2 days left! Lerne praktische Skills, die du sofort nutzen kannst | Bleib an deinen Zielen fürs erste Quartal dran.

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Android App Hacking - Black Belt Edition

Becoming the lead expert in android app security

Created byRoman Stuehler

Last updated 10/2024

English

Arabic [Auto],English [Auto],

This Premium course is included in plans

2.600 ¥

~~9.800 ¥~~

73% off

2 days left at this price!

30-Day Money-Back Guarantee

Full Lifetime Access

Gift this course

MT260216JP is applied
Udemy coupon

Subscribe to Udemy’s top courses

Get this course, plus 29,100+ of our top-rated courses, with Personal Plan. Learn more

Start subscription

Starting at ¥2,292 per month

Cancel anytime

Premium

Access 29,100+ top-rated courses with Udemy Personal Plan.

4.7

1,023 ratings

8,868

learners

What you'll learn

Deep understanding of the android app structure
How to exploit Activities, BroadcastReceiver and ContentProvider (SQL injection & Path Traversal)
Bypassing Rooting Detection (SMALI and FRIDA)
Bypassing Certificate Pinning (SMALI and FRIDA)
Performing a man-in-the-middle attack
Analyzing-/ Manipulating the network traffic of a mobile app
Creating call- and flow graphs to reverse engineer strong obfuscated apps
Manipulating Java and C/C++ methods (FRIDA & SMALI)
Reading- / Writing SMALI code
Injecting own (custom) code into existing applications
Deep understanding of the android permission model
Modifying games (infinite lives, high score, invisble, invincible) - Writing a trainer
Analzying bluetooth low energy connections
Dealing with different encryption types (e.g. AES)
Deep- / Web- / App-Links (Bug Bounty)
Reversing native libraries with Ghidra
Debugging Java code
Debugging SMALI code (live - with interpreter)
Webvies & JavaScriptInterfaces
XSS / SQL Injection Exploitation

This course includes:

54.5 hours on-demand video
Assignments
1 article
144 downloadable resources

Access on mobile and TV
Closed captions
Certificate of completion

Course content

8 sections • 138 lectures • 54h 42m total length

Setup - Theory10:22
Installation (System & Android Studio)25:38
Emulator - Installation10:22
Emulator - Usage (Secret Features)35:10
Androidx86 Virtual Machine - Setup13:20
Concept
Developer Options11:49
Developer Options - Secrets ( Game Hacking )23:03
Developer Options - Bluetooth Low Energy Hacking35:42
Bluetooth Low Energy - Furby App Hacking19:40
Android Debug Bridge - Theory10:43
Android Debug Bridge (ADB) - HandsOn (White - Belt)31:33
Scrcpy for Android version 142:40

Filestructure of an APK12:36
Dalvik / Dex5:21
Classes.dex6:25
Decompiling - Preperation7:06
Decompiling - HandsOn17:10
AndroidManifest.xml30:11
App - Permissions26:12
Activities11:34
Activities - Hacking35:42
Activity - Bonus (Bypassing Login - Own Application)20:16
Intents14:56
Intents - Examples42:29
Activities and Intents
DeepLinks (Theory - 2024)13:13
DeepLinks (Examples - 2024)29:46
BroadcastReceiver22:16
BroadcastReceiver - Hacking (Alarm App)45:33
BroadcastReceiver - Hacking via own App19:35
Services5:33
ContentProvider15:58
ContentProvider - SQL Injection51:15
ContentProvider - Database Attacks (SQLi - Permission / Bypass)49:14
ContentProvider - PathTraversal Attack48:22
ContentProvider - Path Traversal
Broadcast Receiver and Content Provider
Application Signing21:47
Application Signing - Deep Dive8:31
BlueBox Master Key Vulnerability (Signing)10:50
Yellow Belt - Challenge

Recap3:13
Smali - Introduction17:55
Smali - Patching10:45
Challenge - Solution13:34
Registers33:09
Types16:07
P0 - Register11:09
Dalvik Opcodes25:16
Smali File Structure21:56
Practice - Smali33:39
Practice - Solution12:59
Orange Belt - Intro2:28
Orange Belt - Solution32:28
IF - Intro1:15
IF / ELSE / GOTO18:36
IF / ELSE / GOTO - Code Analysis25:42
IF / ELSE / GOTO - Blocks9:25
IF / ELSE / GOTO - Practice7:14
Smali Patching - Flipping the logic40:50
Smali Patching - Deleting Code27:03
Smali Patching - Jump Instructions12:31
Green Belt - Challenge (Patching Rooting Detection)
Rooting Detection (bypass) - Solution35:05
Rooting Detection - Solution2 (Bonus)19:20
Smali - Objects and Methods39:52
Smali - Static Methods12:36
Smali - Hello World (Yes, this late)11:22
Printing out secrets - System.out (Written in Smali)34:43
Patching XOR encryption14:00
One challenge to recap all - Intro29:18
One challenge to recap all - Part 125:37
One challenge to recap all - Part 247:10
One challenge to recap all - Part 31:17:46
One challenge to recap all - Solution28:14
Smali Patching - Fire Rate
Smali Patching - Double Shot
Blue Belt - Challenge (Intro)1:43
Blue Belt - Challenge (Hint)36:54
Blue Belt - Challenge (Solution)38:29
Black Belt - Challenge
Debugging Android Applications15:30
SMALI Debugging on Steroids24:06

Adress Resolution Protocol (ARP)15:57
MitM - Setup29:57
Intercepting - Theory19:24
BurpSuite - Setup32:25
Reset the Setup8:55
HTTPS - Technical View20:09
Installing a Certificate16:55
MitM Setup - Virtual Machine (VM)23:02
Certificate Pinning - Theory7:12
Certificate Pinning - OpenSSL (Bonus)1:07:23
Certificate Pinning - Patching Fingerprint26:50
Certificate Pinning - Patching Certificate15:50
Certificate Pinning - Objection (Bypass)13:38

Introduction4:33
Install20:25
Hooking - Theory27:34
Dize Game - HandsOn6:06
Dize App - Analysis9:45
Dize App - Observing Parameters26:37
Dize App - Modifying Parameters11:04
Function Overloading18:33
Manipulate the PRNG of the dize application
Timing (Hooking)8:48
Challenge - Rooting Detection (bypass)2:49
Challenge - Rooting Detection (solution)15:44
Actively calling a method29:46
Working with Instances28:25
HandsOn20:40
HandsOn - Solution1:02:19
Instance as a parameter17:20
Existing instance as a parameter7:54
Challenge - Create multiple player shots1:41
Challenge - Mulitple player shots (solution)16:58
Constructor hooking20:10
Manipulating UI Thread29:45
Writing a trainer24:24
Hooking the Native Development Kit (NDK)14:49
NDK hooking - Easy Way16:10
NDK hooking - Hard way33:40
NDK hooking - timing8:56
Manipulating NDK methods (overwriting)25:20
Reversing C - function in ghidra (Bonus)29:12
Hooking C - function in frida (Bonus)1:07:38
Red Belt - Challenge (FINAL)
FRIDA without ROOT (FRIDA GADGET)18:29
FRIDA Standalone - When no connection is possible!19:21

Requirements

Android knowledge is not required (This course teaches everything)
No real smartphone required
Laptop / PC

Description

In this course you will learn absolutely everything about android app hacking. This course teaches you the ethical principles and enables you to become the top expert of your company regarding to app security. We learn really complex attacks in the most funny way that's possible, by hacking a mobile game.

Legal note:

The game we are going to hack is licensed under the GNU GPL, which means, we are allowed to perform such modifications. Hacking apps without having the permission of the author is strongly forbidden! The things you learn are related to security research. I am teaching you all of this in a legal and ethical way.

Course - Structure:

In the installation chapter we will analyze different smartphone setups, their strength and their weaknesses. We unlock our device and use certain features to already start hacking our first apps. We will learn how to analyze bluetooth low energy connections and get familiar with the Android Debug Bridge (ADB).

We move on to the android app structure. Here we gain a rock solid understanding about the key components of an android app. We will analyze the AndroidManifest.xml and learn how to exploit activities, broadcast receiver and content provider. We will write our own small apps to exploit SQL injections and path traversals.

Afterwards we take a deep dive into reverse engineering. We will learn how to decompile an android app and reconstruct the Java code. We will have a look at different decompilers and create flow- and call graphs to deal with highly obfuscated apps. Finally a nice application is waiting for us to practice all the things we have learned so far.

Then we have the treasure of this course, the SMALI chapter. SMALI is like an assembly language of an android application and gives us unlimited power in hacking them. We practice our skills by modifying our mobile game to have infinite lives, become invisible or invincible. We add multiple player shots, manipulate the fire rate and many more.

In the man-in-the-middle chapter we will learn how to analyze the network traffic of a mobile app. We will gain an understanding about HTTPS and how to analyze these connections. We will learn how certificate pinning works and bypass several different types of it.

The last thing that is missing is FRIDA, which is an amazing framework to perform runtime manipulations within an app. We will hook into the pseudorandom number generator (PRNG) to modify a dice application. We will learn how to scan the memory for certain instances and how to interact with the UI thread of an app. We will create new objects and practice all of this by writing our own trainer for a gaming application. The cherry on top will be the analysis of a native c function with Ghidra and the manipulation and modification with FRIDA.

After getting through all these chapters you will be the top expert in android app security of your company. Therefore, what you are wainting for? :)

Who this course is for:

Security Analyst / Ethical Hacker
Android App Developer
Bug Bounty Hunter
Everyone who likes to manipulate android apps / games :)

Students also bought

The Complete Mobile Ethical Hacking Course

Premium
Rating: 4.1 out of 5
16,729
28 hours
Updated: 12/2025

1.500 ¥

~~27.800 ¥~~

Mobile Hacking and Security Complete Course: Android + iOS

Rating: 4.9 out of 5
134
12 hours
Updated: 11/2025

1.500 ¥

~~15.800 ¥~~

Mobile Penetration Testing of Android Applications

Premium
Rating: 4.3 out of 5
15,399
6 hours
Updated: 4/2024

1.800 ¥

~~27.800 ¥~~

Python Hacking: Build 15+ Penetration Testing Tools [2026]

Bestseller
Rating: 4.5 out of 5
2,311
14.5 hours
Updated: 1/2026

1.500 ¥

~~7.600 ¥~~

Android App Development & Android Hacking, Android Security

Rating: 4.1 out of 5
6,956
22 hours
Updated: 2/2026

1.500 ¥

~~27.800 ¥~~

Full Mobile Hacking Course

Premium
Rating: 4.5 out of 5
6,041
4.5 hours
Updated: 4/2025

1.500 ¥

~~12.800 ¥~~

iOS Pentesting Bootcamp

Rating: 4.6 out of 5
153
10 hours
Updated: 10/2025

1.500 ¥

~~18.800 ¥~~

Ethical Hacking: Hack Android

Rating: 4.2 out of 5
15,024
41 mins
Updated: 12/2023

1.500 ¥

~~2.600 ¥~~

BlackHat Live : Hands-On Hacking, No Theory

Premium
Rating: 4.5 out of 5
4,646
8.5 hours
Updated: 6/2025

1.500 ¥

~~3.000 ¥~~

Android Pentesing Bootcamp

Rating: 4.4 out of 5
112
6 hours
Updated: 10/2025

1.500 ¥

~~18.800 ¥~~

Mastering Android Privacy & Security

Premium
Rating: 4.5 out of 5
3,233
13.5 hours
Updated: 6/2025

1.500 ¥

~~4.800 ¥~~

Mobile Security: Reverse Engineer Android Apps From Scratch

Premium
Rating: 4.2 out of 5
36,558
3 hours
Updated: 5/2020

1.500 ¥

~~8.800 ¥~~

Hacking and Modifying Android Apps

Rating: 4.7 out of 5
245
3 hours
Updated: 6/2025

3.000 ¥

Mobile Hacking: Reversing Android Application

Rating: 5.0 out of 5
33
1 hour
Updated: 5/2023

7.600 ¥

Android Application Static and Dynamic Security Assessment

Rating: 4.3 out of 5
1,051
5 hours
Updated: 3/2024

1.500 ¥

~~2.600 ¥~~

Cloud-Based Hacking: Hack Logins, Computers & More

Premium
Rating: 4.7 out of 5
8,928
9 hours
Updated: 5/2025

1.500 ¥

~~27.800 ¥~~

Android Pentesting 101

Premium
Rating: 4.5 out of 5
1,726
5 hours
Updated: 9/2025

1.500 ¥

~~2.600 ¥~~

Android Applications Hacking for Bug Bounty and Pentesting

Rating: 4.2 out of 5
542
5.5 hours
Updated: 6/2023

1.500 ¥

~~7.600 ¥~~

Häufig zusammen gekauft

Android App Hacking - Black Belt Edition

Becoming the lead expert in android app security

Roman Stuehler

Rating: 4.7 out of 5
1,023 ratings

The Complete Mobile Ethical Hacking Course

Learn how hackers attack phones, mobile applications and mobile devices with latest technology and protect yourself!

Codestars • over 2.5 million students worldwide!, Atil Samancioglu

Rating: 4.1 out of 5
1,360 ratings

Learn Bug Bounty Hunting & Web Security Testing From Scratch

Learn how to discover bugs / vulnerabilities like experts | OWASP top 10 + more | No prior knowledge required

Zaid Sabih, z Security

Bestseller
Rating: 4.6 out of 5
3,517 ratings

Total:

¥5,600

~~¥64,400~~

Instructor

Roman Stuehler

4.7 Instructor Rating
1,023 Reviews
8,868 Students
1 Course

My name is Roman and I did start hacking back in 2010. The good old days full of SQL injections, WEP protected networks and an operating system named Backtrack 3.

Since then I have developed applications to perform memory analysis in smartphones (cera) or obfuscater for shellcode (crypxor). In 2015 I became the leader of the Mobile Device Hacking workshop and since then my emphasis switched to embedded systems, reverse engineering and exploitation.

Furthermore I am holding certifications like Offensive Security Certified Professional (OSCP) or the FOR585: Smartphone Forensic Analysis In-Depth.

4.7 course rating1K ratings

Franz Adeta

9 days ago

Helpful?

Jayant

2 months ago

Helpful?

2 months ago

Helpful?

Manish

2 months ago

Helpful?

Android App Hacking - Black Belt Edition

What you'll learn

Explore related topics

This course includes:

Course content

Installation and Setup12 lectures • 3hr 50min

App Structure25 lectures • 9hr 32min

Reverse Engineering Android Apps12 lectures • 3hr 30min

Smali38 lectures • 14hr 29min

Man in the Middle13 lectures • 4hr 58min

FRIDA31 lectures • 10hr 45min

CTF - Series (New 2024!)6 lectures • 2hr 18min

Additional Files1 lecture • 1min

Requirements

Description

Who this course is for:

Students also bought

Häufig zusammen gekauft