Analyzing code by reverse engineering
Many times, an application makes the mistake of storing sensitive API keys and encryption keys at client side. After reverse engineering the iOS application, we can look in the source code for sensitive keys, application logic, and other such aspects.
In the iGoat application, there is an exercise of String Analysis where you have to find the answer to the riddle that lies in the source code and input it in the box to complete the challenge.
Follow these steps to perform string analysis:
Start the Reverse Engineering exercise from the iGoat application. It will prompt you with a window to answer the riddle:
If you provide the wrong answer to the riddle, it will show you an Incorrect! error and suggest you to look for hints:
You can reverse engineer the iOS application using methods that you learned earlier and perform string analysis using the
string
command.Another way could be to use the Hopper Disassembler. Provide the application's decrypted binary to...