SOLUTIONS
> Side Channel Analysis
Ready-to-use side channel tools to assess cryptography algorithms.
> Fault Injection: Laser, EM & Glitching
Make sure your chip withstands different techniques of physical fault injections.
> Firmware Security Analysis
Qualify embedded code binaries without physical devices and benches.
> Security Failure Analysis
Photoemission analysis to explore internal information in a chip.
> Vulnerability Research
Dynamic analyses at a system level for investigating potential vulnerabilities.
> esDynamic for EDU SCA and FI
A learning center for academics to teach and perform side-channel analysis and fault injection
TECHNOLOGIES
> Data Science Platform
esDynamic is a complete data focused platform to leverage the know-how of your team for complex analyses.
> esFirmware Engine
Assess the security of the firmware of IoT devices against logical and physical attacks.
> esReven Engine
Record and replay vulnerability researches within reverse engineering processes and tools.
PROFESSIONAL SERVICES
> Cybersecurity Training
Grow your expertise with training modules driven by a coach.
> Hardware Evaluation Lab
High-end laboratory capabilities specialized in hardware security evaluations.
EXPERTISE
> Mobile App Security
Onboard your Team into your Security Challenges.
> DevSecOps
Integrate the security protections verification in your CI/CD pipeline.
> PCI MPoC
Prepare your product to meet this new mobile payment standard.
SOLUTIONS
> Mobile App Security Testing (MAST)
esChecker SaaS: automating the security testing of your mobile app binary.
PROFESSIONAL SERVICES
> Mobile App Penetration Testing
Testing the resiliency of your Mobile App, SDK or RASP tool.
> Backend Penetration Testing
Testing the resiliency of your Web App, API or Backend Systems.
> Coaching for Mobile App Developers
Providing insights into the mobile app threats and how attackers work by a learning-by-doing approach.
Go to our German website
OUR COMPANY
> Events
CAREERS
> Meet our experts
> Open positions
Join our team!
FOLLOW US
Twitter
Linkedin
Youtube
Github
Gitlab
Static Analysis of an Android application
This module mainly focuses on static analysis of an Android application. It is split in two parts: the first one focuses on the static analysis of the java code, and the second one on the native code. During this module, you will learn how to find entry points from where one can perform further analyses from the Java code to the Native one. Different techniques and tools will be demonstrated so you can practice.
Covered Topics
What you will learn:
- Disassemble and decompile an application to start reviewing the code
- Surface analysis, finding entry points and low hanging fruits
- Patching an application
- Use Android Studio to review your code and apply some best practices while reverse engineering the code
- Tips for reviewing obfuscated code
Exercises
A CrackMe-like challenge is provided as a practical exercise.
Different flags have to be found with only one condition: the trainee has to only perform static analysis to reverse engineer the application and retrieve those flags.
You will have to extract and decompile or disassemble the code to review it.
You will have to apply the tips that were provided while using Android Studio to review the code, especially, obfuscated ones.
Requirements
- Knowledge of the anatomy of an Android app (if not, Module 1 required)
- Knowledge of the SMALI syntax (if not, Module 1 required)
- Knowledge of the Java and C/C++ programming languages
- Being at ease with Linux-based environment system
- Knowledge of the Java programming language
- Beginner level with the tools: GHIDRA, Android Studio, jeb (or any free alternative, like jadx)
Practical information
Overall duration: 5 to 10 days
Schedule: 9:30am - 13pm (CET/CEST) - virtual/in person
Number of trainees: 2 trainees max.
