--- title: Android App Reverse Engineering! tags: Android, Reverse Engineering description: View the slide with "Slide Mode". --- # :tada: And let there be Android Bugs :smiling_face_with_smiling_eyes_and_hand_covering_mouth:  ### By Chalie Wizz ### @Chal13W1zz ___ ### Previously... {%youtube hF-QyNxkilo%} --- <!-- Put the link to this slide here so people can follow --> Let the party begin :tada: --- We have a hands on session :tada: please use the content shared for Etical purposes only! --- ## Who am I? - Android Application security Analyst | Ethical Hacker | Bug Bounty Hunter | Ctf addict |Mobile and Web Developer - Reverse Engineering For Life :heart: - I use Parrot OS :cat: --- ### Android app hacking arsenal :gun: --- - Moblexer - Genymotion - Drozer - Apktool - Jadx-gui - Burpsuite - frida - magisk - Apklab plugin - Google - a curse words dictionary - a lot of coffee ___ # Live App Hacking :drum_with_drumsticks: :drum_with_drumsticks: --- Part 1 recap -drozer in a nutshell -login bypass 1 -login bypass 2 Part 2 headshot -sandbox browse -Hacking google photos some smali : http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html ### Patching / Modding -premium purchase bypass -Assembling the pieces -Behold the cracked app!! # :bulb: ### NB: You Must Love Android Intents and deeplinks --- # :100: :muscle: :tada: we kinda done here, take a break, stretch and drink some water  --- # Mitigation - Code Obfuscation - Proper components declaration - use of encrypted databases - use of token auth over convenctional passwords - Proper use of implicit intents --- ### Thank you! :sheep: Now go Root your phone and...  # Any questions?....or ideas :eyes: You can find me on tinder :rolling_on_the_floor_laughing: - Youtube : https://www.youtube.com/c/FreeTechMods - Twitter : https://twitter.com/Chal13W1zz - GitHub : https://github.com/Chal13W1zz - Telegram : https://t.me/FreeTechMods - Email : chaliewizz4@gmail.com - WhatsApp/Call : +254795344966