Android Advanced Research Course Updates: Chapter 18 Lessons 4-8

Recent Updates:

1. 2024-12-16 Update Lesson 8. Environment Course. Flash Android 15 and KSU Certificate Capture eBPF Kernel Upgrade

2. 2024-12-16 Update Lesson 7. Introduction to Custom KernelSU Bypassing Frida Detection

3. 2024-12-13 Update Lesson 6. KernelPatch Android_All_Versions_Kernel Hook Patch

4. 2024-12-13 Update Lesson 5. ChatGPT4o Learning KernelSU Core Principles of eBPF

5. 2024-12-13 Update Lesson 4. Pixel 6 Kernel Compilation Integrating KernelSU into Lineage21 (Part 2)

1. New Course Content Added

On the original basis, the following course content has been added

• The update content is delivered via live broadcast, weekend live broadcasts, 1v1 passionate connection!

• Answering questions without reservation, speaking without limits, serving with heart!

• Also offering career recommendation services, comprehensive resume guidance/employment services!

2. New Semester Gift Package

Now purchase the course, the semester gift package is upgraded

3W class advanced online course semester gift package: Orange Pi 5 3588S cloud phone set (includes Orange Pi 5 bare metal board x1, 128G/256G NVMe SSD, USB wireless network card, acrylic shell with heat dissipation kit, power supply ready to use, GPT direct pass solution, running five containers cloud phone without pressure!)

2W class advanced online course semester gift package: Testing phone – Pixel 2

Target Audience

Intermediate and advanced Android reverse engineering researchers with certain foundation, eager to improve their abilities, strong learning ability, strong desire for promotion and salary increase, and strong willingness to learn.

Service Content

• The two major plans, each with eight major topics and their twenty-four details;

• Dedicated class teacher to urge learning, encourage morale; good group learning atmosphere;

• Can participate in the “Android Advanced Research Class” offline class, encouraging offline communication and chatting with experts;

• Note that the 2W class and 3W class are completely independent, without intersection;

PS: The above is the overall service plan, specific course schedule arrangement is subject to the final contract agreement.

Training Prices

Advanced Online Course	Employment Class	Intensive Class
30,000 Monthly Salary Plan	16,999 Yuan	8,899 Yuan
20,000 Monthly Salary Plan	11,199 Yuan	5,899 Yuan

Employment Class Notes:

1. The employment class includes employment services (must meet the graduation standards specified in the contract), sign a contract to guarantee employment and salary, full refund if not met;

2. The employment class has an entrance assessment, after successful payment, enter the assessment process, full refund if not passed;

3. The assessment process will include resume screening, class teacher and teacher (telephone) interviews and other links;

Intensive Class Notes:

1. The intensive class only removes the employment service, and has no entrance assessment, the rest is completely the same as the employment class;

2. The employment class and the intensive class are taught together, a total of 35 people in a class, no distinction in teaching.

Financial Risk Notes:

1. All series of “Android Advanced Research Class” have no financial plans, pure prepayment; no financial tricks.

2. Online courses are virtual goods, you can watch the following trial content before purchasing, no refunds after successful purchase.

Kanxue Android Application Security Capability Certification

In order to more targeted and efficiently cultivate security talents, empower the development and growth of enterprises, and improve the efficiency of talent matching in recruitment activities, combined with Kanxue’s deep technical accumulation in the security circle, Kanxue officially launched the “Kanxue Android Application Security Capability Certification” for the students of the “Android Advanced Research Class”.

3W Class

2W Class

Registration Method

Online Course 30,000 Monthly Salary Plan:

https://www.kanxue.com/book-brief-84.htm

Scan to register immediately

Online Course 20,000 Monthly Salary Plan:

https://www.kanxue.com/book-brief-83.htm

Scan to register immediately

Trial Address

3W: “IDA Trace Analysis of Non-Standard Algorithms”

3W: “Fart & Frida”

Scan for free trial

2W: “Unpacking Points in Fart”

2W: “Dynamic Registration Principle Tracking under Dalvik”

Scan for free trial

Contact Us:

3W class, 2W class course consultant WeChat: r0ysue (note “Android 3W class” or “Android 2W class”)

1W class course consultant WeChat: kanxuecom(note “Android 1W class”)

If you are eager for knowledge and power, what are you waiting for, hurry up and register to join us!

Disclaimer

• All promotional materials above are not considered service commitments, subject to the actual signed training contract.

• The course outline and details will be continuously optimized, adjusted, and updated based on teaching feedback, and the actual teaching may differ slightly from the promotional themes;

Common Q&A and Preview Guide

Q: Are there any discounts?! Are there any discounts?! Are there any discounts?! Important things are said three times!!

A: No discounts. Only the semester gift package is given, directly providing the equipment and environment needed for our online course.

3W class advanced online course semester gift package: Orange Pi 5 development board

2W class advanced online course semester gift package: Pixel 2 testing phone

Q: Is the online course content the same as the offline class content?

A: The content of the 30,000 monthly salary plan is the same as that of the offline class, we have refined the actual needs and questions of everyone in the offline class, rearranging and producing content to share with everyone as an online course. The content of the 20,000 monthly salary plan is newly produced by the lecturers of the 30,000 plan, fully reflecting the needs of the frontline work scene, closer to practical, useful, and easy to use.

Q: Is the online course content the same as the offline class content?

A: Currently, regarding ollvm and vmp, any so-called automation comes with many prerequisites and conditions; the fastest way to restore ollvm or vmp is still manual analysis, usually taking two to three days at best, or one to two weeks at worst, to basically restore.

Although ollvm or vmp is very complex, it does not mean there are no tricks and judgment methods; relying on our rich experience, we will teach everyone the universal methods and general and special techniques for debugging and analysis in class, while leading everyone to develop their own ollvm and vmp virtual machines, allowing students to encrypt their own programs and analyze others’ algorithms protected by ollvm or vmp, which is the spirit of teaching to fish conveyed by our Kanxue Advanced Research Class.

Q: I am very concerned about ollvm and vmp, can you introduce the restoration methods and details in detail?

A: The 20,000 monthly salary plan is recommended for those with at least one year of actual Android security job experience. Beginners can first read authoritative Android security books like Mr. Deng Fanping’s “Deep Understanding of Android: Java Virtual Machine ART” to get started, and improve their level by reading and posting on the Kanxue forum. This course is recommended for experienced professionals to recharge and learn.

Q: What kind of foundation is needed to register for the online course? Can beginners like me register?

The 30,000 monthly salary plan depends on everyone’s actual needs, generally those who can understand the directory and want to learn will understand themselves, and everyone does not need to blindly follow the trend. If you do not understand the directory and its specific meaning and significance, it is recommended to start with the 20,000 plan, accumulating technology and experience.

Q: Do I need to master the basics of the 20,000 plan before learning the 30,000 plan?

A: No, they are mutually independent. The 20,000 monthly salary plan is more oriented towards the frontline reverse engineering needs of job positions, while the 30,000 monthly salary plan is more focused on advanced debugging techniques, and the two complement each other. Many experts have signed up for both plans, and we will ensure that the live broadcast times do not conflict.

Q: I really want to learn advanced techniques; but there are also many things in the 20,000 class that I want to understand and learn, what suggestions do you have?

A: In fact, I recommend signing up for both classes, as several experts have signed up for both classes. Because first of all, the price is really not expensive, and we will stagger the live broadcast times to facilitate everyone to study both the 30,000 and 20,000 plans at the same time, learning the knowledge they want to learn.

Q: If I miss the live Q&A, will there be a replay of the live content?

A: Every live broadcast has a replay, which can be watched in the Kanxue course.

Q: How to register for the employment class? What is the process?

A: The employment class requires an assessment. The assessment process is to pay for registration first, and then start. It will go through resume, (remote) first and second interviews. After passing, pay the difference; if not passed, full refund.

Q: I have already registered, and I want to preview again before the class starts. Can you give me a preview guide so I can make good use of this time before the class starts?

A: In the 30,000 monthly salary plan, our main goal is to master debugging, analysis, and restoration methods for ollvm and vmp, customize the art virtual machine for automated unpacking, the main technology stack involves C/C++ restoration, arm (64), C++ development.

Therefore, I first recommend Mr. Deng Fanping’s “Deep Understanding of Android: Java Virtual Machine ART”, the fifth chapter of which explains the implementation language C++11 of the art virtual machine in detail, which is essential knowledge for reading the art source code; the other parts also explain in detail the format and content of Class files, dex files, and ELF files, as well as the technical details of the compilation, runtime, interpretation, memory, threads, etc. of the art virtual machine;

The second recommended book is “C++ Disassembly and Reverse Analysis Techniques Revealed”, which involves writing experimental code according to the methods in the book to compare arm assembly compiled with ndk, mastering the representation of C++ data types, control flow, functions, and classes in compiled arm assembly; I hope everyone can master this knowledge in advance, even if you don’t start looking now, you will be required to master it after the course starts.

In the 20,000 monthly salary plan, we focus more on enhancing various scenarios encountered in actual work, improving practical work ability and problem-solving ability. Therefore, building reverse engineering environments, comprehensive reverse engineering abilities, and utilizing code writing are key. The technology stack involved is also quite diverse: such as network, Ubuntu/Android system knowledge, application security development, Frida/JS/Python, etc., Java skills, which test the comprehensive technical foundation of students.

Therefore, starting from the needs in work practice, we recommend everyone first strengthen their Android Java code development and various network and interface knowledge, these two skills are widely applied in application security, vulnerability detection, penetration testing, and black-gray offensive and defensive directions. We do not recommend specific books, as long as they involve Java, Android, and network books, they are all acceptable. There is a saying that the height of development determines the height of your reverse engineering, and I hope everyone can make good use of the time before the class starts to strengthen their Java and network development capabilities.

Outstanding Student Works Showcase:

# November

“Using Frida-net to Expose App Algorithms Directly on Mobile without PC for Third-party Calls”

“Frida Analysis of Illegal Application Native Layer Algorithms”

“Frida Practical: An Attempt to Crack an Illegal Application”

“Using Unidbg to Crack the String Obfuscation of a Certain Ticketing Software and Fix SO”

“Cracking a Certain Ticketing Software’s VPN Capture”

“Developing a Dump Custom Client Certificate Script from SSL Library Memory Roaming”

# October

“Algorithm Reverse Analysis and Restoration after Dexvmp”

“Using Unicorn to Decrypt ollvm Strings”

“Frida Tracking Socket Interface to Self-Expose Game APK’s Server IP and Address”

“Frida Hook Java/Native and init_array Self-Expose Final Solution”

# September

“Getting Started with Debugging LLVM on macOS”

“Understanding and Analyzing Fart”

“Using ollvm to Customize Simple String Encryption”

“Using IDA Trace to Restore Non-Standard Algorithms Obfuscated by ollvm”

# August

Ollvm Algorithm Restoration Case Sharing

Using Frida to Print Java Class Function Call Relationships

# July

An Easy-to-Use Function Extraction Sample Restoration

A Custom ClassLoader Function Extraction Shell Sample

Using Xposed to Crack Flags in SO after ollvm

Using Frida to Analyze the Dynamic Registration JNI Function Binding Process

Frida Tracking All Java Functions Running in Interpretation Mode in Applications

# June

Raising a Cup to Invite Frida, Three Questions

Starting with Three Questions to Get Started with Frida

Some Insights and Practices in Writing Class Extraction Unpacking Tools Using Frida

Reverse Engineering of Audio and Video Calls in a Chat App

# May

Remembering a Dynamic Decryption of SO File

Using Frida to Simply Achieve Function Granularity Unpacking

First Attempt at IDA & FRIDA Joint Debugging of a Simple ollvm Protected Encryption Function Source Code

Ollvm Algorithm Restoration Case Sharing

# April

Some Practices of Converting Java Functions to Native

A Brief Analysis of the Principle of a Certain Extraction Shell

Frida Assisting in Unpacking

The Simplest Analysis of an APP about Dynamic Registration

# March

Sharing of Restoration Cases after ollvm

ollvm CrackMe Algorithm Analysis

ART Hooking System Functions Modifying Running Instruction Logic in Memory for Specific Methods Case Sharing

Unpacking and Repairing a Certain Class Extraction Reinforced APP

Registration Address

Online Course 30,000 Monthly Salary Plan:

https://www.kanxue.com/book-brief-84.htm

Scan to register immediately!

Online Course 20,000 Link:

https://www.kanxue.com/book-brief-83.htm

Scan to register immediately!

Course Consultant WeChat: r0ysue (note “Android Advanced Online Course”)

Share

Like

Watching

Click “Read the original text” to learn more!