This repository documents a deep static security assessment and reverse engineering analysis performed on a production mobile application.
The research focused on reconstructing the application's internal architecture, identifying backend communication workflows, analyzing authentication mechanisms, inspecting local storage implementations, and mapping the networking stack through APK decompilation and smali bytecode analysis.
The assessment was conducted in a controlled research environment strictly for educational and defensive security research purposes.
The primary objectives of this assessment included:
- Mobile APK reverse engineering
- Smali bytecode inspection
- Backend communication analysis
- Authentication workflow reconstruction
- Session management analysis
- Secure storage inspection
- Networking stack identification
- Endpoint discovery
- Mobile application architecture mapping
- Runtime interception preparation
The application utilizes:
- OkHttp3
- HTTP form-based authentication
- Cookie-based session management
- ASP.NET backend communication architecture
okhttp3.OkHttpClient
okhttp3.Request
okhttp3.FormBody
okhttp3.CookieJar
okhttp3.CertificatePinner
The APK was decompiled to extract:
- Smali bytecode
- AndroidManifest.xml
- Internal package structures
- Resource files
- Application metadata
apktool d app.apkStatic analysis was performed across:
smali/
smali_classes2/
The assessment identified multiple internal modules related to:
Networking
Storage
Authentication
UI Components
Session Handling
The application communicates with a remote backend infrastructure over HTTPS.
Observed functionality included:
- Authentication requests
- Captcha handling
- Attendance retrieval workflows
- Academic data requests
- Session persistence handling
The login workflow was reconstructed through static inspection of request structures and ASP.NET state management mechanisms.
txtUserName
txtPassword
__VIEWSTATE
The application appears to rely on:
- ASP.NET ViewState handling
- Session cookies
- Form-based authentication requests
The application implements encrypted local storage using:
androidx.security.crypto.EncryptedSharedPreferences
AES256_SIV
AES256_GCM
The application stores:
- Session information
- Authentication state
- Persistent string values
- Boolean flags
- Timestamp values
- Float-based preference data
PrefsManager.smali
OkHttpClient.smali
Request.smali
FormBody.smali
CookieJar.smali
CertificatePinner.smali
- EncryptedSharedPreferences implementation
- Structured networking abstraction
- HTTPS-based communication
- Session persistence controls
- Certificate pinning implementation presence
- Backend endpoint exposure
- Static request parameter discovery
- Session workflow reconstruction
- Request structure visibility
- Cookie handling exposure
Performed using:
- Apktool
- Smali inspection
- String extraction
- Endpoint enumeration
- Manual bytecode tracing
- Network stack reconstruction
findstr /s /i "http" *.*
findstr /s /i "Request$Builder" *.*
findstr /s /i "SharedPreferences" *.*
findstr /s /i "Authorization" *.*
findstr /s /i "Cookie" *.*The research also included preparation for runtime interception and traffic analysis using:
- Burp Suite
- Frida
- TLS interception workflows
- Dynamic request tracing
- Runtime instrumentation concepts
The assessment followed a layered mobile application security research methodology:
- APK extraction
- Package enumeration
- Smali reconstruction
- Network stack identification
- Authentication flow tracing
- Secure storage analysis
- Endpoint discovery
- Runtime interception preparation
This research demonstrates practical experience in:
- Android reverse engineering
- Mobile application security analysis
- APK decompilation
- Smali bytecode inspection
- Android networking analysis
- Authentication mechanism analysis
- Secure storage assessment
- Mobile security research methodology
This repository is intended strictly for:
- Educational purposes
- Defensive security research
- Authorized application analysis
- Mobile application security learning
No unauthorized access, exploitation, or malicious activity was performed.
Darsh Chatrani
- Cybersecurity Researcher
- Certified Penetration Tester (CPT v3)
Portfolio: https://rootdarsh-dev.vercel.app/
Android Security
APK Reverse Engineering
Smali Analysis
Mobile App Security
Android Static Analysis
Cybersecurity Research
Android Networking Analysis
Mobile Security Assessment
Application Reverse Engineering