If you’ve been using Ghidra for a while, your workflow is probably similar to mine. You’ve got a binary you’re interested in untangling, so what do you do? You open up Ghidra, create a new project, drag your file over, and start digging. Sooner or later, you encounter a huge binary. Maybe it’s statically linked and you’re left with hundreds of megabytes of function spaghetti. You can tackle it alone like you’ve been doing, but this time you think it’s best if you hit up some friends.
Imagine you’re a web developer who’s got a little bit of Android experience. You’ve built a progressive web app—it’s beautiful, functional, responsive. Everything the user sees was meticulously placed and crafted with purpose. You’re proud of what you’ve done. Why wouldn’t you be? Now. How do you take this web-centric experience and apply an Android veneer? Like most devs, you’ll probably find yourself reaching for a WebView. It presents a web page as the app’s interface, along with a basket of other features.
Acclimating to a new reverse engineering platform for the first time is a daunting experience. It’s information overload. What am I supposed to be looking at? What are all of these windows trying to tell me? How do they relate to one another? What levers do I have to play with? With enough experience, answers naturally emerge. But before this intuition builds, a clear starting point is needed.
I first reached for YouTube, studying the workflows that reverse engineers like LiveOverflow used when exploring binaries.