Android reverse engineering educational starting points


Well-known member
Feb 24, 2021
Visit site
So in response to some people around here who want me to share some more technical stuff, here's some starting points for those who want to learn a bit about reverse engineering Android apps.

Here's the Android reverse engineering workshop page by Maddie Stone, a professional reverse engineer and security researcher for Google's Project Zero who's famous for finding the vulnerability that was used by the nasty Pegasus malware.

Here's a channel I just found and watched the first video on (which is absolutely amazing and I can't wait to watch more later). It's run by a female malware analyst who works at Microsoft.

These resources also contain stuff for reverse engineering native libraries if you need it. These two resources are sort of an entry point and you can find more yourself as you go down the rabbit hole.

Another useful thing will be a dalvik opcode (smali) manual. My favorite one is a third party one, specifically this site:

You can also ask ChatGPT for help with smali instructions if the manual isn't enough or you want a more intuitive explanation (it does get some stuff wrong once in a while).

If you are the developer of a paid app and people are incessantly cracking it and you wanna know where the weakness in your personal DRM scheme is, there are plenty of seedy sites and YouTube channels you can look at for how complicated protections are broken. Not gonna link any of that here cause of forum rules and the fact that most people will rampantly abuse it for piracy which I do not wanna be responsible for in any way. These shady resources are also great informal sources of information for general legal uses of reverse engineering, as long as you don't do the shady/illegal stuff yourself.

You do not need to know how to code in Java, I can't even write a line of it myself. If you have prior experience with coding in any language, even if you suck at making anything significantly harder than a "Hello world" text demo, you should be able to make your way into reverse engineering. My personal obsession with reversing stuff came from a past class where I got addicted to writing assembly for 8-bit microcontrollers in a past class (was ridiculed for refusing to code in C and seeing assembly as easier, lol), after which I started modding game DLLs in my favorite singleplayer PC games to let me walk faster and stuff like that, and then I of course wanted to modify apps to have functionality that I like (such as changing the mechanics of singleplayer games on Android, customizing apps in general, etc...). I usually reverse engineer stuff now to show off to friends who now think I am some kind of cyber kingpin, haha.

In any case, enjoy the rabbit hole if you decide to go down it. Remember, with great power comes great (legal) responsibility.

Legal disclaimer: As far as I know, under US law reverse engineering is legal as long as you don't abuse it for piracy or black hat hacking that's in violation of the CFAA or local state laws. Be mindful of laws in your country if you do not live in the US.
Last edited: