A practical workshop on analyzing Android applications through source code review and dynamic analysis using powerful tools and hooking techniques.
In this workshop, you'll learn:
- β
How to use
jadx-gui
for static analysis - β How to hook Android functions and change their behavior
- β
How to work with non-
MainActivity
components - β How to bypass checks and extract flags dynamically
Make sure you have the following installed and ready:
- Android Studio β
- Android SDK (API 26) β
- ADB β
- Rooted Android Device β
- Magisk + Frida β
jadx-gui
β- Python requirements β
You can follow CSLU installation Guide.pdf to install the tools required for the workshop.
Install Python requirements:
pip install -r requirements.txt
- Android Studio β for APK decompilation and debugging
- ADB β to communicate with the Android device
- Frida β for hooking functions at runtime
- Magisk β to root the device and run Frida server
- jadx-gui β for static analysis of APKs
Lab | Topic | Link |
---|---|---|
0 | Introduction to Hooking & Changing Return Values | labs/lab0 |
1 | Hooking Functions for Flag | labs/lab1 |
2 | Hooking Non-MainActivity Methods Flag | labs/lab2 |
3 | Introduction to Hooking Non-MainActivity Variables | labs/lab3 |
4 | Hooking Non-MainActivity Variables for Flag | labs/lab4 |
5 | Instantiating Unused Class for Flag | labs/lab5 |
6 | Instantiating Unused Class with Parameter for Flag | labs/lab6 |
This workshop includes a pre-rooted AVD setup based on the amazing work by:
Huge thanks to both projects for making Android security research more accessible.
Happy reversing! ππ±