Android Internals

Provided by

Enquire about this course

Overview

This 5-day course, based on Jonathan Levin's Android Internals books, delves into the architecture and implementation of Android. Participants will explore Android;s features, its relationship to Linux, and how it diverges with its own unique 'Android-isms.' The course covers Android subsystems like the Dalvik Virtual Machine, Android Runtime (ART), Binder IPC, Hardware Abstraction Layer (HAL), and more. It combines theory with hands-on exercises to provide a deep understanding of Android;s architecture from both the user-mode and kernel-mode levels.

+

Prerequisites
  • Strong knowledge of Android development or implementation.
  • Experience in reverse engineering or security research.
  • A rooted Android device (recommended Android 10 or higher) and a Linux host (VMs can be provided).
  • Familiarity with Linux and Android systems.
Target Audience
  • Experienced Android developers or implementers.
  • Security researchers interested in the internals of the Android OS.
This course is not suitable for user-mode developers focused on Android GUI applications, but it serves as an excellent follow-up for those already familiar with the Android SDK.

+

Delegates will learn how to
  • Describe the architecture of the Android operating system.
  • Understand the similarities and differences between Linux and Android.
  • Trace the core architectural changes from Android Froyo (2.2) to Android 13.0.
  • Understand the functions and architecture of the Android kernel.
  • Reverse engineer Android applications.
  • Monitor, trace, and intercept inter-process communication (IPC) in Android.
  • Gain a deep understanding of DEX, ART, and OAT formats.
  • Learn to use free tools such as Dextra, bindump, and jtrace.
  • Analyse Android security, its evolution, and weaknesses.
+

Outline

The course covers the following modules, with hands-on exercises and guided demos:

Introduction to Android Architecture (5-6 hours)
  • Overview of Android features and comparison with Linux.
  • Filesystem layout, runtime environment, and frameworks.
  • Dalvik and ART architecture, from Android 1.5 through Android 13.0.
  • User-mode and kernel-mode differences.
  • Kernel modifications and recompilation.
Hardware Abstraction Layer (HAL) (1 hour)
  • HAL overview and abstraction of basic devices (camera, sensors, GPS, etc.).
  • Project Treble and HAL modifications.
Partitions & Filesystems (2 hours)
  • Android partition layout, UFS vs. eMMC, vendor-specific partitions.
  • Tour of standard Android filesystems (/system, /vendor, /data).
Booting (6 hours)
  • System startup and initialisation, from bootloader to kernel and user-mode processes.
  • Techniques for unlocking bootloaders and rooting devices.
Native Services (2 hours)
  • Examination of Android services initiated by init (adbd, servicemanager, healthd, etc.).
Android IPC Mechanisms (2 hours)
  • Detailed breakdown of Binder IPC and alternative communication mechanisms.
  • Exercises: Debugging and tracing Binder IPC.
The Input Architecture (2 hours)
  • Understanding Android;s input stack: Kernel input model, EventHub, InputReader, and InputDispatcher.
  • Exercises: Monitoring and capturing input events.
Dalvik Virtual Machine (2 hours)
  • Dalvik VM architecture, DEX file format, and reverse engineering techniques.
  • Exercises: Reverse engineering Dalvik APK;s classes.dex to Java source.
Android Runtime (ART) (1 hour)
  • ART evolution and its memory management, profiling, and JIT compilation.
  • Exercises: Reversing ART.
Android Kernel Modifications (1 hour)
  • Overview of Android-specific kernel tweaks: ASHmem, PMem, low memory killer, wakelocks, RAM console, etc.
  • Exercises: Kernel-level debugging and tracing.
Android Security (4 hours)
  • Analysis of Android;s security mechanisms, including SELinux, digital signatures, AVB, and buffer overflow protection.
  • Android exploitation techniques and common security failures.
Connectivity (Optional) (2 hours)
  • Overview of Android;s network stack, Bluetooth, RILd, and VPN mechanisms.
+

Enquire

Start date Location / delivery
No fixed date United Kingdom Book now
01132207150 01132207150

Related article

The Cyber Pulse is QA's new portal to free Cyber content, including on-demand webinars, articles written by leading experts,