing applications
- Deep understanding of the android permission model
- Modifying games (infinite lives, high score, invisble, invincible) – Writing a trainer
- Analzying bluetooth low energy connections
- Dealing with different encryption types (e.g. AES)
- Deep- / Web- / App-Links (Bug Bounty)
- Reversing native libraries with Ghidra
- Debugging Java code
- Debugging SMALI code (live – with interpreter)
- Webvies & JavaScriptInterfaces
- XSS / SQL Injection Exploitation
Who Should Attend
- Security Analyst / Ethical Hacker
- Android App Developer
- Bug Bounty Hunter
- Everyone who likes to manipulate android apps / games 🙂
Target Audiences
- Security Analyst / Ethical Hacker
- Android App Developer
- Bug Bounty Hunter
- Everyone who likes to manipulate android apps / games 🙂
In this course you will learn absolutely everything about android app hacking. This course teaches you the ethical principles and enables you to become the top expert of your company regarding to app security. We learn really complex attacks in the most funny way that’s possible, by hacking a mobile game.
Legal note:
The game we are going to hack is licensed under the GNU GPL, which means, we are allowed to perform such modifications. Hacking apps without having the permission of the author is strongly forbidden! The things you learn are related to security research. I am teaching you all of this in a legal and ethical way.
Course – Structure:
In the installation chapter we will analyze different smartphone setups, their strength and their weaknesses. We unlock our device and use certain features to already start hacking our first apps. We will learn how to analyze bluetooth low energy connections and get familiar with the Android Debug Bridge (ADB).
We move on to the android app structure. Here we gain a rock solid understanding about the key components of an android app. We will analyze the AndroidManifest.xml and learn how to exploit activities, broadcast receiver and content provider. We will write our own small apps to exploit SQL injections and path traversals.
Afterwards we take a deep dive into reverse engineering. We will learn how to decompile an android app and reconstruct the Java code. We will have a look at different decompilers and create flow- and call graphs to deal with highly obfuscated apps. Finally a nice application is waiting for us to practice all the things we have learned so far.
Then we have the treasure of this course, the SMALI chapter. SMALI is like an assembly language of an android application and gives us unlimited power in hacking them. We practice our skills by modifying our mobile game to have infinite lives, become invisible or invincible. We add multiple player shots, manipulate the fire rate and many more.
In the man-in-the-middle chapter we will learn how to analyze the network traffic of a mobile app. We will gain an understanding about HTTPS and how to analyze these connections. We will learn how certificate pinning works and bypass several different types of it.
The last thing that is missing is FRIDA, which is an amazing framework to perform runtime manipulations within an app. We will hook into the pseudorandom number generator (PRNG) to modify a dice application. We will learn how to scan the memory for certain instances and how to interact with the UI thread of an app. We will create new objects and practice all of this by writing our own trainer for a gaming application. The cherry on top will be the analysis of a native c function with Ghidra and the manipulation and modification with FRIDA.
After getting through all these chapters you will be the top expert in android app security of your company. Therefore, what you are wainting for? 🙂
Course Curriculum
Chapter 1: Installation and Setup
Lecture 1: Setup – Theory
Lecture 2: Installation (System & Android Studio)
Lecture 3: Emulator – Installation
Lecture 4: Emulator – Usage (Secret Features)
Lecture 5: Androidx86 Virtual Machine – Setup
Lecture 6: Developer Options
Lecture 7: Developer Options – Secrets ( Game Hacking )
Lecture 8: Developer Options – Bluetooth Low Energy Hacking
Lecture 9: Bluetooth Low Energy – Furby App Hacking
Lecture 10: Android Debug Bridge – Theory
Lecture 11: Android Debug Bridge (ADB) – HandsOn (White – Belt)
Lecture 12: Scrcpy for Android version 14
Chapter 2: App Structure
Lecture 1: Filestructure of an APK
Lecture 2: Dalvik / Dex
Lecture 3: Classes.dex
Lecture 4: Decompiling – Preperation
Lecture 5: Decompiling – HandsOn
Lecture 6: AndroidManifest.xml
Lecture 7: App – Permissions
Lecture 8: Activities
Lecture 9: Activities – Hacking
Lecture 10: Activity – Bonus (Bypassing Login – Own Application)
Lecture 11: Intents
Lecture 12: Intents – Examples
Lecture 13: DeepLinks (Theory – 2024)
Lecture 14: DeepLinks (Examples – 2024)
Lecture 15: BroadcastReceiver
Lecture 16: BroadcastReceiver – Hacking (Alarm App)
Lecture 17: BroadcastReceiver – Hacking via own App
Lecture 18: Services
Lecture 19: ContentProvider
Lecture 20: ContentProvider – SQL Injection
Lecture 21: ContentProvider – Database Attacks (SQLi – Permission / Bypass)
Lecture 22: ContentProvider – PathTraversal Attack
Lecture 23: Application Signing
Lecture 24: Application Signing – Deep Dive
Lecture 25: BlueBox Master Key Vulnerability (Signing)
Chapter 3: Reverse Engineering Android Apps
Lecture 1: Dex2Jar
Lecture 2: Jadx-Gui
Lecture 3: Jadx-Gui HandsOn
Lecture 4: Secret Super Weapon
Lecture 5: Reversing Apps
Lecture 6: Creating a CallGraph (CG)
Lecture 7: Creating a FlowGraph (FG)
Lecture 8: Challenge – Intro
Lecture 9: Challenge – Hacking Activities
Lecture 10: Challenge – Hacking Content Provider
Lecture 11: Challenge – Hacking BroadCast Receiver
Lecture 12: Challenge – Password (Decryption)
Chapter 4: Smali
Lecture 1: Recap
Lecture 2: Smali – Introduction
Lecture 3: Smali – Patching
Lecture 4: Challenge – Solution
Lecture 5: Registers
Lecture 6: Types
Lecture 7: P0 – Register
Lecture 8: Dalvik Opcodes
Lecture 9: Smali File Structure
Lecture 10: Practice – Smali
Lecture 11: Practice – Solution
Lecture 12: Orange Belt – Intro
Lecture 13: Orange Belt – Solution
Lecture 14: IF – Intro
Lecture 15: IF / ELSE / GOTO
Lecture 16: IF / ELSE / GOTO – Code Analysis
Lecture 17: IF / ELSE / GOTO – Blocks
Lecture 18: IF / ELSE / GOTO – Practice
Lecture 19: Smali Patching – Flipping the logic
Lecture 20: Smali Patching – Deleting Code
Lecture 21: Smali Patching – Jump Instructions
Lecture 22: Rooting Detection (bypass) – Solution
Lecture 23: Rooting Detection – Solution2 (Bonus)
Lecture 24: Smali – Objects and Methods
Lecture 25: Smali – Static Methods
Lecture 26: Smali – Hello World (Yes, this late)
Lecture 27: Printing out secrets – System.out (Written in Smali)
Lecture 28: Patching XOR encryption
Lecture 29: One challenge to recap all – Intro
Lecture 30: One challenge to recap all – Part 1
Lecture 31: One challenge to recap all – Part 2
Lecture 32: One challenge to recap all – Part 3
Lecture 33: One challenge to recap all – Solution
Lecture 34: Blue Belt – Challenge (Intro)
Lecture 35: Blue Belt – Challenge (Hint)
Lecture 36: Blue Belt – Challenge (Solution)
Lecture 37: Debugging Android Applications
Lecture 38: SMALI Debugging on Steroids
Instructors
Rating Distribution
- 1 stars: 5 votes
- 2 stars: 4 votes
- 3 stars: 17 votes
- 4 stars: 129 votes
- 5 stars: 371 votes
Frequently Asked Questions
How long do I have access to the course materials?
You can view and review the lecture materials indefinitely, like an on-demand channel.
Can I take my courses with me wherever I go?
Definitely! If you have an internet connection, courses on Udemy are available on any device at any time. If you don’t have an internet connection, some instructors also let their students download course lectures. That’s up to the instructor though, so make sure you get on their good side!
You may also like
- Top 10 Video Editing Courses to Learn in November 2024
- Top 10 Music Production Courses to Learn in November 2024
- Top 10 Animation Courses to Learn in November 2024
- Top 10 Digital Illustration Courses to Learn in November 2024
- Top 10 Renewable Energy Courses to Learn in November 2024
- Top 10 Sustainable Living Courses to Learn in November 2024
- Top 10 Ethical AI Courses to Learn in November 2024
- Top 10 Cybersecurity Fundamentals Courses to Learn in November 2024
- Top 10 Smart Home Technology Courses to Learn in November 2024
- Top 10 Holistic Health Courses to Learn in November 2024
- Top 10 Nutrition And Diet Planning Courses to Learn in November 2024
- Top 10 Yoga Instruction Courses to Learn in November 2024
- Top 10 Stress Management Courses to Learn in November 2024
- Top 10 Mindfulness Meditation Courses to Learn in November 2024
- Top 10 Life Coaching Courses to Learn in November 2024
- Top 10 Career Development Courses to Learn in November 2024
- Top 10 Relationship Building Courses to Learn in November 2024
- Top 10 Parenting Skills Courses to Learn in November 2024
- Top 10 Home Improvement Courses to Learn in November 2024
- Top 10 Gardening Courses to Learn in November 2024