Workshop: Android malware reverse engineering for the brave

Thursday 4 October 14:00 - 15:30, Small talks

Axelle Apvrille (Fortinet)

This workshop explains how to reverse engineer Android malware. It consists of several guided labs where participants work on real malware within a virtual environment. The malicious samples are all recent - less than a year old.

After a quick tour of the basic skills and tricks to reverse engineer Android samples, the training covers the following topics:

• Dealing with obfuscated samples
• Writing Radare2 scripts
• Hooking the malicious application with Frida

Expected skills:

• You should be at ease with Unix environments, and able to write quick (and dirty) code
• There will be special labs that beginners can do at their own pace
• The other labs (e.g Radare2, Frida, etc.) willl be of interest to more experienced reverse engineers

Equipment:

• Attendees should bring their own laptop, pre-installed with Docker (see below)
• Note the workshop mostly consists of labs, so a laptop is necessary

PLEASE FOLLOW THE FOLLOWING INSTALLATION INSTRUCTIONS BEFORE THE LAB!

REQUIREMENTS:

• 64-bit laptop
• At least 6 GB of free disk space
• Docker (community edition is fine)
• SSH client and/or vncviewer

INSTALL:

• Install Docker and check it works
• Pull the lab's image: docker pull cryptax/android-re:latest

That's all!

To test it:

1. docker run -d --name workshop-test -p 5022:22 -p 5900:5900 cryptax/android-re

2. If you use ssh: ssh -X -p 5022 [email protected]
If you use vncviewer: vncviewer 127.0.0.1::5900
The password is rootpass

3. In the Docker container, run: emulator7 &
Wait (may be long) to ensure the Android emulator opens up correctly

 

Axelle Apvrille @cryptax

Other VB2018 papers

Back to VB2018 Programme page