Reverse engineering...
 
Notifications
Clear all

Reverse engineering of unsupported Android applications

paltho
(@paltho)
New Member

Hello, Forensic Focus community.

I am a student currently doing a bachelor's assignment on reverse engineering Android applications that is not supported by major tools. The bachelor will contain a “best practice/guide” on the reverse engineering part.

I am quite new to the whole reverse engineering thing, but I have done some research about how to do it. The question I am stuck with is what apps I am going to choose because there is a whole lot of them.

So, I wonder if anyone in this community has any apps they would want me to reverse engineer? Or has any tips on an interesting app that are unsupported. The result of the guideline and my findings will be shared as I progress.

Quote
Topic starter Posted : 03/02/2021 12:21 am
droopy
(@droopy)
Active Member

Try reversing Whatsapp APP. I do it, and i could enable hidden settings like integrated call recording of calls, etc. Even you learn a lot about the security of it

Tools: JEB, APKTOOL (smali), etc.

This post was modified 2 months ago by droopy
ReplyQuote
Posted : 03/02/2021 1:28 pm
athulin
(@athulin)
Community Legend
Posted by: @paltho

I am a student currently doing a bachelor's assignment on reverse engineering Android applications that is not supported by major tools. The bachelor will contain a “best practice/guide” on the reverse engineering part.

I am quite new to the whole reverse engineering thing, but I have done some research about how to do it. The question I am stuck with is what apps I am going to choose because there is a whole lot of them.

Have stated your goals correctly?  if so, you need to identify what you mean by 'major tools'.  That should give you a selection standard ('Is app X supported by tool 1, tool 2, etc?  If not, put it on the todo-list.').  As to what apps you should focus on, it would seem appropriate to go a) by standard Android apps that do not already have source code available, and b) by most downloaded apps that again are not open source. (I am assuming that open source makes any kind of disassembly/decompilation unnecessary.

You will, I presume, have to document how you selected your target apps, so you will need to think about this in any case.

As for 'quite new to the whole reverse engineering thing' ... that means that you should probably  do some simple app that has already been analyzed.  I expect you have some solid software development foundation for the platform ... if not, have a chat with your advisor to ensure you haven't chosen a task that is beyond you.  It may be easier to focus on something simple, such as some apps that fakes or disable GPS/geolocation data.

For this kind of analysis to be useful, you need to cover everything.  To be able to say that 'in use cases A, B and C, the app behaves like this'  may be partially useful, but if also behaves  like that in other use cases that you haven't studied, the value of your finding will be ... reduced.  But as this is bachelor-level work, I assume that other aspects of your work are more important to get the job approved.

ReplyQuote
Posted : 03/02/2021 5:24 pm
Share: