Android Security and Penetration Testing

7.

Advanced Security Topics

7.1.

Reverse Engineering Native Code (ARM/ARM64)

7.1.1.

Disassembling with Ghidra

7.1.1.1.

7.1.1.2.

7.1.1.3.

Function Identification

7.1.2.

Disassembling with IDA Pro

7.1.2.1.

Database Creation

7.1.2.2.

Cross-references

7.1.2.3.

Debugging Setup

7.1.3.

Static Analysis of Native Libraries

7.1.3.1.

Symbol Analysis

7.1.3.2.

String Analysis

7.1.3.3.

Control Flow Analysis

7.1.4.

Dynamic Debugging of Native Code

7.1.4.1.

7.1.4.1.1.

Breakpoint Setting

7.1.4.1.2.

Memory Examination

7.1.4.2.

7.1.4.2.1.

Process Attachment

7.1.4.2.2.

Register Analysis

7.1.5.

ARM Assembly Fundamentals

7.1.5.1.

Instruction Set Architecture

7.1.5.2.

Calling Conventions

7.1.5.3.

7.2.

Obfuscation and Anti-Reversing Techniques

7.2.1.

Code Obfuscation

7.2.1.1.

7.2.1.1.1.

7.2.1.1.2.

Optimization Rules

7.2.1.2.

7.2.1.2.1.

Advanced Shrinking

7.2.1.2.2.

Optimization Techniques

7.2.2.

String Encryption

7.2.2.1.

Custom Encoding Schemes

7.2.2.2.

Runtime Decryption

7.2.3.

Anti-Debugging and Anti-Emulation Checks

7.2.3.1.

Debugger Detection

7.2.3.1.1.

PTRACE Detection

7.2.3.1.2.

Debug Flag Checks

7.2.3.2.

Emulator Detection

7.2.3.2.1.

Hardware Fingerprinting

7.2.3.2.2.

Environment Checks

7.2.4.

Root Detection and Bypass Techniques

7.2.4.1.

Common Root Detection Methods

7.2.4.1.1.

7.2.4.1.2.

Property Checks

7.2.4.2.

Bypassing Root Checks

7.2.4.2.1.

Hook-based Bypass

7.2.4.2.2.

Binary Modification

7.2.5.

Control Flow Obfuscation

7.2.6.

Dead Code Insertion

7.3.

System-Level Security

7.3.1.

Android Verified Boot (AVB)

7.3.1.1.

Boot Integrity Verification

7.3.1.2.

Rollback Protection

7.3.1.3.

Hash Tree Verification

7.3.2.

TrustZone and Trusted Execution Environment (TEE)

7.3.2.1.

Secure World vs. Normal World

7.3.2.2.

Trusted Applications

7.3.2.3.

7.3.3.

KeyStore and Keymaster HAL

7.3.3.1.

Secure Key Storage

7.3.3.2.

Hardware-backed Security

7.3.3.3.

Key Attestation

7.3.4.

Gatekeeper and Fingerprint HAL

7.3.4.1.

Biometric Authentication

7.3.4.2.

Secure User Verification

7.3.4.3.

Template Storage

7.3.5.

Hardware Security Module (HSM)

7.3.6.

Secure Element Integration

7.4.

Android Forensics

7.4.1.

Data Acquisition Methods

7.4.1.1.

Logical Acquisition

7.4.1.1.1.

ADB-based Extraction

7.4.1.1.2.

Application Data Extraction

7.4.1.2.

Physical Acquisition

7.4.1.2.1.

7.4.1.2.2.

7.4.2.

Filesystem Analysis

7.4.2.1.

Partition Structure

7.4.2.1.1.

System Partition

7.4.2.1.2.

7.4.2.1.3.

7.4.2.2.

7.4.2.2.1.

Deleted File Recovery

7.4.2.2.2.

Fragment Analysis

7.4.3.

Artifact Recovery

7.4.3.1.

Deleted Data Recovery

7.4.3.2.

App-specific Artifact Extraction

7.4.3.3.

Timeline Analysis

7.4.4.

Memory Forensics

7.4.4.1.

RAM Acquisition

7.4.4.2.

Memory Analysis Tools

7.4.5.

Network Forensics

7.4.5.1.

Traffic Reconstruction

7.4.5.2.

Protocol Analysis

Previous

6. Common Android Vulnerabilities (OWASP Mobile Top 10)

Go to top

Next

8. Reporting and Mitigation