- Last Updated: February 24, 2025
- Author: Evil0ctal
- English Translation: Lynix-devs
- GitHub Repository: AndroidReverse101
- Contributions Welcome: Feel free to ⭐️ Star, Fork, and submit PRs to collaborate and learn Android reverse engineering together!
📖 From Zero to One: A Systematic Approach to Learning Android Reverse Engineering—Making It Fun, Engaging, and Easy to Start!
💡 Learning Goals:
- Beginner-Friendly – Designed for those with little to no programming experience.
- Deep Dive – Learn CPU architecture, assembly language, ARM instruction sets, Android runtime mechanics, and more.
- Hands-on Approach – Daily lessons + experiments, so you can immediately apply what you learn.
- Balancing Cracking & Security – Understand both reverse engineering techniques and Android security mechanisms.
🔹 Objective:Understand low-level computer architecture, hexadecimal systems, CPU instruction sets, assembly language, and Android runtime principles.
| Day | Topic | Content |
|---|---|---|
| 🏁 Day 1 | What is Reverse Engineering? | Real-world vs. software reverse engineering, use cases |
| 🔍 Day 2 | History & Evolution of Android Reverse Engineering | From early APK cracking to modern app protection |
| ⚙️ Day 3 | What is a CPU Instruction Set? | CISC vs. RISC, why Android uses ARM |
| 🔥 Day 4 | Hexadecimal Conversion: Why It Matters? | Binary, Decimal, Hexadecimal conversion & usage |
| 🏗 Day 5 | Assembly Language Basics | Relationship between assembly and machine code, registers |
| 🏹 Day 6 | x86 vs. ARM Assembly | Differences between x86 and ARM instructions |
| 📜 Day 7 | ARM Assembly Instruction Analysis | Analysis of MOV, ADD, SUB, LDR, STR instructions |
| 🚀 Day 8 | Function Calls and Returns | Analysis of BL, BX, CALL, RET instructions |
| 🏗 Day 9 | Android CPU Architecture Analysis | Differences between ARMv7, ARMv8, ARM64 |
| 📦 Day 10 | Dalvik vs. ART Runtime | How Android's Java Virtual Machine executes code |
| 🔥 Day 11 | Android Process Management | Understanding the Zygote process and app process lifecycle |
| 🚀 Day 12 | Android Permission Mechanism | How permissions in AndroidManifest.xml affect app security |
| 📂 Day 13 | Android APP Directory Structure | Analysis of the /data/data directory and app data storage locations |
| 🔍 Day 14 | How is an APK Loaded? | How Android processes and loads an APK |
| 🛠 Day 15 | Writing ARM Assembly Code (Lab) | Writing ARM Assembly Code (Lab) |
| 🔬 Day 16 | Introduction to Disassembling Tools | Tools like IDA Pro, Ghidra, objdump, etc. |
| 🏴 Day 17 | ELF File Analysis | Using readelf to analyze so file structure |
| 🔥 Day 18 | How to Debug the Native Layer? | Debugging so files with LLDB / GDB |
| 🚀 Day 19 | Android APP Security Mechanisms | SELinux, app sandboxing, root detection |
| 🛡 Day 20 | CTF Reverse Engineering Challenges (Beginner) | Participate in an Android reverse engineering CTF challenge |
🔹 Objective: Learn APK structure, DEX decompilation, Smali language, dynamic debugging, and core reverse engineering techniques.
| Day | Topic | Content |
|---|---|---|
| 🛠 Day 21 | Understanding APK File Structure | AndroidManifest.xml, resource files, DEX files |
| 🔄 Day 22 | How to Decompile an APK? | Tools like jadx, apktool, baksmali |
| 📜 Day 23 | Understanding DEX File Structure | ClassDefItem、MethodIdItem、StringIdItem |
| 📦 Day 24 | Introduction to Smali Language | Smali code structure, instruction analysis |
| 📝 Day 25 | Smali Code Modification Lab | Manually modify smali code to bypass VIP restrictions |
| 🚀 Day 26 | APK Repackaging & Signing | Modify APK with apktool, repack, and sign |
| 🔍 Day 27 | Introduction to Dynamic Debugging | Observe app behavior with logcat |
| 🔬 Day 28 | Using Frida to Hook Java Methods | Modify Java method return values |
| 🏹 Day 29 | Frida Hook Practical | Bypass Root detection |
| 💉 Day 30 | Reverse Engineering JNI and Native Methods | How to analyze libnative.so |
| 🔥 Day 31 | Introduction to Xposed | Hook Java methods and modify app behavior |
| 🚀 Day 32 | Practical: Bypass VIP Restrictions | Hook isVip() method and unlock app membership features |
| 🔗 Day 33 | Bypass SSL Pinning | Crack HTTPS request interception and capture API data |
| 🛡 Day 34 | Android Code Obfuscation and De-obfuscation | How ProGuard and R8 work |
| 🔍 Day 35 | Reverse Engineering Encryption Algorithms (MD5, AES, RSA) | Analyze app encryption logic |
| 🔥 Day 36 | Analyze WebSocket & API Requests | Use Burp Suite for protocol analysis |
| 🚀 Day 37 | Cracking App Restrictions (Practical) | Bypass isForceUpdate() method |
| 🏹 Day 38 | Game Cracking Basics | Hook buyItem(),to simulate in-app purchases |
| 🔬 Day 39 | Anti-Anti-Debugging | Bypass ptrace() protection |
| 🏴☠️ Day 40 | Android Hardening Principles | How 360 and Tencent hardening works |
| 🔍 Day 41 | Decrypt Hardened APK (Beginner) | Use Frida DumpDex to unpackage |
🔹 Objective: Deep dive into Android obfuscation, anti-reversing techniques, network security analysis, and vulnerability research
| Day | 主题 | 内容 |
|---|---|---|
| 🔥 Day 60 | CTF Reverse Engineering Challenges | Analyze high-difficulty APK challenges |
| 🏴☠️ Day 70 | Finding 0-Day Vulnerabilities via Reverse Engineering | Reverse real-world apps to identify security flaws |
| 🏆 Day 100 | Final Challenge: Reverse Engineering a Full Android App | Decrypt algorithms, analyze protocols, and bypass VIP features |
🔥 After 100 Days, You Will Have Mastered Android Reverse Engineering!
🔓 Crack apps, analyze security vulnerabilities, and explore Android internals like never before! 🚀
Crackme challenges are common in reverse engineering, used to practice reverse engineering techniques.
| 题目 | 描述 | 难度 |
|---|---|---|
| Crackme 1 | There is a hidden secret string somewhere in this app, try to extract it. | ⭐️ |
| Crackme 2 | This app contains secrets, possibly traces of native code. | ⭐️⭐️ |
-
Book Recommendations:
- 《Android Security Attack and Defense》
- 《Android Reverse Engineering》
- 《Android Hacker's Handbook》
- 《Android Vulnerabilities and Reverse Analysis》
- 《The Android Security Attack and Defense Authority Guide》
-
Tool Recommendations
- Decompiling Tools: jadx, apktool, dex2jar
- Dynamic Debugging Tools: Frida, Xposed
- Reverse Engineering Tools: IDA Pro, Ghidra, Hopper
- Debuggers: LLDB, GDB
- Hardening Tools: 360 Hardening, Tencent Hardening, Ali Hardening
- Reverse Platforms: Cuckoo, VirusTotal
- Network Proxies: Burp Suite, Charles, Fiddler, Wireshark, mitmproxy, reqable
- Sandboxes: DroidBox, AndroBugs, QARK
-
Learning Websites
-
Communities & Forums:
-
CTF Competitions
-
Security Conferences:
-
Bug Bounty Platforms:
-
Security Blogs:
🔥 Android Reverse Engineering is a fun yet challenging skill!
🚀 With systematic learning, you'll master the core skills of reverse engineering and become an excellent security researcher!
📚 Learning is endless, keep learning and continuously improving!
👨💻 Good luck!