该文章介绍了一门关于利用AI和大型语言模型(LLMs)进行Android APK逆向工程与安全分析的培训课程。课程内容包括静态与动态分析、工具集成(如Jadx、Ghidra、Frida)、代码注释与重构、Frida脚本生成、模糊测试 harness 创建以及自动化报告生成等。学员将通过实践项目掌握如何结合AI技术高效完成复杂APK的逆向分析。 2025-9-1 12:47:4 Author: fuzzinglabs.com(查看原文) 阅读量:13 收藏
Applied AI/LLM for Android APK Reversing and Analysis
Unlock the next level of Android security analysis in our hands-on AI-Augmented Reverse Engineering training. You will learn to wield both local and online Large Language Models to accelerate decompilation, automate Frida script generation, and supercharge your workflow in Jadx and Ghidra. From intelligent code annotation to automated reporting, this course will redefine how you approach APK analysis.
This hands-on training explores how AI and Large Language Models (LLMs) can augment the reverse engineering and security analysis of Android applications. Participants will learn to leverage both local and online LLMs to assist with decompiling, annotating, and analyzing APKs and native libraries. The training introduces Multi-Client Plugins (MCPs) to enhance static analysis tools like Jadx and Ghidra, and walks through real-world usage of LLMs for code refactoring, Frida script generation, fuzzing harness creation, and automated reporting. The course blends static and dynamic analysis with AI-assisted tooling, culminating in a hands-on project where participants reverse a complex APK using AI throughout the process.
Ocotber 26th - November 1st 2025
Gueric Eloi & Nabih Benazzouz
Day 1 : AI-Augmented Static Analysis
Module 1 | Introduction & Setup
Module 2 | AI Overview for Reverse Engineers
Module 3 | Jadx MCP + AI-enhanced Analysis
Module 4 | Ghidra MCP + AI Integration
Module 5 | AI-Powered Decompilation Refactoring
Module 6 | Practice Challenge
Day 2 : Dynamic Analysis + AI-Powered Automation
Module 7 | Frida Script Generation with AI
Module 8 | AI-Driven Fuzzing Harness Generation
Module 9 | Using Nuclei AI for Mobile Security
Module 10 | Automated Reporting with LLMs
Module 11 | Final Hands-on Project
Guerric Eloi
Guerric ELOI is a cybersecurity researcher at FuzzingLabs focused on Android and iOS security. He identifies high-impact vulnerabilities through penetration testing, reverse engineering, and bug bounty programs, working with vendors to prevent major threats. He also delivers practical training on mobile security and builds custom tools to automate vulnerability discovery and strengthen system defenses.
Nabih Benazzouz
Nabih is the COO of FuzzingLabs. Over the last 3.5 years he has moved from intern to security engineer, team lead, and now operations lead. His work focuses on fuzzing and vulnerability research, writing and maintaining tools in C, Python, Rust, and Go. He earned his cybersecurity-engineering degree from EPITA
Part 1 – AI-Augmented Static Analysis
Module 1 | Introduction & Setup
- Training overview
- Installing required tools: Jadx, Ghidra, Frida, Python LLM clients
- Introduction to MCPs (Multi-Client Plugins)
Module 2 | AI Overview for Reverse Engineers
- What LLMs can do for reverse engineering
- Prompt engineering basics
- Online vs local LLM models
- Tools: GPT-5, Claude, DeepSeek, StarCoder, Llama3
Module 3 | Jadx MCP + AI-enhanced Analysis
- Reverse engineering APKs with Jadx
- Using AI to annotate decompiled code
- Recovering class names, enums, constants
Module 4 | Ghidra MCP + AI Integration
- Reverse engineering native .so files
- Using AI inside Ghidra to annotate disassembly
- Generating and executing Ghidra scripts with LLM support
Module 5 | AI-Powered Decompilation Refactoring
- Refactor and clean decompiled Java/smali
- Use AI for control flow simplification, better naming
Module 6 | Practice Challenge
- Reverse a full APK using Jadx + AI
- Summarize functionality, permissions, and logic
- Deliver a short AI-assisted report
Part 2 – Dynamic Analysis + AI-Powered Automation
Module 7 | Frida Script Generation with AI
- Basics of Frida (Java + JNI hooking)
- Prompting LLMs to generate Frida scripts
- Auto-generate Java method hooks, native interceptors
Module 8 | AI-Driven Fuzzing Harness Generation
- Explain a target function to LLM
- Generate fuzz harnesses for Java/native
- Integrate with AFL++, libFuzzer
Module 9 | Using Nuclei AI for Mobile Security
- Create AI-generated Nuclei templates
- Connect APK analysis to backend scanning
- Combine static APK info with Nuclei tests
Module 10 | Automated Reporting with LLMs
- Auto-generate vulnerability reports
- Summarize technical data for exec/management
Module 11 | Final Hands-on Project
- Reverse a more complex APK (obfuscation + native)
- Use AI for annotation, Frida script, fuzzing, and report
- Deliver final findings
- Q&A, feedback, and resources
Prerequisites and requirements
PREREQUISITES
- Basic understanding of Android application structure and components (APK, manifest, smali/Java)
- Basic knowledge of reverse engineering concepts (Jadx, Ghidra, Frida is a plus)
- Familiarity with Python scripting
- Some experience with using LLMs (e.g., ChatGPT, Claude) is helpful but not required
- Optional: previous experience with fuzzing or mobile vulnerability analysis
SYSTEM REQUIREMENTS
- Operating System: Linux or macOS
- Internet Access: Required for using online LLMs
- Local AI: a local LLM client or interface
Founded in 2021 and headquartered in Paris, FuzzingLabs is a cybersecurity startup specializing in vulnerability research, fuzzing, and blockchain security. We combine cutting-edge research with hands-on expertise to secure some of the most critical components in the blockchain ecosystem.
Contact us for an audit or long term partnership!
Any questions about our services and trainings ?
Let’s work together to ensure your peace of mind.
如有侵权请联系:admin#unsafe.sh