Detecting Dynamic Loading in Android Applications With /proc/maps

TL;DR: Through dynamic loading, malware authors can covertly load malicious code into their application in order to avoid detection. We can detect such loading through the application’s /proc/[PID]/maps kernel generated file.Recently, we created a simple script that allows us to detect dynamic loading in Android apps. This presented us with a good opportunity to discuss […]

Debugging 3rd Party Android Apps

While reverse engineer Android apps it’s relatively common to perform dynamic analysis in conjunction to static analysis in order to gain runtime information of the app. There are many ways to get this information from 3rd party apps Use Frida hooks to print function arguments Patch the app to be debuggable Patch the app to […]