WEBVTT

00:01.670 --> 00:08.930
All right, so for mobile security testing, we also need to know some basic reverse engineering concepts

00:08.930 --> 00:15.080
in order to understand the operating system, the architecture, as well as the programming language

00:15.080 --> 00:18.410
intricacies of mobile devices.

00:19.530 --> 00:26.760
Now, reverse engineering a mobile app is just basically an overview is the process of analyzing the

00:26.760 --> 00:31.960
compiled app to extract information about its source code to find out how it works.

00:32.030 --> 00:37.740
OK, that's basic, but the goal of reverse engineering is comprehending the code here.

00:39.550 --> 00:45.160
Of course, you can do this by examining the compiled code, which we call static analysis, or observing

00:45.160 --> 00:52.390
the app during runtime, which is called dynamic analysis or a combination of both.

00:54.100 --> 01:00.580
So Android offers reverse engineers big advantages that aren't necessarily available with iOS.

01:01.240 --> 01:04.740
And one of the reasons is because Android is open source.

01:04.750 --> 01:12.880
That means you can study its source code at Android Open Source Project and modify the OS and it's standard

01:12.880 --> 01:14.500
tools any way you want.

01:15.430 --> 01:16.270
Sounds like fun.

01:18.830 --> 01:25.970
So in our setting up our laboratory section, we've built a reverse engineering environment with Android

01:25.970 --> 01:33.440
Debugging Bridge, ETB, apk studio RPK Tool and bytecode viewer.

01:34.600 --> 01:42.130
Now, bytecode viewer is a decompiled to make Java bytecode more, I'd say, readable by human beings.

01:43.170 --> 01:50.730
So we'll download an epic decompiled ADEX file and analyze the source code with bytecode viewer and

01:50.730 --> 01:51.840
the epic tool.

01:53.650 --> 01:59.950
Now, throughout the course will intentionally use vulnerable mobile applications that are created for

01:59.950 --> 02:07.030
security testing, and that's just to learn the insecurities of Android operating system.

02:07.660 --> 02:14.380
So I'll start with the insecure bank application and will reverse engineer it.

02:14.760 --> 02:15.370
Are you ready?

02:15.490 --> 02:16.310
Let's get started.

02:18.780 --> 02:20.250
Opened up the terminal screen.

02:21.460 --> 02:24.700
And here you just change directory to desktop.

02:27.300 --> 02:33.150
So now let's unzip the APJ file to a new folder and see the extracted files.

02:34.050 --> 02:37.860
All right, so open the folder and look here.

02:37.860 --> 02:41.290
We have some folders and files.

02:43.810 --> 02:52.240
I Iron F folder, this contains the manifest information, as well as other metadata about the Java

02:52.240 --> 02:52.720
package.

02:54.430 --> 03:00.630
The Reds directory contains all the resources, such as images, icons, layout, resources, etc..

03:01.860 --> 03:04.050
And here's the Android manifest file.

03:06.210 --> 03:14.760
So classes, not decs file, contains code that's ultimately executed by Android runtime, and it references

03:14.760 --> 03:23.850
any classes or methods that are used within an app as well as resources that ARCC that is compiled binary

03:23.850 --> 03:25.200
form of resources.

03:27.470 --> 03:33.290
Now, let's compile and analyze these files with bytecode viewer.

03:34.350 --> 03:36.150
Open by code viewer.

03:37.820 --> 03:42.170
At the peak of the you were a bank under the file menu.

03:43.170 --> 03:43.770
Open it up.

03:45.190 --> 03:48.310
OK, so it's decompiled the APK now.

03:50.190 --> 03:56.760
And yeah, so here are the class files that are extracted from the decks file.

04:01.110 --> 04:02.280
Says click on one of them.

04:04.140 --> 04:09.850
So what you're looking at here are two panes in the workspace section here.

04:10.110 --> 04:17.400
Now, the left pane shows the code with a Jadi GoED compiler and the right pane shows the code with

04:17.910 --> 04:19.920
the default smally de compiler.

04:21.390 --> 04:26.190
So under the You menu, you can change the paint options and select another decompiled if you want to

04:26.190 --> 04:26.520
use.

04:29.110 --> 04:31.150
So you can also add another Pann.

04:32.600 --> 04:37.940
So let's change the second pane to bytecode over another class file.

04:38.930 --> 04:45.440
And yeah, so see how this campaign changes and shows us the code with a bytecode decompiled.

04:47.370 --> 04:50.460
Under the settings menu, you can change the default settings, of course.

04:51.510 --> 04:57.210
Now, there's also a plug in system that will allow you to interact with a load of class files, for

04:57.210 --> 05:02.970
example, you can write a malicious code searcher or anything else you can think of.

05:03.780 --> 05:07.500
You can either use one of the pre written plug ins or write your own.

05:08.800 --> 05:15.670
Down here in the lower left section, there's a search field to search string methods and acts from.

05:16.560 --> 05:18.600
All classes or the current class.