Reverse Engineering APK's with Bytecodeviewer


In the evolving world of technology, mobile applications have become omnipresent and this evolution is creating a completely new range of attacks not relevant in the classic web application world.

As AppSec experts, it is our mission to define, promote, and improve mobile application security.

Why

Bytecodeviewer is possibly the best open source tool for reverse engineering of APK’s. This workshop is the result of five months of research into pen testing mobile APK’s @Securify.nl

What

This workshop will provide attendees with knowledge on the following areas:

  • The process of pen testing Mobile Android applications vs Web Apps
  • The challenges of pen testing Mobile Android apps
  • The role of reverse engineering in pen testing Mobile Apps
  • Tools available (Dex2jar, APKTool, Android SDK tools…)
  • Rooting your phone
  • Installing Xposed Framework
  • Why emulators do not provide the right or limited testing environment
  • Introduction to Bytecodeviewer
  • Reverse Engineering with Bytecodeviewer
  • How to use Xposed Framework
  • Smali code and signing APK’s
  • Analysing with Bytecode and Hacking an app with Xposed
  • Using the Xposed Generator (new feature!)
  • Pre-release Bytecodeviewer 3.0.0. with new features!

Reverse engineering APKS with Bytecodevierwer (Pre-release 3.0.0) features:

  • Xposed class generator from selected decompiled classes
  • Signing APKS after de-compilation in Smali
  • Improved search functionality

Outcomes

This Working Session will provide:

  • A brief overview of the anatomy of a mobile penetration test
  • Information on how to get started with reverse engineering of APK´s.

Who

The target audience for this Working Session is:

  • Anyone new to pen testing mobile android apps
  • Anyone new to Bytecodeviewer

Working materials

Here are the current ‘work in progress’ materials for this session (please add as much information as possible before the sessions):

  • draft overview of how to use Bytecode for reverse engineering and penetration testing on Android

Content



Back to list of all Working Sessions and Tracks

Edit this page here