Skip to main content

Reverse Engineering

2026


Reverse Engineering Android Malware Apps

·23 mins
Android Malware Analysis # The goal: Understand android APK malware analysis Learning points: Understand malware and analyze an Android RAT Static and dynamic analysis using JADX, apktool and android emulator Learn how to reverse android apps Understand different types of android malware: RAT vs stalkerware Understanding the different android components in relation to malware abuse Ahmyth app # This is the aplication we will analyze: https://ahmyth.com/. AhMyth is an open source Remote Access Trojan(RAT) developed for the Android operating system. Malware is anything that does some action the end user has not consented to and they run in the background stealing user data remotely.

8kSec - Factsdroid WriteUp

·2 mins
GOAL: Intercept network traffic in FactsDroid and view/modify the API requests and responses between FactsDroid and the backend server without statically patching the provided APK. The objective is to successfully implement a Man-in-The-Middle (MITM) attack that allows you to manipulate the facts being displayed to the user, potentially inserting custom content or modifying the retrieved facts before they reach the application. Upon installing the app using adb install factsdroid.apk, I immediately see this error message when launching the app: In order to bypass the root check, I injected the Frida anti-root script into my APK: frida -U --codeshare dzonerzy/fridantiroot -f com.

2024


Reverse Engineering

·4 mins
Reverse Engineering # Decompiling a program from assemnly back to high level language to try and understand what the program does. Example uses cases: Vulnerability Analysis Malware Research Binary Analysis Tools Summary (Ghidra Book, Ch. 2) # 1. file # What: Identifies the file format (ELF, PE, Mach-O), architecture (x86, ARM), and bit-width (32/64-bit). When: Step 1 (Triage). Use it the moment you receive a mystery file. Why vs Others: Use this instead of nm or objdump initially because it tells you if the file is even an executable or if it is “stripped” (missing names). Example Command: file <filename> 2.