Learn To Reverse Engineer Android Tamper Detection

This course was filmed as part of a workshop ran in January 2023.

By the end of this course you’ll be able to develop simple Android applications, reverse Android applications to both Java and

SMALI, and apply other techniques to your reverse engineering efforts such as patching.

This course has a specific focus on understanding, utilising, and subverting tamper detection and attestation techniques. These techniques are used by banks, online games, and streaming services to minimise the potential of their applications running while on compromised (e.g. rooted) devices. A common and mainstream example of this is the Google Play SafetyNet Attestation API. During this course, we explain what attestation and tamper detection is, how it is used inside of Android applications, and how as reverse engineers we can get around these techniques for security testing.

This course also focuses on patching. This is the concept of statically altering an Android application before runtime to alter execution of the program. This can include anything from modifying variables, function calls, and classes. In this course we’ll use patching to circumvent tamper detection and attestation techniques.

About The Author:

James Stevenson has been working in the programming and computer security industry for over 5 years, and for most of that has been working as an Android software engineer and vulnerability researcher. Prior to this, James graduated with a BSc in computer security in 2017. James has featured articles on both personal websites and industry platforms such as Infosecurity Magazine – covering topics from security principles to android programming and security to cyber terrorism. James is a full-time security researcher, part-time PhD student, and occasional conference speaker. Outside of Android internals, James’ research has also focused on offender profiling and cybercrime detection capabilities.