Android (and other) Security resources - Get your learning on

Search This thread

jcase

Retired Forum Mod / Senior Recognized Developer
Feb 20, 2010
6,331
15,774
Sequim WA
Linking to, hinting at, suggesting etc pirated material in this thread, or even this forum, will likely get you a ban from XDA. Some of these resources are not free, in fact some are expensive, but free or cheap alternatives are listed.

This is not an exhaustive list. It is missing things that should be here, even things I have written myself. Please let me know if you have something to add.

Please send me more material to post (no pirated stuff!)

Books:
Android Internals::power User's View
Android Security Internals
Android Hacker's Handbook

Trainings:
Practical Android Exploitation by Jon 'jcase' Sawyer
RedNaga Training by Tim 'diff' Strazzere, Caleb Fenton and Jon 'jcase' Sawyer

Write Ups:
Foxconn Bootloader Backdoor (Pork Explosion) by Jon 'jcase' Sawyer
Analyzing the WeakSauce Exploit by Jonathan Levin
TrustNone TrustZone Exploit by @beaups
SamDuck Samsung emmc/Bootloader Exploit by @beaups
HTC Desire 310 root backdoor by Tim 'diff' Strazzere and Jon 'jcase' Sawyer

Tools:
Frida - Free
Smali/baksmali - Free
APKTool - Free
JEB - $$
IDA Pro - $$
Binary Ninja - $
 
Last edited:

RusherDude

Senior Member
Aug 24, 2012
2,013
616
Awesome post! Thanks!

It's a shame that stuff like IDA Pro is so expensive, if it was more accesible a lot more people will use it and we would get more interesting stuff I think :(
 
  • Like
Reactions: Matt07211

jcase

Retired Forum Mod / Senior Recognized Developer
Feb 20, 2010
6,331
15,774
Sequim WA
Awesome post! Thanks!

It's a shame that stuff like IDA Pro is so expensive, if it was more accesible a lot more people will use it and we would get more interesting stuff I think :(

IDA Pro has a demo, but you can also look at hopper and binary ninja, both priced far lower.

radare2 is also an option, ive not used it so i havent listed it
 
  • Like
Reactions: RusherDude

REtails

Member
Aug 9, 2016
47
28
Boston
Thank you for the excellent post jcase!! I have been looking to further my understanding of android security concepts for quite some time now, but never find I have enough time to scour the web for the solid resources I need. I have been engrossed in your 'Practical Android Exploitation' pdf for the past hour now. :D I hope you know how much this community appreciates your contributions!

Edit: sorry for the misleading comment!~
 
Last edited:

Matt07211

Senior Member
Jan 10, 2015
642
290
Do you guys have any recommend info on reverse engineering, particularly ARM disassembly?
I'll be looking for resources myself but was wondering if you've come across any good info in that area.
 

bigsupersquid

Senior Member
Sep 22, 2010
2,253
1,671
BFE, MO
  • Like
Reactions: jcase and Matt07211

agathocles11

New member
Oct 22, 2020
3
1
Here is some latest collection on - Awesome Android Security (Books, bug bounty, courses, tools, labs, talks, write-ups, cheat sheet, blogs). Might by helpful for someone.
github.com/saeidshirazi/awesome-android-security
 
  • Like
Reactions: virginwidow

Top Liked Posts