👷 Written by Matheus Ramalho de Oliveira
🔨 Brazilian Software Engineer
🏡 Goiânia, Goiás, Brasil
✉️ kastorcode@gmail.com
👍 instagram.com/kastorcode
SpacePeng is a small but fun Android space shooter game. Frida is a dynamic instrumentation toolkit for developers, reverse-engineers and security researchers. Written during the course Android App Hacking - Black Belt Edition.
Apps used in scripts: de.fgerbig.spacepeng, com.apphacking.cfuncfrida, com.apphacking.ndkfrida
Androguard
Android Studio
Burp Suite
dex2jar
Frida
Ghidra
jadx
objection - Runtime Mobile Exploration
Visual Studio Code
Wireshark
- Installation and Setup
- Bluetooth Low Energy Furby App Hacking
- Android App Structure
- Decompiling APK
- Android Manifest XML and App Permissions
- Hacking Activities, Intents, BroadcastReceiver, Services and ContentProvider
- SQL Injection, SQL Permission Bypass and Path Traversal Attack in ContentProvider
- Application Signing and Bluebox Master Key Vulnerability
- Reverse Engineering Android Apps
- Creating a CallGraph and FlowGraph in Androguard
- Challenge: Password Decryption
- Smali Introduction and Patching
- Dalvik Opcodes
- Rooting Detection Bypass
- Man in the Middle
- ARP - Address Resolution Protocol
- HTTPS Technical View
- Certificate Pinning Patching Certificate and Fingerprint
- Certificate Pinning Bypass with Objection
- Frida Observing and Modifying Function Parameters
- Frida Hooking a Constructor and Calling a Method
- Frida Manipulating UI Thread and Writing a Trainer
- Frida Hooking the Native Development Kit (NDK)
- Reversing C Functions in Ghidra
- Hooking C Functions in Frida
<kastor.code/>