applied security conferences and training: CanSecWest | PacSec | EUSecWest |

Security Masters Dojo

Advanced and intermediate security training and technology enhancement for information security professionals.

CanSecWest: Security Masters Dojo Vancouver

Reversing for the JVM and Android

Register for the March 12-13, 2-day course

Marc Schoenefeld


This course will provide an introduction into theory and practice of reversing Java applications. We present the technical foundations for both the Java and Android runtime environments that are important for understanding unknown binaries. This includes learning about bytecode dialects and the degrees of freedom to protect content of deployed applications.

Hands-on challenges will introduce students to both sides of the game - especially tools for obfuscation, de-obfuscation, binary analysis, and de-compilation.

PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.


Part 1: Background about the common technical foundations (approx 30% of course) Part 2: Android reversing


Being fluent in Java and Python will help students to complete the hands-on exercises in the expected timeframe.

What you will need to bring:

This Dojo uses freely available software (e.g. Radare2) for binary analysis, but guidance is given on how to transfer these techniques to be re-used with commercial tools, such as IDA.

Students require a working Docker infrastructure on their laptop, and we provide a standardized environment to work with pre-configured tools and toys. Brave students can work in their host OS, but the mileage may vary. Several examples will require you to analyse apps directly from the Play Store. For that purpose students should have their (alternative) Play Store credentials available.