Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Mobile App Reverse Engineering
  • Table Of Contents Toc
  • Feedback & Rating feedback
Mobile App Reverse Engineering

Mobile App Reverse Engineering

By : Mishra
4.3 (6)
Buy this Book
close
close
Mobile App Reverse Engineering

Mobile App Reverse Engineering

4.3 (6)
By: Mishra
Buy this Book

Overview of this book

Mobile App Reverse Engineering is a practical guide focused on helping cybersecurity professionals scale up their mobile security skills. With the IT world’s evolution in mobile operating systems, cybercriminals are increasingly focusing their efforts on mobile devices. This book enables you to keep up by discovering security issues through reverse engineering of mobile apps. This book starts with the basics of reverse engineering and teaches you how to set up an isolated virtual machine environment to perform reverse engineering. You’ll then learn about modern tools such as Ghidra and Radare2 to perform reverse engineering on mobile apps as well as understand how Android and iOS apps are developed. Next, you’ll explore different ways to reverse engineer some sample mobile apps developed for this book. As you advance, you’ll learn how reverse engineering can help in penetration testing of Android and iOS apps with the help of case studies. The concluding chapters will show you how to automate the process of reverse engineering and analyzing binaries to find low-hanging security issues. By the end of this reverse engineering book, you’ll have developed the skills you need to be able to reverse engineer Android and iOS apps and streamline the reverse engineering process with confidence.
Table of Contents (13 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
What not to expect from the book
Icon
Download the color images
Icon
Conventions used
Icon
Disclaimer
Icon
Get in touch
Icon
Share Your Thoughts
1
Section 1: Basics of Mobile App Reverse Engineering, Common Tools and Techniques, and Setting up the Environment
Icon
Section 1: Basics of Mobile App Reverse Engineering, Common Tools and Techniques, and Setting up the Environment
Lock Free Chapter
2
Chapter 1: Basics of Reverse Engineering – Understanding the Structure of Mobile Apps
chevron up
Icon
Chapter 1: Basics of Reverse Engineering – Understanding the Structure of Mobile Apps
Icon
Technical requirements
Icon
Reverse engineering fundamentals
Icon
Android application fundamentals
Icon
iOS application fundamentals
Icon
Summary
3
Chapter 2: Setting Up a Mobile App Reverse Engineering Environment Using Modern Tools
Icon
Chapter 2: Setting Up a Mobile App Reverse Engineering Environment Using Modern Tools
Icon
Technical requirements
Icon
Tools for the reverse engineering of mobile applications
Icon
Summary
4
Section 2: Mobile Application Reverse Engineering Methodology and Approach
Icon
Section 2: Mobile Application Reverse Engineering Methodology and Approach
5
Chapter 3: Reverse Engineering an Android Application
Icon
Chapter 3: Reverse Engineering an Android Application
Icon
Technical requirements
Icon
Android application development
Icon
The reverse engineering of Android applications
Icon
Extracting the Java source code
Icon
Converting DEX files to smali
Icon
Reverse engineering and penetration testing
Icon
Modifying and recompiling the application
Icon
Code obfuscation in Android apps
Icon
Summary
6
Chapter 4: Reverse Engineering an iOS Application
Icon
Chapter 4: Reverse Engineering an iOS Application
Icon
Technical requirements
Icon
iOS app development
Icon
Understanding the binary format
Icon
Reverse engineering an iOS app
Icon
Summary
7
Chapter 5: Reverse Engineering an iOS Application (Developed Using Swift)
Icon
Chapter 5: Reverse Engineering an iOS Application (Developed Using Swift)
Icon
Technical requirements
Icon
Understanding the difference between Objective C and Swift applications
Icon
Reverse engineering a Swift application
Icon
Summary
8
Section 3: Automating Some Parts of the Reverse Engineering Process
Icon
Section 3: Automating Some Parts of the Reverse Engineering Process
9
Chapter 6: Open Source and Commercial Reverse Engineering Tools
Icon
Chapter 6: Open Source and Commercial Reverse Engineering Tools
Icon
Technical requirements
Icon
Tools for mobile application reverse engineering
Icon
Case study – reverse engineering during a penetration test
Icon
Case study – reverse engineering during malware analysis
Icon
Summary
10
Chapter 7: Automating the Reverse Engineering Process
Icon
Chapter 7: Automating the Reverse Engineering Process
Icon
Technical requirements
Icon
Automated static analysis of mobile applications
Icon
Case study one – automating reverse engineering tasks
Icon
Case study two – automating test cases to find security issues
Icon
Summary
11
Chapter 8: Conclusion
Icon
Chapter 8: Conclusion
Icon
Excelling in Android application reverse engineering – the way forward
Icon
Excelling in iOS application reverse engineering – the way forward
Icon
Utilizing reverse engineering skills
Icon
Summary
Icon
Why subscribe?
12
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts

Android application fundamentals

Native Android applications are written mainly in Java or Kotlin. The Android SDK tools compile the code along with any data and resource files into an APK or an Android App Bundle. The compiled application is in a specific format, specified by the extension .apk. That is, an Android package is an archive file containing multiple application files and metadata.

Fun Fact

Rename the file extension of an APK to .zip and use unzip to open. You will be able to see its contents.

The following are the major components of an APK:

  • AndroidManifest.xml: The application manifest file containing app details such as the name, version, referenced libraries, and component details in XML format. The Android operating system relies on the presence of this file to identify relevant information about the application and related files.
  • Dalvik executable files (classes.dex files).
  • META-INF:
    • MANIFEST.MF (manifest file)
    • CERT.RSA (certificate of the application)
    • CERT.SF (list of resources with SHA-1 digest of the corresponding lines in the MANIFEST.MF file)
  • lib: This contains the compiled code that is specific to a selection of processors, as follows:
    • armeabi: Compiled code for all ARM-based processors
    • armeabi-v7a: Compiled code for all processors based on ARMv7 and above
    • x86: Compiled code for x86 processors
    • mips: Compiled code for MIPS processors
  • res: Resources that are not compiled into resources.arsc.
  • assets: Contains application assets.
  • resources.arsc: Pre-compiled resources.

    Important Note

    Java code in Android devices does not run in the Java Virtual Machine (JVM). Rather, it is compiled in the Dalvik Executable (DEX) bytecode format. A DEX file contains code that is ultimately executed by Android Runtime.

Let's see how to create a simple hello world application for Android and then unzip it to look at its components:

  1. Android apps are developed using Android Studio. Download and install the latest version of Android Studio from https://developer.android.com/studio:
Figure 1.5 – Creating a new project in Android Studio

Figure 1.5 – Creating a new project in Android Studio

  1. Let's choose the New Project option and select the Empty Activity option:
Figure 1.6 – Selecting project type

Figure 1.6 – Selecting project type

  1. On the next screen, fill in all the details as shown in the following screenshot. You can choose the name as you please:
Figure 1.7 – Project details

Figure 1.7 – Project details

  1. Once you click Finish, a new project will be created for a default activity/screen app.
  2. You can now try to run the app on any attached Android device, or the virtual Android emulator. For the latter, create a virtual Android device from the AVD menu.
  3. Once the app runs successfully, we will try to extract the application package for this app from Android Studio:
Figure 1.8 – Running the app on the emulator

Figure 1.8 – Running the app on the emulator

  1. To get the APK from Android Studio, go to the Build | Build Bundle(s)/APK(s) | Build APK(s) menu option. Once generated, navigate to the folder mentioned in the Locate option and copy the APK.
  2. Once the APK is copied, change the extension of the file to .zip:
Figure 1.9 – Diagram of rename process

Figure 1.9 – Diagram of rename process

  1. Use any archive tool to unzip the file and extract its contents:
    # unzip MARE-Chapter-1.zip

For reference, the result is as follows:

Figure 1.10 – Extracting the content of the APK, after renaming it to .zip

Figure 1.10 – Extracting the content of the APK, after renaming it to .zip

  1. Let's analyze the components inside the APK and compare it with the list here (Android application fundamentals):
Figure 1.11 – Extracted content of the APK

Figure 1.11 – Extracted content of the APK

The following diagram shows the processes of forward and reverse engineering an Android application:

Figure 1.12 – The forward and reverse engineering processes with an Android application

Figure 1.12 – The forward and reverse engineering processes with an Android application

Android applications are mainly developed using Java and Kotlin. The internals of an Android package are the same whether it is based on Java or Kotlin. Therefore, the approach to reverse engineer the application is also the same.

We've now learned about the fundamentals of Android applications. iOS apps are also packaged into a specific format and have a specific structure. Let's look into the iOS application fundamentals now.

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Mobile App Reverse Engineering
End of Section 2
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon