Reverse Engineering Android Applications - Part 1

A lot has been written on this topic, but a lot of information is either out of date or skipped over important steps, leaving you to piece the rest together from multiple articles, StackOverflow. I’ve had people share this issue and helped a handful of people with it, so I decided to attempt writing a step-by-step that would cover everything needed to get started.

PrestaShop’s ‘EU Cookie Law GDPR (Banner + Blocker)’ SQLi

Description CVE-2022-44727 The PrestaShop e-commerce platform module EU Cookie Law GDPR (Banner + Blocker) contains a Blind SQL injection vulnerability up to version 2.1.2. This module is widely deployed and is a “Best seller” on the add-ons store. This vulnerability permits reading the shop’s database, allowing access to PII, and installing malware such as credit card stealers.

Software Packers - Reverse Engineering Protection and AV Evasion

What even is a packer Once upon a time, we didn’t have high speed network connections which meant downloading software could take a long time. This lead to the creation of so called “software packers”, software which would take a executable and compress it into a self extracting executable.

User Mode Rootkits - Process Hiding

If a user mode rootkit with no kernel component wants to hide itself from programs such as Task Manager or Process Explorer, it is possible to do so. Programs such as Task Manager will use the NtQuerySystemInformation API to retrieve a list of current processes.

Return Oriented Programming

NX bit Modern operating systems make use of the NX bit to mark memory pages as non executable. The CPU will not run instructions on those pages. What this means is, if we write a payload into the memory and it’s on such non executable memory region (such as the stack), the program will crash.