[hackernewsn00b]

Hey OP, since you're here:

I find this pretty hard to follow. Would you be open to writing a longform version of this aimed at the tutorial level?

Reading between the lines, I would guess you're trying to demonstrate that you really know what you're doing. Maybe as a proof of concept for possible employment opportunities. If so, that's great! Good luck.

But if I were interested in reverse engineering some other app, I don't think I could understand what you've done well enough to use these techniques on that app. Except maybe the breakpointing within `fuck_debug`, that was pretty slick and easy to follow.

[yasoob]

If reading even the first part of this series doesn't help, read this beginner tutorial I recently wrote: https://yasoob.me/posts/reverse-engineering-android-apps-apk... It starts you off with the basics and uses smali.

After that you can explore this tutorial on frida: https://securitygrind.com/bypassing-android-ssl-pinning-with... These two techniques will give you some more basic knowledge of how app reversing is done. :)

[3eed]

It's true, these posts are for intermediate and upper reverse engineers. It would really take a book to explain it from the ground up it like someone here mentioned. I suggest getting some background in assembly, then reading the OWASP guide (link in my previous HN post), and persistence.

[drudu]

Obviously not the OP but I think that a longform version of this would be an entire book/college level course. I wish I could learn how to reverse state of the art obfuscation in a single, long post but that's just not how it works.

[fingerlocks]

I would pay for that book.

[saagarjha]

I found it fairly reasonable, although you'd have to have a general idea of the subject beforehand. I read it as a being aimed at reverse engineers who are looking for some general techniques to bypass common anti-debugging/obfuscation features rather than "how to reverse engineer apps 101".

[reagent_finder]

"Reasonable" is a stretch, "interesting" is the right word. Personally I'd put this in the "Oh, huh" box along with quantum crypto. It's interesting, it's complex and it's got way too many engineering hours behind it... but ultimately for 99% of people or even 99% of computer scientists or HN readers, it's just fascinating trivia.

I absolutely appreciate these posts, this guy spent WEEKS delving into the depths of SnapChat just for the joy of discovery.

Maybe a good classification would be that part 1 is detailing a number of obfuscation techniques and the key thing to take away is that all of them CAN be bypassed.

[jonas21]

It's easier to follow if you read part I of the series first:

https://hot3eed.github.io/2020/06/18/snap_p1_obfuscations.ht...

[masteruvpuppetz]

+1. Need a simpler version if possible.