Y Dmitry Yarygin Tech
← Back to home

May 24, 2026

Android Security Lab

A practical Android reverse-engineering playlist covering APKTool, Jadx, Frida, smali patching, traffic interception, emulator workflows, and Android internals.

This is a practical video playlist about Android reverse engineering, mobile security testing, and application analysis.

The series covers smali patching, root detection bypasses, Frida instrumentation, traffic interception, emulator workflows, Android filesystem internals, APKTool, Jadx, and general security research workflows.

The materials are intended for educational use, security research, lab environments, and authorized testing only.

🎬 Videos

1. How to Bypass Android Root Checks via Smali Patching β€” No Frida. Part 2

Static root detection bypass using smali modifications and APKTool.

This video focuses on modifying the application directly instead of using dynamic instrumentation tools like Frida.

2. Android Root Detection Bypass β€” Reverse Engineering. Part 1

An entry-level reverse-engineering workflow for finding and patching Android root checks.

Tools used include Jadx for reading decompiled Java/Kotlin code and APKTool for working with smali.

3. Frida on Fire β€” Dynamic Analysis for Android & iOS

Introduction to dynamic instrumentation with Frida.

The video covers basic hooking, tracing, runtime inspection, and how Frida helps analyze application behavior without rebuilding the APK.

4. Android Under the Hood β€” Where Do Apps Live?

A practical overview of Android’s filesystem layout.

You will learn where applications are installed, where private app data is stored, and how Android organizes internal application directories.

5. Working with Android Emulator β€” Terminal, ADB Commands

A hands-on guide to working with the Android emulator from the terminal.

Topics include ADB commands, emulator configuration, shell access, and command-line workflows useful for testing and analysis.

6. HACKING Android Applications β€” Real Examples

Hands-on examples of Android application manipulation and vulnerability exploration.

This video demonstrates practical techniques used when analyzing intentionally vulnerable or authorized test applications.

7. Reverse Engineering Android Apps for Beginners β€” APKTool, Jadx

A beginner-friendly introduction to Android static analysis.

The video explains how to inspect APK files, decompile code, analyze resources, and understand the basic structure of Android applications.

8. Intercepting Android App Traffic β€” Charles Proxy + Frida Tutorial

A practical traffic interception workflow for Android applications.

This video combines proxy-based analysis with Frida hooks to inspect application network behavior more deeply.

9. Interception of Traffic on Android β€” Setting Up an Emulator

A focused emulator setup guide for mobile traffic analysis.

Topics include emulator networking, proxy configuration, HTTPS interception, and common setup issues.

10. Android Reverse Engineering Setup β€” Part 1. Tools Review

The first episode of the Android Reverse Engineering setup series.

This video reviews the core tools used for Android pentesting, security research, and malware analysis, including Frida, Objection, Drozer, Jadx, APKTool, MobSF, and related utilities.

11. Android Reverse Engineering Setup β€” Part 2. Installing Tools

A practical installation walkthrough for the Android reverse-engineering toolkit.

Tools covered include Frida, Android Emulator, Android SDK Tools, Android Platform Tools, and Ghidra.

12. Android App Development from Scratch β€” Live Coding

A practical live-coding series where we build Android apps from scratch using Android Studio, Jetpack Compose, and AI-assisted development.

Each stream focuses on implementing new features, improving app architecture, adding security layers, and exploring modern Android development workflows.

This playlist is useful for beginners and mid-level developers who want to understand Android applications from the developer side, not only from the reverse-engineering side.

πŸ”§ Full Android Reverse Engineering Workflow

Below is a compact end-to-end workflow for unpacking, patching, rebuilding, installing, and analyzing Android apps using APKTool, ADB, and Frida on a rooted emulator.

Use this workflow only with applications you own, intentionally vulnerable apps, lab targets, or software you are authorized to test.

πŸ“¦ 1. Unpack and Rebuild APK with APKTool

Use APKTool to decode an APK into readable resources and smali code:

apktool d app.apk -o unpacked

After making changes, rebuild the APK:

apktool b unpacked -o app_patched.apk

This is useful when you need to inspect resources, modify smali code, patch checks, or understand the internal structure of an Android application.

πŸ” 2. Start a Rooted Emulator

If your emulator supports root access, enable root mode:

adb root

Root access is often useful for security research because it allows deeper inspection of processes, files, certificates, and runtime behavior.

🧩 3. Push and Run Frida Server

Copy the Frida server binary to the emulator:

adb push frida-server /data/local/tmp/

Make it executable:

adb shell chmod +x /data/local/tmp/frida-server

Start Frida server:

adb shell /data/local/tmp/frida-server &

Frida server allows your host machine to dynamically instrument applications running inside the emulator.

πŸ“² 4. Install the Target APK on the Emulator

Install the APK:

adb install fdroid.apk

If you rebuilt or patched an APK, make sure it is properly signed before installing it.

🧰 5. Install Frida Tools on the Host Machine

Create a Python virtual environment:

python -m venv new_venv

Activate it:

source new_venv/bin/activate

Install Frida tools:

pip3 install frida-tools

Check that Frida can see the connected device:

frida-ps -U

πŸ” 6. Find the Target Process

You can inspect running processes from the Android shell:

adb shell
adb top

Or use Frida directly:

frida-ps -U

Find the package name or process ID of the application you want to analyze.

🎯 7. Run a Frida Script

Run a local Frida script against a process ID:

frida -U -p <process_id> -l ssl-pin.js

Or attach by package name:

frida -U -n com.example.app -l script.js

This approach is commonly used for runtime inspection, method hooking, bypass experiments, logging, and behavior analysis.

▢️ 8. Run a Script from Frida CodeShare

You can also run a public Frida CodeShare script:

frida -U -n com.example.app -c codeshare/<script_name>

CodeShare can be useful for quick experiments, but always review scripts before running them.

Do not blindly execute third-party instrumentation scripts in sensitive environments.

🧠 Recommended Learning Path

If you are new to Android reverse engineering, start with the basics:

  1. Learn how Android apps are structured.
  2. Inspect APKs with Jadx.
  3. Decode and rebuild APKs with APKTool.
  4. Practice simple smali modifications.
  5. Learn ADB and emulator workflows.
  6. Add Frida for dynamic analysis.
  7. Combine traffic interception with runtime hooks.
  8. Build your own Android apps to understand how real apps are designed internally.

The best way to learn Android security is to move between both sides: development and reverse engineering.

When you understand how apps are built, it becomes much easier to understand how they can break.

πŸ§ͺ Suggested Lab Targets

For safe practice, use intentionally vulnerable apps, demo applications, or your own projects.

Good lab categories include:

Avoid testing real applications without permission.

βœ… Summary

This playlist provides a practical Android security lab path:

The goal is not just to β€œhack APKs,” but to understand how Android applications work internally, how security checks are implemented, and how testers can analyze mobile apps in a controlled and responsible way.