Android Internals
Provided by QA
Overview
This 5-day course, based on Jonathan Levin's Android Internals books, delves into the architecture and implementation of Android. Participants will explore Android;s features, its relationship to Linux, and how it diverges with its own unique 'Android-isms.' The course covers Android subsystems like the Dalvik Virtual Machine, Android Runtime (ART), Binder IPC, Hardware Abstraction Layer (HAL), and more. It combines theory with hands-on exercises to provide a deep understanding of Android;s architecture from both the user-mode and kernel-mode levels.
+
Prerequisites
+
Delegates will learn how to
Outline
The course covers the following modules, with hands-on exercises and guided demos:
Introduction to Android Architecture (5-6 hours)
This 5-day course, based on Jonathan Levin's Android Internals books, delves into the architecture and implementation of Android. Participants will explore Android;s features, its relationship to Linux, and how it diverges with its own unique 'Android-isms.' The course covers Android subsystems like the Dalvik Virtual Machine, Android Runtime (ART), Binder IPC, Hardware Abstraction Layer (HAL), and more. It combines theory with hands-on exercises to provide a deep understanding of Android;s architecture from both the user-mode and kernel-mode levels.
+
Prerequisites
- Strong knowledge of Android development or implementation.
- Experience in reverse engineering or security research.
- A rooted Android device (recommended Android 10 or higher) and a Linux host (VMs can be provided).
- Familiarity with Linux and Android systems.
- Experienced Android developers or implementers.
- Security researchers interested in the internals of the Android OS.
+
Delegates will learn how to
- Describe the architecture of the Android operating system.
- Understand the similarities and differences between Linux and Android.
- Trace the core architectural changes from Android Froyo (2.2) to Android 13.0.
- Understand the functions and architecture of the Android kernel.
- Reverse engineer Android applications.
- Monitor, trace, and intercept inter-process communication (IPC) in Android.
- Gain a deep understanding of DEX, ART, and OAT formats.
- Learn to use free tools such as Dextra, bindump, and jtrace.
- Analyse Android security, its evolution, and weaknesses.
Outline
The course covers the following modules, with hands-on exercises and guided demos:
Introduction to Android Architecture (5-6 hours)
- Overview of Android features and comparison with Linux.
- Filesystem layout, runtime environment, and frameworks.
- Dalvik and ART architecture, from Android 1.5 through Android 13.0.
- User-mode and kernel-mode differences.
- Kernel modifications and recompilation.
- HAL overview and abstraction of basic devices (camera, sensors, GPS, etc.).
- Project Treble and HAL modifications.
- Android partition layout, UFS vs. eMMC, vendor-specific partitions.
- Tour of standard Android filesystems (/system, /vendor, /data).
- System startup and initialisation, from bootloader to kernel and user-mode processes.
- Techniques for unlocking bootloaders and rooting devices.
- Examination of Android services initiated by init (adbd, servicemanager, healthd, etc.).
- Detailed breakdown of Binder IPC and alternative communication mechanisms.
- Exercises: Debugging and tracing Binder IPC.
- Understanding Android;s input stack: Kernel input model, EventHub, InputReader, and InputDispatcher.
- Exercises: Monitoring and capturing input events.
- Dalvik VM architecture, DEX file format, and reverse engineering techniques.
- Exercises: Reverse engineering Dalvik APK;s classes.dex to Java source.
- ART evolution and its memory management, profiling, and JIT compilation.
- Exercises: Reversing ART.
- Overview of Android-specific kernel tweaks: ASHmem, PMem, low memory killer, wakelocks, RAM console, etc.
- Exercises: Kernel-level debugging and tracing.
- Analysis of Android;s security mechanisms, including SELinux, digital signatures, AVB, and buffer overflow protection.
- Android exploitation techniques and common security failures.
- Overview of Android;s network stack, Bluetooth, RILd, and VPN mechanisms.
Enquire
Start date | Location / delivery | |
---|---|---|
No fixed date | United Kingdom | Book now |
01132207150
01132207150