Book Image

Mobile App Reverse Engineering

By : Abhinav Mishra
5 (1)
Book Image

Mobile App Reverse Engineering

5 (1)
By: Abhinav Mishra

Overview of this book

Mobile App Reverse Engineering is a practical guide focused on helping cybersecurity professionals scale up their mobile security skills. With the IT world’s evolution in mobile operating systems, cybercriminals are increasingly focusing their efforts on mobile devices. This book enables you to keep up by discovering security issues through reverse engineering of mobile apps. This book starts with the basics of reverse engineering and teaches you how to set up an isolated virtual machine environment to perform reverse engineering. You’ll then learn about modern tools such as Ghidra and Radare2 to perform reverse engineering on mobile apps as well as understand how Android and iOS apps are developed. Next, you’ll explore different ways to reverse engineer some sample mobile apps developed for this book. As you advance, you’ll learn how reverse engineering can help in penetration testing of Android and iOS apps with the help of case studies. The concluding chapters will show you how to automate the process of reverse engineering and analyzing binaries to find low-hanging security issues. By the end of this reverse engineering book, you’ll have developed the skills you need to be able to reverse engineer Android and iOS apps and streamline the reverse engineering process with confidence.

Related Content you might be interested in

Current Title:

Small book image
Mobile App Reverse Engineering
Abhinav Mishra
May, 2022 | 166 pages
Small book image
Ghidra Software Reverse Engineering for Beginners
David Álvarez Pérez
Jan, 2021 | 322 pages
Small book image
IoT Penetration Testing Cookbook.
Aditya Gupta | Aaron Guzman
Nov, 2017 | 452 pages
Small book image
Practical Mobile Forensics
Heather Mahalik | Rohit Tamma | Oleg Skulkin | Satish Bommisetty
Apr, 2020 | 400 pages
Table of Contents (13 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
What not to expect from the book
Download the color images
Conventions used
Disclaimer
Get in touch
Share Your Thoughts
1
Section 1: Basics of Mobile App Reverse Engineering, Common Tools and Techniques, and Setting up the Environment
Section 1: Basics of Mobile App Reverse Engineering, Common Tools and Techniques, and Setting up the Environment
Free Chapter
2
Chapter 1: Basics of Reverse Engineering – Understanding the Structure of Mobile Apps
Chapter 1: Basics of Reverse Engineering – Understanding the Structure of Mobile Apps
Technical requirements
Reverse engineering fundamentals
Android application fundamentals
iOS application fundamentals
Summary
3
Chapter 2: Setting Up a Mobile App Reverse Engineering Environment Using Modern Tools
Chapter 2: Setting Up a Mobile App Reverse Engineering Environment Using Modern Tools
Technical requirements
Tools for the reverse engineering of mobile applications
Summary
4
Section 2: Mobile Application Reverse Engineering Methodology and Approach
Section 2: Mobile Application Reverse Engineering Methodology and Approach
5
Chapter 3: Reverse Engineering an Android Application
Chapter 3: Reverse Engineering an Android Application
Technical requirements
Android application development
The reverse engineering of Android applications
Extracting the Java source code
Converting DEX files to smali
Reverse engineering and penetration testing
Modifying and recompiling the application
Code obfuscation in Android apps
Summary
6
Chapter 4: Reverse Engineering an iOS Application
Chapter 4: Reverse Engineering an iOS Application
Technical requirements
iOS app development
Understanding the binary format
Reverse engineering an iOS app
Summary
7
Chapter 5: Reverse Engineering an iOS Application (Developed Using Swift)
Chapter 5: Reverse Engineering an iOS Application (Developed Using Swift)
Technical requirements
Understanding the difference between Objective C and Swift applications
Reverse engineering a Swift application
Summary
8
Section 3: Automating Some Parts of the Reverse Engineering Process
Section 3: Automating Some Parts of the Reverse Engineering Process
9
Chapter 6: Open Source and Commercial Reverse Engineering Tools
Chapter 6: Open Source and Commercial Reverse Engineering Tools
Technical requirements
Tools for mobile application reverse engineering
Case study – reverse engineering during a penetration test
Case study – reverse engineering during malware analysis
Summary
10
Chapter 7: Automating the Reverse Engineering Process
Chapter 7: Automating the Reverse Engineering Process
Technical requirements
Automated static analysis of mobile applications
Case study one – automating reverse engineering tasks
Case study two – automating test cases to find security issues
Summary
11
Chapter 8: Conclusion
Chapter 8: Conclusion
Excelling in Android application reverse engineering – the way forward
Excelling in iOS application reverse engineering – the way forward
Utilizing reverse engineering skills
Summary
Why subscribe?
12
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Chapter 1: Basics of Reverse Engineering – Understanding the Structure of Mobile Apps

All of us use cell phones in our daily lives now, and their usage has grown to such a crucial level that people frequently name cell phones as one of the three things you can't live without, after food and water. Cell phones handle almost every task, from managing funds in bank accounts and investments to travel bookings, shopping, and health appointments.

To perform these tasks, cell phones have mobile apps. These apps handle a majority of your data and help you perform tasks.

As these modern mobile apps handle sensitive user information, perform critical tasks, and provide access to a huge array of resources on the internet, the security of the data being handled and the operations performed on it also need to be improved.

A mobile application penetration tester tests the security of mobile applications in order to find vulnerabilities. To find the vulnerabilities, the tester is required to understand the internal working and logics of the application. These details can be found in the source code of the application. However, the penetration testers do not always have the source code to hand, as in the case of a black-box penetration test. During a black-box penetration test, all that the penetration tester has is the application package, that is, the Android Application Package (APK) or iOS App Store Package (IPA) file. In such a case, to understand the working of the app, they need to unpack the application package and get the source code.

Reverse engineering is the technique of dismantling an object to study its internal designs, code, logic, and so on. Reverse engineering mobile applications is the process of disassembling/dismantling an app to reveal its code and internal logic, components, and so on.

In this chapter, we're going to cover the following main topics:

  • Reverse engineering fundamentals
  • Android application fundamentals
  • iOS application fundamentals

We will learn about the basics of reverse engineering and how mobile applications are built. These fundamentals are important to understand before we can jump into the actual task of reverse engineering modern apps.

Previous Section
End of Section 1
Next Section