- 37
- 125 644
FatalSec
India
Приєднався 25 чер 2022
Join us on a journey of exploration and learning, as we delve into the fascinating realm of penetration testing on mobile devices and demonstrate responsible and legal ethical hacking techniques.
Our channel is your ultimate resource for gaining hands-on experience in mobile security. Whether you are a beginner or an experienced cybersecurity professional, we provide insights, tutorials and real world examples to expand your knowledge and skills.
Our channel is your ultimate resource for gaining hands-on experience in mobile security. Whether you are a beginner or an experienced cybersecurity professional, we provide insights, tutorials and real world examples to expand your knowledge and skills.
ARMv8 Assembly: Lesson5 (Shift & Rotations)
#ARMv8 #Assembly #gdb #logicalshift #logicalrotation #immediatemode #registermode #ror #lsl #lsr
Welcome to Lesson 4 of the ARMv8 (64-bit) Assembly Series from FatalSec!
In this video, we will learn how to perform logical shift operations such as LSL, LSR and also how to perform rotations such as ROR using ARMv8 assembly. We will also see how these logical operators can be used in real world scenarios.
It is recommended to view the previous videos if you have not already to gain basic knowledge about ARMv8 architecture:
ua-cam.com/play/PLRCcMq_6zblq6SQBP2OGAEMBVlGFgFZtE.html
ARM Developer Suite Assembler Guide:
- LSL: developer.arm.com/documentation/dui0802/a/A64-General-Instructions/LSL--immediate-
- LSL: developer.arm.com/documentation/dui0802/a/A64-General-Instructions/LSL--register-
- LSR: developer.arm.com/documentation/dui0802/a/A64-General-Instructions/LSR--immediate-
- LSR: developer.arm.com/documentation/dui0802/a/A64-General-Instructions/LSR--register-
- ROR: developer.arm.com/documentation/dui0802/a/A64-General-Instructions/ROR--immediate-
- ROR: developer.arm.com/documentation/dui0802/a/A64-General-Instructions/ROR--register-
Connect with us on:
X: @SecFatal
Telegram: t.me/SecFatal
Mail: [secfatal@proton.me](mailto:secfatal@proton.me)
You can also support us by buying a cup of coffee: [buymeacoffee.com/secfatalz](buymeacoffee.com/secfatalz)
Welcome to Lesson 4 of the ARMv8 (64-bit) Assembly Series from FatalSec!
In this video, we will learn how to perform logical shift operations such as LSL, LSR and also how to perform rotations such as ROR using ARMv8 assembly. We will also see how these logical operators can be used in real world scenarios.
It is recommended to view the previous videos if you have not already to gain basic knowledge about ARMv8 architecture:
ua-cam.com/play/PLRCcMq_6zblq6SQBP2OGAEMBVlGFgFZtE.html
ARM Developer Suite Assembler Guide:
- LSL: developer.arm.com/documentation/dui0802/a/A64-General-Instructions/LSL--immediate-
- LSL: developer.arm.com/documentation/dui0802/a/A64-General-Instructions/LSL--register-
- LSR: developer.arm.com/documentation/dui0802/a/A64-General-Instructions/LSR--immediate-
- LSR: developer.arm.com/documentation/dui0802/a/A64-General-Instructions/LSR--register-
- ROR: developer.arm.com/documentation/dui0802/a/A64-General-Instructions/ROR--immediate-
- ROR: developer.arm.com/documentation/dui0802/a/A64-General-Instructions/ROR--register-
Connect with us on:
X: @SecFatal
Telegram: t.me/SecFatal
Mail: [secfatal@proton.me](mailto:secfatal@proton.me)
You can also support us by buying a cup of coffee: [buymeacoffee.com/secfatalz](buymeacoffee.com/secfatalz)
Переглядів: 104
Відео
Tracing Instructions & Intercepting System Calls
Переглядів 87128 днів тому
#syscalls #svc #frida #stalker #ghidra #android #pentest Welcome to FatalSec! 🔥 In this deep dive, we’re exploring advanced techniques for Android app pentesting using Frida Stalker. You’ll learn how to trace the runtime instructions of an app, making it possible to see exactly what's being executed step-by-step. We’ll also demonstrate how to parse registers and memory by tracing SVC instructio...
Reverse Engineering Obfuscated Flutter App
Переглядів 3 тис.2 місяці тому
#flutterobfuscatedapp #mobilesecurity #dartdecompilation #dartobjectpool #reverse-engineering Hello everyone and welcome to another video on Flutter by FatalSec. In this video we are gonna learn how to deal with an obfuscated flutter application by resolving Dart Object Pool indirections. You will also learn about some of the internals of DartVM such as Snapshots and Isolates. The most importan...
ARMv8 Assembly: Lesson4 (Logical Operators)
Переглядів 3153 місяці тому
#ARMv8 #Assembly #gdb #logicaloperators #registerdirect #mvn #orr #eor #and Welcome to Lesson 4 of the ARMv8 (64-bit) Assembly Series from FatalSec! In this video, we will learn how to perform some basic logical operations such as AND, OR, XOR, NOT using ARMv8 assembly. We will also see how these logical operators can be used in real world scenarios. It is recommended to view the previous video...
ARMv8 Assembly: Lesson 3 (ADD, SUB, MUL, set CPSR)
Переглядів 5174 місяці тому
#ARMv8 #Assembly #gdb #arithmetic #registerdirect #add #sub #mul #cpsr Welcome to Lesson 3 of the ARMv8 (64-bit) Assembly Series from FatalSec! In this video, we will learn how to perform some basic arithmetic operations such as addition, subtraction and multiplication using ARMv8 assembly. We will also see how to set the CPSR register using variations on ADD and SUB instruction. It is recommen...
ARMv8 Assembly: Lesson 2 (Addressing modes via ADR, LDR)
Переглядів 6495 місяців тому
#ARMv8 #Assembly #gdb #addressingmodes #registerindirect #registerdirect Welcome to Lesson 2 of the ARMv8 (64-bit) Assembly Series from FatalSec! In this video, we will cover various ways in which processor access the data from the memory and register. These are called addressing modes. To demonstrate these different modes we will create some simple ASM source code, go over assembly instruction...
ARMv8 Assembly: Lesson 1 (MOV, Exit Syscall)
Переглядів 1 тис.5 місяців тому
#ARMv8 #Assembly #MOV #GDB #Programming Welcome to Lesson 1 of the ARMv8 (64-bit) Assembly Series from FatalSec! In this video, we will cover how registers work, create some simple ASM source code, go over a few basic assembly instructions, as well as all the prerequisites you will need for future videos in this series. ARM Developer Suite Assembler Guide: developer.arm.com/documentation/dui005...
Bypassing iOS Anti Reversing Defences Using Frida
Переглядів 2,2 тис.6 місяців тому
#iospentesting #mobilesecurity #owasp #anti-reversing This video will provide a walkthrough on dynamically bypassing anti-debugging and anti-reversing defences used in iOS applications. For the purpose of this video we are going to use ios-challenge-2 provided by OWASP Foundation as a part of their mobile security testing guide. You can download the challenge application as well as the bypass s...
Reverse Engineering Flutter Based Android Applications
Переглядів 7 тис.7 місяців тому
#flutter #dartvm #reverse engineering #blutter #frida In this video, we are diving into the fascinating world of flutter reverse engineering. By the end of this video, you would be able to analyze any flutter based android application. For this tutorial we have used a tool called Blutter which is capable of parsing Dart AOT Snapshots of all the latest dart versions including some old ones. You ...
How to crack serial key for any program using Angr Framework
Переглядів 5 тис.9 місяців тому
#cracklicense #angrframework #keygen #arm64 #staticanalysis In this video, we delve into the fascinating world of reverse engineering license key validation algorithms. Using the powerful angr framework, we uncover the secrets behind a sample Android application that prompts users to input two valid license keys for unlocking new features. Our exploration focuses on the ARM64 architecture, wher...
Bypassing advance frida detections using Frida
Переглядів 4,6 тис.10 місяців тому
#fridadetection #fridabypass #android #pentest #arm64 #mobilesecurity In this video we are going to learn some new frida detection techniques which requires both static and dynamic analysis. We are going to use radare2 and Ghidra tools as our disassembler to disassemble the binary and extract some insights from it and also understand how application hides some of the implementation using stealt...
Bypass SSL Pinning for Flutter apps using Frida
Переглядів 12 тис.Рік тому
Bypass SSL Pinning for Flutter apps using Frida
Bypassing Jailbreak Detection in iOS - Beginner Friendly
Переглядів 3,1 тис.Рік тому
Bypassing Jailbreak Detection in iOS - Beginner Friendly
Bypassing advance root detections using Frida
Переглядів 7 тис.Рік тому
Bypassing advance root detections using Frida
Emulating Android library to decrypt strings (Qiling Framework)
Переглядів 2,2 тис.Рік тому
Emulating Android library to decrypt strings (Qiling Framework)
How to Unpack Protected Android APK with Frida
Переглядів 6 тис.Рік тому
How to Unpack Protected Android APK with Frida
How to Bypass Multiple SSL Pinning on Android
Переглядів 10 тис.Рік тому
How to Bypass Multiple SSL Pinning on Android
Secrets of Bypassing Hook Integrity Checks on Android - Make it Yours!
Переглядів 7 тис.Рік тому
Secrets of Bypassing Hook Integrity Checks on Android - Make it Yours!
Solving OWASP MSTG Android crackme level 2 using Frida
Переглядів 2,3 тис.Рік тому
Solving OWASP MSTG Android crackme level 2 using Frida
How to bypass root detection using Frida in Android
Переглядів 13 тис.Рік тому
How to bypass root detection using Frida in Android
Qiling Lab's ARM64 Emulation Challenges (6 to 9)
Переглядів 332Рік тому
Qiling Lab's ARM64 Emulation Challenges (6 to 9)
Arm64 binary emulation using Qiling Framework (Challenges 3 to 5)
Переглядів 6192 роки тому
Arm64 binary emulation using Qiling Framework (Challenges 3 to 5)
Arm64 binary emulation using Qiling Framework
Переглядів 2,8 тис.2 роки тому
Arm64 binary emulation using Qiling Framework
How to install Kali Linux on Android without rooting
Переглядів 4402 роки тому
How to install Kali Linux on Android without rooting
Frida Stalker - Tracing binary instructions
Переглядів 4,6 тис.2 роки тому
Frida Stalker - Tracing binary instructions
Unicorn Emulation - Emulating ARM64 binary using Unicorn Emulation (Part 2)
Переглядів 8772 роки тому
Unicorn Emulation - Emulating ARM64 binary using Unicorn Emulation (Part 2)
Unicorn Emulation - Emulating arm64 binary using Unicorn Emulation (Part 1)
Переглядів 3 тис.2 роки тому
Unicorn Emulation - Emulating arm64 binary using Unicorn Emulation (Part 1)
Unicorn Emulation - Cross Compiling C Code for ARM64
Переглядів 1,2 тис.2 роки тому
Unicorn Emulation - Cross Compiling C Code for ARM64
Overview of ARM64 Architecture and Instruction Sets
Переглядів 2,1 тис.2 роки тому
Overview of ARM64 Architecture and Instruction Sets
Thanks for this series...... Your explanation and voice is just wow 👍🤝♥️
Is there ARM64 assembler & emulator for Windows for learning ARM64
Thanks for your effort. I really want to learn more about Assembly, but it is a nightmare. I turned on the notification bell on your channel so I would not forget about your videos (I have been impressed with your videos about reverse engine Android application).
Thanks. Glad to hear that the videos are helping you in your learning journey.
Actually I watched this tutorial twice it is really hard, the hardest thing is that you are not using Radar2 I found it difficult to understand I hope you will repeat this tutorial using Radar2 I also think that the source code has been updated 😅
Hi bro, can you make a video on finding all manual static analysis issues on an apk file?
For that you can use tools like MobSF which will generate a report for you showing all the vulnerabilities and potential issues.
You are great, bro
Oh no I am just sharing knowledge!
@fatalsec This is where the brilliance lies. You are a good professor. More knowledge for you and for us. Thank you for all your efforts.
Really amazing thanks brother ❤, more videos
This app is not working right now
Thanks for letting me know. I will check and update it if required.
Keep going deep into this kind of lessons sir.
18: 37 @fatalsec How can you run the arm-arch-64 binary in x86 machine?
Using a cross compiler. You will find GCC cross compilers for different target architectures.
@@fatalsec I built using gcc cross compiler as you explained, but I was confused how come you can run aarch 64 binary in x86 machine. then i found that you are running in qemu kind of emulation for aarch64 architecture. ami i right?
13.35 Can you please make another video on ELF File Format Detail? Thank you.
Okay noted
You want it to be more specific for emulation purposes?
@@fatalsec yes, armv8-a emulation, in specific for embedded developers
@@fatalsec thank you 🙂
Awesome content 👏
Hi @fatalsec, Where can get the latest ARMv8-A Developer guide? Any ideas? Thanks.
I see the Version 1.0 dated 2015. Is this the latest? thank you.
Yes sir, the video is very useful. I hope we watch the sequel.
Hello, how to find API in flutter app. Please make a detailed video
You mean web apis?
@fatalsec yes. I want which api used by app.
Will you be creating more ARM64 / AARCH64 V8 Assembly tutorials?
Yes next video is going to be arm assembly
I was struggling for month while trying to work on an Flutter app, until I saw this video! Great job <3
Amazing video. That's exactly the topic i was thinking about this week. I have a question: Can we edit the syscall arguments with such approach? For example: replace the name of the file which app is trying to open with openat() syscall?
Yes you can manipulate the arguments using this approach. Just modify the register value before SVC instruction.
@@fatalsec thank you very much, I really needed that. I appreciate your content btw. Subscribed now
18:25 Will be there a different if used MOV instead of ADR?
Yes there is a difference in these two instructions. MOV will directly copy the value mentioned in the instruction whereas ADR will store it as an address. Like a pointer in C.
Wouldn't using IDA / Ghidra for analyzing the assembly better?
You can use any disassembler of your choice. It’s sometimes easier to work with radare as it has some advance analysis features.
Request: 1. iOS app/binary emulation Awesome content.
Noted
Epic as always ❤
Thank you for the awesome content, Keep going bro ♥ I don't understand the difference between Frida's Stalker & QBDI (QuarkslaB Dynamic binary Instrumentation), If you can make a video on the topic that would be awesome ♥ Thank you.
The difference between stalker and QBDI is that stalker traces the instruction as the application gets executed whereas QBDI uses emulation along with realtime execution. Will plan to make a video on it soon.
@@fatalsec Looking forward to it, Thank you bro keep going 🔥
Do you have any tutorial for decrypting encrypted body requests & responses in flutter app?
Underrated bro!!<3
What if the lib itself is obfuscated like libUE4.so in games like BGMI/PUBG and how does people still find the RVA of the exact function?
Thats the tricky part actually. You have to use both static and dynamic analysis to figure out where your target function is. You may need to do apply some de-obfuscation techniques to recover the information which can help you in identifying the target function.
@@fatalsec meanwhile I have to master frida first
Thanks helped alot bro. But I want you to tell me that is there any way to reverse engineer backend server (api) 😅 that is what I want pls do quick research and tell me.
You are amazing, you are wonderful
🎉
Sir meri aap se ek choti se request hai mera ek game hai jo 2012 me lunch hua tha ab wo game nhi chal rha hai please aus ko aaj ke phone ke hisaab se kr dijiye please 😢😢😢😢😢😢😢😢😢😢😢😢
Can we use objection instead of writing frida script..
Under the hood objection also uses frida scripts. I don’t know whether objection has updated their ssl pinning bypass script to en corporate flutter!
Can you please make a course and train how to write own Frida script
Yes this is something I am going to start soon.
Why don’t you use ghidra or ida pro to open up the lib ?
Oh just personal preference. You can use anyone. Radare does have some extra capabilities which helps during analysis.
@@fatalsec can you please make a separate video for decompiling libs with different techniques kind everything about libs and Android ndk how it works thanks 🙏
@@shivvratraghuvanshi522 noted
Wonderful content want to connect with you
You can connect with me on telegram by joining our group t.me/SecFatal
Hello MR want to connect with you can you suggest how to connect
You can join our telegram group and connect with us at t.me/SecFatal
@fatalsec is it possible to connect one to one
I have error message Expected pointer, what is it mean?
This means that the address you are trying to hook is not a valid address.
@@fatalsec I had successfully trap the API communication to burp, but when the application receive a response from the server. the application shows pop up error: '_X509CertificateImpl'. Is it possible that the server validate the http request when we are using burp certificate to communicate to the server?
one thousand claps for this video, great tutorial!
hi, great video, i have an apk it has , root detection, frida detection and sslpinning, can you help me with that please?
wow...thank you so much..i really learned alot from it
More videos
More videos ❤❤❤
brother please teach me everything you know if u can make a course i will buy it i swear please make a course from the groundup to advanced
Hi, please connect with me on telegram to discuss further.
Can you find activation key of flashdoom software pls reply now
Such an excellent video. On to the next one. I hope keep doing this. This is so helpful. Thanks for video
bro can you make a video on how to find secret key ? i was intercepting an login of an app and there i would signature parameter generating...when were we execute it generate in hashs..
This was very insightful, thank
Please share the script code in the video description so we can copy paste easily, thank you
Wonderful video brother. Would appreciate if you let us know how to make a universal frida script to bypass all flutter based android apps as you said in the end of the video. Thank you once again.
If I have [pp+0x80], how do I use "/ad/ add.*, x27, 0x, lsl 12; 0x80]" This line of code finds the memory address of 0x80