So you’ve reversed you’re first Android APK; now what? Java pseduocode is nice, but how do we modify the app? This is a crash course in reading and understanding Davlik opcodes. It will go through some basics then we will jump into a couple case studies to demonstrate some of the concepts. This talk should help testers who are interested in or do Android application assessments to better understand how to mess with the underlying code.
Thomas Richards is a Security Consultant with Cigital, Inc. where he specializes in mobile and web security assessments. He is the author of both Pwnberry Pi and Goofile. He is also active in his local 2600 and TOOOL groups.