Rating: 5 out of 5 stars
5/5
Ebook249 pages1 hour
Mobile App Reverse Engineering: Get started with discovering, analyzing, and exploring the internals of Android and iOS apps
Rating: 0 out of 5 stars
()
About this ebook
Mobile App Reverse Engineering is a practical guide focused on helping cybersecurity professionals scale up their mobile security skills. With the IT world’s evolution in mobile operating systems, cybercriminals are increasingly focusing their efforts on mobile devices. This book enables you to keep up by discovering security issues through reverse engineering of mobile apps.
This book starts with the basics of reverse engineering and teaches you how to set up an isolated virtual machine environment to perform reverse engineering. You’ll then learn about modern tools such as Ghidra and Radare2 to perform reverse engineering on mobile apps as well as understand how Android and iOS apps are developed. Next, you’ll explore different ways to reverse engineer some sample mobile apps developed for this book. As you advance, you’ll learn how reverse engineering can help in penetration testing of Android and iOS apps with the help of case studies. The concluding chapters will show you how to automate the process of reverse engineering and analyzing binaries to find low-hanging security issues.
By the end of this reverse engineering book, you’ll have developed the skills you need to be able to reverse engineer Android and iOS apps and streamline the reverse engineering process with confidence.
Related to Mobile App Reverse Engineering
Related ebooks
Learning Pentesting for Android Devices Clean Android Architecture: Take a layered approach to writing clean, testable, and decoupled Android applications Rating: 0 out of 5 stars0 ratingsMy First Mobile App for Students: A comprehensive guide to Android app development for beginners (English Edition) Rating: 0 out of 5 stars0 ratingsLearning iOS Penetration Testing Rating: 0 out of 5 stars0 ratingsCreating iOS apps with Xcode: Learn how to develop your own app (English Edition) Rating: 0 out of 5 stars0 ratingsBuilding Mobile Apps at Scale: 39 Engineering Challenges Rating: 5 out of 5 stars5/5Defending APIs: Uncover advanced defense techniques to craft secure application programming interfaces Rating: 0 out of 5 stars0 ratingsApp Innovator's Guide: Mobile App Development for Android and iOS: Building Cross-Platform Solutions Rating: 0 out of 5 stars0 ratingsBuilding Micro Frontends with React 18: Develop and deploy scalable applications using micro frontend strategies Rating: 0 out of 5 stars0 ratingsPhoneGap and AngularJS for Cross-platform Development Rating: 0 out of 5 stars0 ratingsFundamentals of Android App Development: Android Development for Beginners to Learn Android Technology, SQLite, Firebase and Unity Rating: 0 out of 5 stars0 ratingsMastering iOS 14 Programming: Build professional-grade iOS 14 applications with Swift 5.3 and Xcode 12.4 Rating: 0 out of 5 stars0 ratingsPractical Android: 14 Complete Projects on Advanced Techniques and Approaches Rating: 0 out of 5 stars0 ratingsSecure Edge Computing for IoT Rating: 0 out of 5 stars0 ratingsMastering Android Development Advanced Techniques and Best Practices: programming, #1 Rating: 0 out of 5 stars0 ratingsLearn iOS Application Development: Take Your Mobile App Development Skills to the Next Level with Swift and Xcode (English Edition) Rating: 0 out of 5 stars0 ratingsUltimate SwiftUI Handbook for iOS Developers: A complete guide to native app development for iOS, macOS, watchOS, tvOS, and visionOS Rating: 0 out of 5 stars0 ratingsMobile App Development for Beginners: A Beginner's Guide to Creating Your First App Rating: 0 out of 5 stars0 ratingsFundamentals of IoT: Get familiar with the building blocks of IoT (English Edition) Rating: 0 out of 5 stars0 ratingsBuilding Modern SaaS Applications with C# and .NET: Build, deploy, and maintain professional SaaS applications Rating: 0 out of 5 stars0 ratingsLearning Ionic, Second Edition: Hybrid mobile apps with HTML5, CSS3, and Angular Rating: 0 out of 5 stars0 ratingsGetting Started with UDOO Rating: 0 out of 5 stars0 ratingsMastering OpenCV Android Application Programming Rating: 0 out of 5 stars0 ratings
Networking For You
Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Programming Arduino: Getting Started with Sketches Rating: 4 out of 5 stars4/5CCNA Certification Study Guide, Volume 2: Exam 200-301 Rating: 0 out of 5 stars0 ratingsNetworking All-in-One For Dummies Rating: 5 out of 5 stars5/5Linux Bible Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHome Networking Do-It-Yourself For Dummies Rating: 4 out of 5 stars4/5The Compete Ccna 200-301 Study Guide: Network Engineering Edition Rating: 5 out of 5 stars5/5AWS Certified Cloud Practitioner Study Guide: CLF-C01 Exam Rating: 5 out of 5 stars5/5Networking For Dummies Rating: 5 out of 5 stars5/5Emergency Preparedness and Off-Grid Communication Rating: 3 out of 5 stars3/5Cisco Packet Tracer for Beginners Rating: 5 out of 5 stars5/5A Beginner's Guide to Ham Radio Rating: 0 out of 5 stars0 ratingsThe Windows Command Line Beginner's Guide: Second Edition Rating: 4 out of 5 stars4/5Concise and Simple Guide to IP Subnets Rating: 5 out of 5 stars5/5Raspberry Pi Electronics Projects for the Evil Genius Rating: 3 out of 5 stars3/5Amazon Web Services (AWS) Interview Questions and Answers Rating: 5 out of 5 stars5/5Unlock Any Roku Device: Watch Shows, TV, & Download Apps Rating: 0 out of 5 stars0 ratingsNmap: Network Exploration and Security Auditing Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsCisco Networking All-in-One For Dummies Rating: 4 out of 5 stars4/5Telecosm: How Infinite Bandwidth Will Revolutionize Our World Rating: 4 out of 5 stars4/5Build Your Own VPN Server: A Step by Step Guide: Build Your Own VPN Rating: 0 out of 5 stars0 ratingsPractical Ethical Hacking from Scratch Rating: 5 out of 5 stars5/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsQuantum Computing For Dummies Rating: 0 out of 5 stars0 ratingsSharePoint For Dummies Rating: 0 out of 5 stars0 ratingsTCP / IP For Dummies Rating: 5 out of 5 stars5/5Group Policy: Fundamentals, Security, and the Managed Desktop Rating: 0 out of 5 stars0 ratings
Related podcast episodes
Ionic Framework - An Open-Source SDK for Hybrid Mobile App Development 0% found this document usefulEp. 016, The Continuous Compliance Conundrum: The Continuous Compliance Conundrum 0% found this document usefulWhat's the Best Way to Threat Model? - Nick Selby - ASW #229 0% found this document useful
Related articles
01 Super Apps Are Here, But Are They Secure Enough? HWM SingaporeArticle
01 Super Apps Are Here, But Are They Secure Enough?
May 12, 2023
3 min readThe Security Dilemma Of Iot Devices And Potential Consequences HWM SingaporeArticle
The Security Dilemma Of Iot Devices And Potential Consequences
Jan 10, 2021
3 min read“Be Global But Act Local because Each Economy Is Unique” Business TodayArticle
“Be Global But Act Local because Each Economy Is Unique”
Dec 8, 2023
6 min readHack It Right India TodayArticle
Hack It Right
Jun 13, 2019
After attending the two-day security conference ' BountyCon' organised jointly by Facebook and Google in Singapore in March, Rohit Kumar, a second-year student of BCA (Hons) in computer application from Lovely Professional University (LPU), Punjab, w
4 min readHow To Cyber Security: Software Testing Is Cool HWM SingaporeArticle
How To Cyber Security: Software Testing Is Cool
Jul 3, 2020
4 min readGenerativity: Driving The Promise Of Generative AI The European Business ReviewArticle
Generativity: Driving The Promise Of Generative AI
May 31, 2023
7 min readSupply Chain Attacks TechLifeArticle
Supply Chain Attacks
Aug 23, 2021
4 min readHow Does Generative AI Affect Photo Imaging? Photo ReviewArticle
How Does Generative AI Affect Photo Imaging?
May 30, 2024
Expect to hear a lot more about generative AI this year, not only in association with computer-generated texts and translations, but also for images, voice recordings and even video clips. AI-based tools are increasingly relevant for photo-imaging. S
6 min readTech Trend For 2014: The Risk In BYOD Offices EntrepreneurArticle
Tech Trend For 2014: The Risk In BYOD Offices
Dec 1, 2013
2 min readInterview// Essential Apple User MagazineArticle
Interview//
Mar 29, 2019
3 min readSecurity Experts Predict 2021 HWM SingaporeArticle
Security Experts Predict 2021
Jan 10, 2021
Yes, right after an article about how security predictions may not always come through in the way they are predicted, we’ve rounded up a series of 2021 predictions from the very same experts, and even some hackers. Why? Because unlike previous years,
7 min readSpeech To Text Converter Business TodayArticle
Speech To Text Converter
Jul 23, 2018
1 min readBest Free AV For Android Android AdvisorArticle
Best Free AV For Android
May 3, 2023
4 min readTip Sheet NEED AN APP? THERE'S AN APP FOR THAT Inc.Article
Tip Sheet NEED AN APP? THERE'S AN APP FOR THAT
Nov 1, 2022
WHAT IF YOU COULD build an app for your company without having to hire expensive—and hard-to-find—software developers? That's the promise of low-code and no-code platforms: wresting the power to solve workflow problems from the hands of the engineers
1 min readBitdefender’s Free Virus Scanner: A Good Basic Option MacWorldArticle
Bitdefender’s Free Virus Scanner: A Good Basic Option
Dec 12, 2023
3 min readTaking Guard Business TodayArticle
Taking Guard
Sep 2, 2021
6 min readCustom Software Built on Assembly Line Business TodayArticle
Custom Software Built on Assembly Line
Jun 11, 2018
1 min readNewsdesk Linux FormatArticle
Newsdesk
Dec 13, 2022
OPEN SOURCE FUNDING GitHub, Fastly and Mozilla are all looking for new projects to back, giving a boost to open source development. Small open source projects might be created solely by enthusiasts but most make use of outside developers, often paid
9 min readCybersecurity Made Simple: Taming The Password The European Business ReviewArticle
Cybersecurity Made Simple: Taming The Password
Mar 1, 2022
8 min readBusiness Endpoint Protection 2023 PC Pro MagazineArticle
Business Endpoint Protection 2023
Nov 9, 2023
3 min readiOS SECURITY : ARE YOU SAFE ? TechLife NewsArticle
iOS SECURITY : ARE YOU SAFE ?
Mar 18, 2017
4 min readIntelligently Yours Truly India TodayArticle
Intelligently Yours Truly
Mar 25, 2023
1 min readiOS SECURITY : ARE YOU SAFE ? AppleMagazineArticle
iOS SECURITY : ARE YOU SAFE ?
Mar 17, 2017
4 min readThe Shift MacLifeArticle
The Shift
Mar 30, 2017
As iOS becomes more sophisticated, our apps are beginning to disappear. I don’t mean that we’re downloading fewer apps; on the contrary, we’re downloading more than ever, and Apple recently made its largest quarterly developer payout in App Store his
2 min read‘Open Ports’ Leave a Hole in Smartphone Security FuturityArticle
‘Open Ports’ Leave a Hole in Smartphone Security
May 8, 2017
Smartphone apps that use “open ports” to share and receive data are more vulnerable to security breaches than previously thought, mainly due to the their widespread use in internet communication, a new study suggests. The vulnerability the researcher
3 min readOver The Edge Linux FormatArticle
Over The Edge
Nov 19, 2019
9 min readEveryone Can Code: Programming for the Future AppleMagazineArticle
Everyone Can Code: Programming for the Future
Nov 16, 2017
4 min readProtect Your Endpoints PC Pro MagazineArticle
Protect Your Endpoints
Jul 9, 2020
4 min readA.i. Coding Linux FormatArticle
A.i. Coding
22. August 2023
16 min readIn Conversation with Rajesh Dhuddu Global Head, Blockchain & Metaverse Practice, Tech Mahindra TechfastlyArticle
In Conversation with Rajesh Dhuddu Global Head, Blockchain & Metaverse Practice, Tech Mahindra
Nov 1, 2022
6 min read
Reviews for Mobile App Reverse Engineering
Rating: 0 out of 5 stars
0 ratings
0 ratings0 reviews
Book preview
Mobile App Reverse Engineering - Abhinav Mishra
Cover.png
BIRMINGHAM—MUMBAI
Mobile App Reverse Engineering
Copyright © 2022 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Group Product Manager: Vijin Boricha
Associate Publishing Product Manager: Prachi Sawant
Senior Editor: Athikho Sapuni Rishana
Content Development Editor: Sayali Pingale
Technical Editor: Nithik Cheruvakodan
Copy Editor: Safis Editing
Associate Project Manager: Neil Dmello
Proofreader: Safis Editing
Indexer: Pratik Shirodkar
Production Designer: Prashant Ghare
Marketing Co-ordinator: Hemangi Lotlikar
First published: April 2022
Production reference: 1200422
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
978-1-80107-339-4
www.packt.com
Dedicated to the late Rajendra Singh, a passionate teacher, accomplished author, and learner who inspired many, like me, to seek knowledge above everything else. To my wife, Kanika Singh, for being the support I have always needed. And to my mother and father, for being role models to me and for motivating me.
Contributors
About the author
Abhinav Mishra is the founder and director of Enciphers, a cybersecurity consulting and training company. Abhinav has over a decade of extensive experience in finding and fixing security issues in web, mobile, and infrastructure applications. He has performed penetration tests on more than 500 mobile applications and has discovered thousands of critical vulnerabilities.
Abhinav completed his engineering degree in 2011 and since then has been involved in penetration testing and securing applications and infrastructure. Prior to founding Enciphers, Abhinav worked with Fortune 500 and giant tech companies as part of their security teams. In his spare time, he is a traveler, adventure seeker, and drone hobbyist.
I would like to thank Manoj Jain, a skilled Android developer with almost a decade of experience, and Mohammad Haroon, who is a passionate iOS developer with 12+ years of experience in developing Swift/Objective and C/C++/C apps. Both of them assisted in developing the SecureStorage app, used in the book. Their contribution to this book is highly appreciated.
About the reviewer
Anant Shrivastava is the founder of a research firm named Cyfinoid Research. His last job was as a technical director for NotSoSecure Global Services. He has been active in the Android security field since the early days of Android development (2011). He has been a trainer and speaker at various international conferences (Black Hat – USA, Asia, EU, Nullcon, c0c0n, and many more). Anant also leads the open source projects Android Tamer and Code Vigilant. He also maintains the archive portal named Hacking Archives of India. In his spare time, he likes to take part in open communities geared to spreading information security knowledge, including the null community, Garage4hackers, Hasgeek, and OWASP.
I truly believe all of us in the technical world are standing on the shoulders of giants. The giants for me are the open communities, such as null, Garage4hackers, Hasgeek, and OWASP, where access to information is unrestricted and people are interested in helping one another. I am deeply indebted to all the communities and the people running these communities. I am also thankful to my whole family for providing all the support and tolerating my busy schedule and still standing by my side. I would also like to do a special shout-out to my son, Aarush, whose smile gives me a reason to keep going.
Table of Contents
Preface
Section 1: Basics of Mobile App Reverse Engineering, Common Tools and Techniques, and Setting up the Environment
Chapter 1: Basics of Reverse Engineering – Understanding the Structure of Mobile Apps
Technical requirements
Reverse engineering fundamentals
Android application fundamentals
iOS application fundamentals
Summary
Chapter 2: Setting Up a Mobile App Reverse Engineering Environment Using Modern Tools
Technical requirements
Tools for the reverse engineering of mobile applications
apktool
JADX – Dex-to-Java decompiler
smali/baksmali
strings
Ghidra
Radare
Mobexler virtual machine
Summary
Section 2: Mobile Application Reverse Engineering Methodology and Approach
Chapter 3: Reverse Engineering an Android Application
Technical requirements
Android application development
The reverse engineering of Android applications
Extracting the Java source code
Converting DEX files to smali
Reverse engineering and penetration testing
Modifying and recompiling the application
Code obfuscation in Android apps
Summary
Chapter 4: Reverse Engineering an iOS Application
Technical requirements
iOS app development
Understanding the binary format
Reverse engineering an iOS app
Extracting strings from the binary
Disassembling the application binary
Manually reviewing the disassembled binary for security issues
Using Mac-only tools for iOS app reverse engineering
Summary
Chapter 5: Reverse Engineering an iOS Application (Developed Using Swift)
Technical requirements
Understanding the difference between Objective C and Swift applications
The difference between Objective C and Swift from a reverse engineering perspective
Reverse engineering a Swift application
Installing the Radare2 framework
Using the Radare2 framework to reverse engineer a Swift application
Summary
Section 3: Automating Some Parts of the Reverse Engineering Process
Chapter 6: Open Source and Commercial Reverse Engineering Tools
Technical requirements
Tools for mobile application reverse engineering
Open source mobile application reverse engineering tools
Commercial mobile application reverse engineering tools
Case study – reverse engineering during a penetration test
Case study – reverse engineering during malware analysis
Summary
Chapter 7: Automating the Reverse Engineering Process
Technical requirements
Automated static analysis of mobile applications
MobSF
Performing a static scan on SecureStorage
Case study one – automating reverse engineering tasks
Case study two – automating test cases to find security issues
Summary
Chapter 8: Conclusion
Excelling in Android application reverse engineering – the way forward
Excelling in iOS application reverse engineering – the way forward
Utilizing reverse engineering skills
Exposing unreleased features in an application through reverse engineering
Summary
Other Books You May Enjoy
Preface
Mobile application reverse engineering is an important skill for penetration testers, malware analysts, and application security professionals in general. This book talks about how Android and iOS applications are developed, how to reverse engineer them, different case studies of security issues discovered through reverse engineering, and how to automate the reverse engineering and analysis part.
The book helps in understanding the internals of modern Android and iOS apps and how you can reverse engineer application packages (APK and IPA). Here, you can start your journey of creating a reverse engineering mobile application.
Who this book is for
This book is for cybersecurity professionals, security analysts, mobile application security enthusiasts, and penetration testers interested in understanding the internals of iOS and Android apps through reverse engineering. Basic knowledge of reverse engineering as well as an understanding of mobile operating systems such as iOS and Android and how mobile applications work on them are required.
What this book covers
Chapter 1, Basics of Reverse Engineering – Understanding the Structure of Mobile Apps, talks about the reverse engineering fundamentals, common terminologies, and Android and iOS application fundamentals.
Chapter 2, Setting Up a Mobile App Reverse Engineering Environment Using Modern Tools, gets you familiar with the tools used in the reverse engineering of mobile (Android
Enjoying the preview?
Page 1 of 1