Reverse engineers love the Android’s openness because it gives them the possibility to explore. Here, we will talk and discuss the Android’s reversing and also about the OS-specific tools as processes.
As you probably already know, Android is the open source, which means that the engineers can easily study its source code at the Android Open Source Project (also known as AOSP). In that case, they can too modify the OS and also its standard tools in any way they want or that is needed at that time. If you want to activate the developer’s mode or even to sideload the app without jumping through so many hoops, you can easily do it even on the standard retail device. Besides that, there are also so many powerful tools which are shipping with the SDK into the variety of reverse engineering tools. The possibilities are really numerous!
It is the truth that the Android offers so many great possibilities, but there are also some things you need to start or finish your idea successfully. First of all, you will need to deal with the Java code and the native code at the same time. JNI (Java code) can be deliberately used with a purpose to confuse some of the reverse engineers. Also, about the native layer, it is often used by the developers with a purpose to hide some data and its functionality. So, in that case, they can structure the apps which execute the frequent jumps which happen between the two layers.
So, what do you need? Most important, the knowledge about the Java-based Android environment and also the Linux OS and Kernel. You must learn about those too because that is where the Android is based. What about the toolset? You will need to find the proper one which will be able to deal both with the native code and the bytecode which is running on the Java’s virtual machine.
When you start this process you need to be sure that you have installed the newest SDK tools and SDK platform-tools packages. They will have included the Android Debugging Bridge client and many other tools which are actually already interfaced with the Android’s platform. The second thing you need on your device is definitely the Android NDK. That’s actually the Native Development Kit which contains the prebuilt toolchain made with a purpose for the cross-compiling native code for various architectures.
Besides all that we have mentioned, be sure that you also get something to make the Java bytecode more readable in a human way.
There are some decompilers which are used often and very popular. Those are JAD, JD etc.,
How to set up the Android SDK?
All of its installations are actually managed via the Android Studio. What you have to do is to create an empty project in the Android’s Studio and just select the Tools>Android>SDK Manager. That is how you will open the SDK Manager GUI. Also, it is a good thing to know that the SDK platform tab lets you install multiple SDKs for different API levels. There are some recent API levels I would like you to know about. There you have the API 21 which is for the Android 5.0, 22 for 5.1, 23 for 6.0, 24 for 7.0 and 25 for 7.1. The latest one is different and it is called the Android O Developer Preview (26).
While installing the SKD, one thing you need to keep in mind if you have Linux is that you will need to pick your own SDK location here. It is also not such a problem, you can choose /opt, /usr/local or /srv for example.
Okay, what else you need to do? You have to pick the right architecture. After that, you also need to know how to specify the sysroot which is correct which is actually correct for the native API level you are targetting. What is the sysroot at all? It is the directory that contains the system headers and also the library which will be very useful for your target.
How to make it all easier? The best would be to let the NDK allow you creating the so-called standalone toolchain. That would be the temporary toolchain which will easily incorporate the settings which are required.
What about enabling the developer’s mode? It needs to enable the USB debugging on the device if you want to use the ADB debugging interface. From the Android 4.2, the developer’s options from the submenu were hidden by default, you wouldn’t have a chance to find them in the settings. But we will help you to activate them easily! You just need to tap the ‘Build number’ section which is located on the ‘About phone’. Do it for seven times.
The Runtime Instrumentation and Tampering
We will now take a look first at some simple ways for modifying and instrumenting the mobile applications. The term tampering actually means-to make some parches or other run-time changes which will affect the app’s behaviors. We will show it now on the example. Let’s say that you want to deactivate the SSL pinning. It may also be some binary protection too, which hinders the testing process. What about the runtime instrumentation? It encompasses by adding the hooks and the runtime patches with a purpose to observe the real app’s behavior. But, you need to remember that here the mobile ap-sec loosely refers to all of the kinds of the run-time manipulation. It also includes overriding methods for changing the behavior. So, just forget about globalizing here, it is all about the different component and the situation.
There is one more thing I would like you to know about here. The binary analysis frameworks. They will give you such a powerful ways for automating the tasks which are really impossible to do them manually. They are very hard and take a lot of time.
Hope that we have helped you and that you have enjoyed this lesson! Come back for more!