Workshop: Android malware reverse engineering for the brave

Thursday 4 October 14:00 - 15:30, Small talks

Axelle Apvrille (Fortinet)

This workshop explains how to reverse engineer Android malware. It consists of several guided labs where participants work on real malware within a virtual environment. The malicious samples are all recent - less than a year old.

After a quick tour of the basic skills and tricks to reverse engineer Android samples, the training covers the following topics:

  • Dealing with obfuscated samples
  • Writing Radare2 scripts
  • Hooking the malicious application with Frida

Expected skills:

  • You should be at ease with Unix environments, and able to write quick (and dirty) code
  • There will be special labs that beginners can do at their own pace
  • The other labs (e.g Radare2, Frida, etc.) willl be of interest to more experienced reverse engineers


  • Attendees should bring their own laptop, pre-installed with Docker (see below)
  • Note the workshop mostly consists of labs, so a laptop is necessary



  • 64-bit laptop
  • At least 6 GB of free disk space
  • Docker (community edition is fine)
  • SSH client and/or vncviewer


  • Install Docker and check it works
  • Pull the lab's image: docker pull cryptax/android-re:latest

That's all!

To test it:

1. docker run -d --name workshop-test -p 5022:22 -p 5900:5900 cryptax/android-re

2. If you use ssh: ssh -X -p 5022 [email protected]
If you use vncviewer: vncviewer
The password is rootpass

3. In the Docker container, run: emulator7 &
Wait (may be long) to ensure the Android emulator opens up correctly



Axelle Apvrille


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.