Book Image

Mobile App Reverse Engineering

By : Abhinav Mishra
5 (1)
Book Image

Mobile App Reverse Engineering

5 (1)
By: Abhinav Mishra

Overview of this book

Mobile App Reverse Engineering is a practical guide focused on helping cybersecurity professionals scale up their mobile security skills. With the IT world’s evolution in mobile operating systems, cybercriminals are increasingly focusing their efforts on mobile devices. This book enables you to keep up by discovering security issues through reverse engineering of mobile apps. This book starts with the basics of reverse engineering and teaches you how to set up an isolated virtual machine environment to perform reverse engineering. You’ll then learn about modern tools such as Ghidra and Radare2 to perform reverse engineering on mobile apps as well as understand how Android and iOS apps are developed. Next, you’ll explore different ways to reverse engineer some sample mobile apps developed for this book. As you advance, you’ll learn how reverse engineering can help in penetration testing of Android and iOS apps with the help of case studies. The concluding chapters will show you how to automate the process of reverse engineering and analyzing binaries to find low-hanging security issues. By the end of this reverse engineering book, you’ll have developed the skills you need to be able to reverse engineer Android and iOS apps and streamline the reverse engineering process with confidence.

Related Content you might be interested in

Current Title:

Small book image
Mobile App Reverse Engineering
Abhinav Mishra
May, 2022 | 166 pages
Small book image
Ghidra Software Reverse Engineering for Beginners
David Álvarez Pérez
Jan, 2021 | 322 pages
Small book image
IoT Penetration Testing Cookbook.
Aditya Gupta | Aaron Guzman
Nov, 2017 | 452 pages
Small book image
Practical Mobile Forensics
Heather Mahalik | Rohit Tamma | Oleg Skulkin | Satish Bommisetty
Apr, 2020 | 400 pages
Table of Contents (13 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
What not to expect from the book
Download the color images
Conventions used
Disclaimer
Get in touch
Share Your Thoughts
1
Section 1: Basics of Mobile App Reverse Engineering, Common Tools and Techniques, and Setting up the Environment
Section 1: Basics of Mobile App Reverse Engineering, Common Tools and Techniques, and Setting up the Environment
Free Chapter
2
Chapter 1: Basics of Reverse Engineering – Understanding the Structure of Mobile Apps
Chapter 1: Basics of Reverse Engineering – Understanding the Structure of Mobile Apps
Technical requirements
Reverse engineering fundamentals
Android application fundamentals
iOS application fundamentals
Summary
3
Chapter 2: Setting Up a Mobile App Reverse Engineering Environment Using Modern Tools
Chapter 2: Setting Up a Mobile App Reverse Engineering Environment Using Modern Tools
Technical requirements
Tools for the reverse engineering of mobile applications
Summary
4
Section 2: Mobile Application Reverse Engineering Methodology and Approach
Section 2: Mobile Application Reverse Engineering Methodology and Approach
5
Chapter 3: Reverse Engineering an Android Application
Chapter 3: Reverse Engineering an Android Application
Technical requirements
Android application development
The reverse engineering of Android applications
Extracting the Java source code
Converting DEX files to smali
Reverse engineering and penetration testing
Modifying and recompiling the application
Code obfuscation in Android apps
Summary
6
Chapter 4: Reverse Engineering an iOS Application
Chapter 4: Reverse Engineering an iOS Application
Technical requirements
iOS app development
Understanding the binary format
Reverse engineering an iOS app
Summary
7
Chapter 5: Reverse Engineering an iOS Application (Developed Using Swift)
Chapter 5: Reverse Engineering an iOS Application (Developed Using Swift)
Technical requirements
Understanding the difference between Objective C and Swift applications
Reverse engineering a Swift application
Summary
8
Section 3: Automating Some Parts of the Reverse Engineering Process
Section 3: Automating Some Parts of the Reverse Engineering Process
9
Chapter 6: Open Source and Commercial Reverse Engineering Tools
Chapter 6: Open Source and Commercial Reverse Engineering Tools
Technical requirements
Tools for mobile application reverse engineering
Case study – reverse engineering during a penetration test
Case study – reverse engineering during malware analysis
Summary
10
Chapter 7: Automating the Reverse Engineering Process
Chapter 7: Automating the Reverse Engineering Process
Technical requirements
Automated static analysis of mobile applications
Case study one – automating reverse engineering tasks
Case study two – automating test cases to find security issues
Summary
11
Chapter 8: Conclusion
Chapter 8: Conclusion
Excelling in Android application reverse engineering – the way forward
Excelling in iOS application reverse engineering – the way forward
Utilizing reverse engineering skills
Summary
Why subscribe?
12
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Reverse engineering fundamentals

Let's first understand the fundamentals of reverse engineering, why it is needed, and what steps are involved.

As mentioned earlier in this chapter, reverse engineering is the technique of dismantling an object to study its internal designs, code, and logic.

When a developer builds a mobile app, they choose a programming language (according to the targeted platform – Android, iOS, or both), write the code for the functionalities they want, and add resources such as images, certificates, and so on. Then the code is compiled to create the application package.

While reverse engineering the same app, the reverse engineer dismantles the application package to the components and code.

Some of the frequently used terms in reverse engineering are the following:

  • Decompilation: This is the process of translating a file from a low-level language to a higher level language. The tool used to perform decompilation is called a decompiler. A decompiler takes a binary program file and changes this program into a higher-level structured language. The following diagram illustrates the decompilation process:
Figure 1.1 – Diagram of the decompilation process

Figure 1.1 – Diagram of the decompilation process

  • Disassembling: This is the process of transforming machine code (in an object code binary file) into a human-readable mnemonic representation called assembly language. The tool used to perform disassembly is called a disassembler as it does the opposite of what an assembler does. The following diagram illustrates the disassembly process:
Figure 1.2 – Diagram of the disassembly process

Figure 1.2 – Diagram of the disassembly process

A simple binary disassembled in a disassembling tool, Hopper, looks as follows:

Figure 1.3 – Disassembled binary in Hopper

Figure 1.3 – Disassembled binary in Hopper

  • Debugging: This is a technique that allows the user to view and modify the state of a program at runtime. The following diagram illustrates the debugging process:
Figure 1.4 – Diagram of the debugging process

Figure 1.4 – Diagram of the debugging process

Understanding the different methodologies and approaches used in reverse engineering is very important. We will be using all these concepts in further chapters of this book.

Now that we have seen the fundamentals of reverse engineering, let's explore how mobile applications, that is, Android and iOS apps, are developed. We will now be looking into the components, structure, and concepts behind the mobile application fundamentals.

Previous Section
End of Section 3
Next Section