Android App Hacking - Black Belt Edition

Focused View

Roman Stuehler

46:17:47

8 View

1 - Installation and Setup

1 - Concept.html

1 - Setup Theory.mp4

10:22

2 - Installation System & Android Studio.mp4

25:38

3 - Emulator Installation.mp4

10:35

4 - Emulator Usage Secret Features.mp4

32:41

5 - Androidx86 Virtual Machine Setup.mp4

13:15

6 - Developer Options.mp4

11:49

7 - Developer Options Secrets Game Hacking.mp4

23:03

8 - 8brushbtsnoophcibrush.zip

8 - Developer Options Bluetooth Low Energy Hacking.mp4

35:42

9 - 9furbybtsnoophci.zip

9 - Bluetooth Low Energy Furby App Hacking.mp4

19:40

10 - Android Debug Bridge Theory.mp4

10:43

11 - Android Debug Bridge ADB HandsOn White Belt.mp4

31:34

2 - App Structure

2 - Activities and Intents.html

3 - Broadcast Receiver and Content Provider.html

12 - Filestructure of an APK.mp4

12:36

12 - spacepeng.zip

13 - Dalvik Dex.mp4

05:41

14 - Classesdex.mp4

06:25

15 - Decompiling Preperation.mp4

07:06

16 - Decompiling HandsOn.mp4

17:10

16 - spacepeng.zip

17 - AndroidManifestxml.mp4

30:11

17 - privacy.zip

18 - App Permissions.mp4

26:12

19 - Activities.mp4

11:34

20 - 102sieve.zip

20 - Activities Hacking.mp4

35:42

21 - 63SieveLoginBypass.zip

21 - Activity Bonus Bypassing Login Own Application.mp4

20:16

22 - Intents.mp4

14:56

23 - Intents Examples.mp4

42:29

23 - alarmpin.zip

24 - BroadcastReceiver.mp4

22:16

25 - 82BroadcastReceiverSource.zip

25 - 82broadcastReceiverAPK.zip

25 - BroadcastReceiver Hacking Alarm App.mp4

45:33

26 - 83BroadcastHacking.zip

26 - BroadcastReceiver Hacking via own App.mp4

19:35

27 - Services.mp4

05:33

28 - ContentProvider.mp4

15:58

29 - 102sieve.zip

29 - 102sieveCode.zip

29 - ContentProvider SQL Injection.mp4

51:15

30 - 103SieveBackup.zip

30 - ContentProvider Database Attacks SQLi Permission Bypass.mp4

49:14

31 - 102sieveCode.zip

31 - 104MusicPlayerSource.zip

31 - 104PathTraversalPoCSource.zip

31 - 104musicplayer.zip

31 - 104pathtraversalpoc.zip

31 - ContentProvider PathTraversal Attack.mp4

48:22

32 - Application Signing.mp4

21:47

33 - Application Signing Deep Dive.mp4

08:31

34 - BlueBox Master Key Vulnerability Signing.mp4

10:50

3 - Reverse Engineering Android Apps

35 - 20defgerbigspacepeng1581.zip

35 - Dex2Jar.mp4

11:34

36 - JadxGui.mp4

19:06

37 - 20defgerbigspacepeng1581.zip

37 - JadxGui HandsOn.mp4

05:50

38 - Secret Super Weapon.mp4

06:31

39 - Reversing Apps.mp4

08:01

40 - Creating a CallGraph CG.mp4

26:21

41 - Creating a FlowGraph FG.mp4

27:12

42 - AndroLabServer.zip

42 - Challenge Intro.mp4

12:27

43 - Challenge Hacking Activities.mp4

33:59

44 - Challenge Hacking Content Provider.mp4

19:21

45 - Challenge Hacking BroadCast Receiver.mp4

16:17

46 - Challenge Password Decryption.mp4

23:33

4 - Smali

47 - Recap.mp4

03:13

47 - defgerbigspacepeng1581.zip

48 - Smali Introduction.mp4

17:55

48 - playersmali.zip

48 - smalionesimple.zip

49 - Smali Patching.mp4

10:45

49 - smalione.zip

50 - Challenge Solution.mp4

14:04

51 - Registers.mp4

33:09

51 - playersmali.zip

51 - registers.zip

52 - Types.mp4

16:07

53 - P0 Register.mp4

36:20

53 - p0.zip

54 - Dalvik Opcodes.mp4

25:16

55 - Smali File Structure.mp4

21:56

56 - Practice Smali.mp4

33:39

57 - Practice Solution.mp4

12:59

58 - Orange Belt Intro.mp4

02:28

59 - Orange Belt Solution.mp4

32:28

60 - IF Intro.mp4

01:15

61 - IF ELSE GOTO.mp4

18:36

62 - IF ELSE GOTO Code Analysis.mp4

25:42

62 - smalitwo.zip

62 - smalitwosmali.zip

63 - IF ELSE GOTO Blocks.mp4

09:25

64 - IF ELSE GOTO Practice.mp4

07:14

65 - SmaliTwo.zip

65 - SmaliTwodesigned.zip

65 - Smali Patching Flipping the logic.mp4

40:50

66 - Smali Patching Deleting Code.mp4

27:03

66 - appdebug.zip

67 - Smali Patching Jump Instructions.mp4

12:31

67 - infos.txt

67 - playersmali.zip

67 - smalitwo.zip

67 - solution.zip

68 - Rooting Detection Intro.mp4

04:59

69 - Rooting Detection bypass Solution.mp4

35:12

70 - Rooting Detection Solution2 Bonus.mp4

19:20

70 - solutionjump.zip

71 - Smali Objects and Methods.mp4

39:52

71 - objects.zip

71 - objectsleveluppatched.zip

72 - Smali Static Methods.mp4

12:38

72 - static.zip

72 - staticmodified.zip

73 - Smali Hello World Yes this late.mp4

11:23

73 - helloworld.zip

74 - Printing out secrets Systemout Written in Smali.mp4

34:43

74 - solution.zip

74 - xorencryption.zip

75 - Patching XOR encryption.mp4

14:00

75 - bonussolutionpatched.zip

76 - One challenge to recap all Intro.mp4

29:18

76 - aes.zip

77 - One challenge to recap all Part 1.mp4

25:38

78 - One challenge to recap all Part 2.mp4

47:10

78 - SmaliSupporterkey.zip

78 - out.zip

79 - One challenge to recap all Part 3.mp4

01:17:46

79 - solution.zip

80 - AESSolutionHelper.zip

80 - One challenge to recap all Solution.mp4

28:15

80 - hardway.zip

80 - solution.zip

81 - Blue Belt Challenge Intro.mp4

21:35

82 - Blue Belt Challenge Hint.mp4

36:54

83 - Blue Belt Challenge Solution.mp4

38:29

5 - Man in the Middle

84 - Adress Resolution Protocol ARP.mp4

15:57

85 - MitM Setup.mp4

29:57

86 - Intercepting Theory.mp4

19:24

87 - BurpSuite Setup.mp4

32:25

88 - Reset the Setup.mp4

08:55

89 - HTTPS Technical View.mp4

20:04

90 - Installing a Certificate.mp4

16:55

91 - MitM Setup Virtual Machine VM.mp4

23:02

92 - Certificate Pinning Theory.mp4

07:12

93 - Certificate Pinning OpenSSL Bonus.mp4

01:07:23

94 - Certificate Pinning Patching Fingerprint.mp4

26:53

94 - certificatepinninghash.zip

95 - Certificate Pinning Patching Certificate.mp4

15:50

95 - certificatepinningcert.zip

96 - Certificate Pinning Objection Bypass.mp4

13:38

96 - certificatepinningcert.zip

96 - certificatepinninghash.zip

6 - FRIDA

97 - Introduction.mp4

04:33

98 - Install.mp4

20:25

99 - Hooking Theory.mp4

27:34

99 - activity.zip

99 - aes.zip

100 - Dize Game HandsOn.mp4

06:06

101 - Dize App Analysis.mp4

09:45

101 - privacyfriendlydicer.zip

102 - Dize App Observing Parameters.mp4

26:37

102 - paramhook.zip

103 - Dize App Modifying Parameters.mp4

11:04

103 - paramhook.zip

104 - Function Overloading.mp4

18:33

104 - nextint.zip

105 - Timing Hooking.mp4

08:48

106 - Challenge Rooting Detection bypass.mp4

02:49

107 - Challenge Rooting Detection solution.mp4

17:19

108 - Actively calling a method.mp4

29:46

108 - fridafunc.zip

108 - instancemethod.zip

108 - staticmethod.zip

109 - Instance Methods.mp4

29:33

109 - instancemethod.zip

110 - Working with Instances.mp4

28:25

110 - existinginstance.zip

111 - 20defgerbigspacepeng1581.zip

111 - 171handson.zip

111 - HandsOn.mp4

20:40

112 - HandsOn Solution.mp4

01:02:19

112 - coinrain.zip

112 - hookhighscore.zip

112 - invincible.zip

112 - invisible.zip

112 - rapidfire.zip

113 - Instance as a parameter.mp4

17:20

113 - fridainst.zip

113 - instanceparameter.zip

114 - Existing instance as a parameter.mp4

07:54

114 - existinginstanceparameter.zip

115 - Challenge Create multiple player shots.mp4

01:41

116 - Challenge Mulitple player shots solution.mp4

16:58

116 - addplayer.zip

117 - Constructor hooking.mp4

20:10

117 - constructor.zip

118 - Manipulating UI Thread.mp4

29:45

118 - fridafunc.zip

118 - uitoast.zip

119 - Writing a trainer.mp4

24:24

119 - trainer.zip

120 - Hooking the Native Development Kit NDK.mp4

14:49

121 - NDK hooking Easy Way.mp4

16:10

121 - flexingonnativemethods.zip

121 - fridandk.zip

122 - NDK hooking Hard way.mp4

34:10

122 - fridandk.zip

122 - ndkhook.zip

123 - NDK hooking timing.mp4

08:56

124 - hooking ndk.mp4

25:20

125 - Reversing C function in ghidra Bonus.mp4

29:12

126 - Hooking C function in frida Bonus.mp4

01:04:34

126 - cfuncfrida.zip

126 - cfunctionhook.zip

Description

Becoming the lead expert in android app security

What You'll Learn?

Deep understanding of the android app structure
How to exploit Activities, BroadcastReceiver and ContentProvider (SQL injection & Path Traversal)
Bypassing Rooting Detection (SMALI and FRIDA)
Bypassing Certificate Pinning (SMALI and FRIDA)
Performing a man-in-the-middle attack
Analyzing-/ Manipulating the network traffic of a mobile app
Creating call- and flow graphs to reverse engineer strong obfuscated apps
Manipulating Java and C/C++ methods (FRIDA & SMALI)
Reading- / Writing SMALI code
Injecting own (custom) code into existing applications
Deep understanding of the android permission model
Modifying games (infinite lives, high score, invisble, invincible) - Writing a trainer
Analzying bluetooth low energy connections
Dealing with different encryption types (e.g. AES)
Deep- / Web- / App-Links (Bug Bounty)
Reversing native libraries with Ghidra
Debugging Java code
Debugging SMALI code (live - with interpreter)
Webvies & JavaScriptInterfaces
XSS / SQL Injection Exploitation

Who is this for?

Security Analyst / Ethical Hacker

Android App Developer

Bug Bounty Hunter

Everyone who likes to manipulate android apps / games :)

What You Need to Know?

Android knowledge is not required (This course teaches everything)

No real smartphone required

Laptop / PC

More details

Description
In this course you will learn absolutely everything about android app hacking. This course teaches you the ethical principles and enables you to become the top expert of your company regarding to app security. We learn really complex attacks in the most funny way that's possible, by hacking a mobile game.

Legal note:
The game we are going to hack is licensed under the GNUÂ GPL, which means, we are allowed to perform such modifications. Hacking apps without having the permission of the author is strongly forbidden! The things you learn are related to security research. IÂ am teaching you all of this in a legal and ethical way.

Course -Â Structure:

In the installation chapter we will analyze different smartphone setups, their strength and their weaknesses. We unlock our device and use certain features to already start hacking our first apps. We will learn how to analyze bluetooth low energy connections and get familiar with the Android Debug Bridge (ADB).

We move on to the android app structure. Here we gain a rock solid understanding about the key components of an android app. We will analyze the AndroidManifest.xml and learn how to exploit activities, broadcast receiver and content provider. We will write our own small apps to exploit SQL injections and path traversals.

Afterwards we take a deep dive into reverse engineering. We will learn how to decompile an android app and reconstruct the Java code. We will have a look at different decompilers and create flow- and call graphs to deal with highly obfuscated apps. Finally a nice application is waiting for us to practice all the things we have learned so far.

Then we have the treasure of this course, the SMALI chapter. SMALI is like an assembly language of an android application and gives us unlimited power in hacking them. We practice our skills by modifying our mobile game to have infinite lives, become invisible or invincible. We add multiple player shots, manipulate the fire rate and many more.

In the man-in-the-middle chapter we will learn how to analyze the network traffic of a mobile app. We will gain an understanding about HTTPS and how to analyze these connections. We will learn how certificate pinning works and bypass several different types of it.

The last thing that is missing is FRIDA, which is an amazing framework to perform runtime manipulations within an app. We will hook into the pseudorandom number generator (PRNG) to modify a dice application. We will learn how to scan the memory for certain instances and how to interact with the UI thread of an app. We will create new objects and practice all of this by writing our own trainer for a gaming application. The cherry on top will be the analysis of a native c function with Ghidra and the manipulation and modification with FRIDA.

After getting through all these chapters you will be the top expert in android app security of your company.Â Therefore, what you are wainting for?Â :)
Who this course is for:
Security Analyst / Ethical Hacker
Android App Developer
Bug Bounty Hunter
Everyone who likes to manipulate android apps / games :)

User Reviews

Rating

average 0

Total votes0

Focused display

My name is Roman Stuehler and I did start hacking back in 2010. The good old days full of SQL injections, WEP protected networks and an operating system named Backtrack 3. Since then I have developed applications to perform memory analysis in smartphones (cera) or obfuscater for shellcode (crypxor). In 2015 I became the leader of the Mobile Device Hacking workshop and since then my emphasis switched to embedded systems, reverse engineering and exploitation. Furthermore I am holding certifications like Offensive Security Certified Professional (OSCP) or the FOR585: Smartphone Forensic Analysis In-Depth.

Udemy

View courses Udemy

Students take courses primarily to improve job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.