Stealing data from the application source code residing on the phone, as also recognized under OWASP Mobile Top 10 as M10: Lack of Binary Protection, is a source of leakage of sensitive hardcoded data. Reverse engineering the mobile application to obtain the decompiled source code and then mining the data hardcoded in the application is performed. At times developers tend to hardcode connection strings, passwords, keys, or access tokens in the application.
This recipe extends the goal of the previous recipe to the Blackberry platform and attempts to decompile the Blackberry application that is in .cod
format.
The following tools are required for the readiness in accordance with the current recipe:
Coddec: A tool to convert
.cod
file to.java
file is needed. We used Coddec for the same.A few .cod files: We need a few application files that are
.cod
files to attempt decompilation.