Mobile App Reverse Engineering

Mobile App Reverse Engineering

by Abhinav Mishra
Released May 2022
Publisher(s): Packt Publishing
ISBN: 9781801073394

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Delve into the world of mobile application reverse engineering, learn the fundamentals of how mobile apps are created and their internals, and analyze application binaries to find security issues

Key Features

  • Learn the skills required to reverse engineer mobile applications
  • Understand the internals of iOS and Android application binaries
  • Explore modern reverse engineering tools such as Ghidra, Radare2, Hopper, and more

Book Description

Mobile App Reverse Engineering is a practical guide focused on helping cybersecurity professionals scale up their mobile security skills. With the IT world's evolution in mobile operating systems, cybercriminals are increasingly focusing their efforts on mobile devices. This book enables you to keep up by discovering security issues through reverse engineering of mobile apps.

This book starts with the basics of reverse engineering and teaches you how to set up an isolated virtual machine environment to perform reverse engineering. You'll then learn about modern tools such as Ghidra and Radare2 to perform reverse engineering on mobile apps as well as understand how Android and iOS apps are developed. Next, you'll explore different ways to reverse engineer some sample mobile apps developed for this book. As you advance, you'll learn how reverse engineering can help in penetration testing of Android and iOS apps with the help of case studies. The concluding chapters will show you how to automate the process of reverse engineering and analyzing binaries to find low-hanging security issues.

By the end of this reverse engineering book, you'll have developed the skills you need to be able to reverse engineer Android and iOS apps and streamline the reverse engineering process with confidence.

What you will learn

  • Understand how to set up an environment to perform reverse engineering
  • Discover how Android and iOS application packages are built
  • Reverse engineer Android applications and understand their internals
  • Reverse engineer iOS applications built using Objective C and Swift programming
  • Understand real-world case studies of reverse engineering
  • Automate reverse engineering to discover low-hanging vulnerabilities
  • Understand reverse engineering and how its defense techniques are used in mobile applications

Who this book is for

This book is for cybersecurity professionals, security analysts, mobile application security enthusiasts, and penetration testers interested in understanding the internals of iOS and Android apps through reverse engineering. Basic knowledge of reverse engineering as well as an understanding of mobile operating systems like iOS and Android and how mobile applications work on them are required.

Table of contents

  1. Mobile App Reverse Engineering
  2. Contributors
  3. About the author
  4. About the reviewer
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. What not to expect from the book
    5. Download the color images
    6. Conventions used
    7. Disclaimer
    8. Get in touch
    9. Share Your Thoughts
  6. Section 1: Basics of Mobile App Reverse Engineering, Common Tools and Techniques, and Setting up the Environment
  7. Chapter 1: Basics of Reverse Engineering – Understanding the Structure of Mobile Apps
    1. Technical requirements
    2. Reverse engineering fundamentals
    3. Android application fundamentals
    4. iOS application fundamentals
    5. Summary
  8. Chapter 2: Setting Up a Mobile App Reverse Engineering Environment Using Modern Tools
    1. Technical requirements
    2. Tools for the reverse engineering of mobile applications
      1. apktool
      2. JADX – Dex-to-Java decompiler
      3. smali/baksmali
      4. strings
      5. Ghidra
      6. Radare
      7. Mobexler virtual machine
    3. Summary
  9. Section 2: Mobile Application Reverse Engineering Methodology and Approach
  10. Chapter 3: Reverse Engineering an Android Application
    1. Technical requirements
    2. Android application development
    3. The reverse engineering of Android applications
    4. Extracting the Java source code
    5. Converting DEX files to smali
    6. Reverse engineering and penetration testing
    7. Modifying and recompiling the application
    8. Code obfuscation in Android apps
    9. Summary
  11. Chapter 4: Reverse Engineering an iOS Application
    1. Technical requirements
    2. iOS app development
    3. Understanding the binary format
    4. Reverse engineering an iOS app
      1. Extracting strings from the binary
      2. Disassembling the application binary
      3. Manually reviewing the disassembled binary for security issues
      4. Using Mac-only tools for iOS app reverse engineering
    5. Summary
  12. Chapter 5: Reverse Engineering an iOS Application (Developed Using Swift)
    1. Technical requirements
    2. Understanding the difference between Objective C and Swift applications
      1. The difference between Objective C and Swift from a reverse engineering perspective
    3. Reverse engineering a Swift application
      1. Installing the Radare2 framework
      2. Using the Radare2 framework to reverse engineer a Swift application
    4. Summary
  13. Section 3: Automating Some Parts of the Reverse Engineering Process
  14. Chapter 6: Open Source and Commercial Reverse Engineering Tools
    1. Technical requirements
    2. Tools for mobile application reverse engineering
      1. Open source mobile application reverse engineering tools
      2. Commercial mobile application reverse engineering tools
    3. Case study – reverse engineering during a penetration test
    4. Case study – reverse engineering during malware analysis
    5. Summary
  15. Chapter 7: Automating the Reverse Engineering Process
    1. Technical requirements
    2. Automated static analysis of mobile applications
      1. MobSF
      2. Performing a static scan on SecureStorage
    3. Case study one – automating reverse engineering tasks
    4. Case study two – automating test cases to find security issues
    5. Summary
  16. Chapter 8: Conclusion
    1. Excelling in Android application reverse engineering – the way forward
    2. Excelling in iOS application reverse engineering – the way forward
    3. Utilizing reverse engineering skills
      1. Exposing unreleased features in an application through reverse engineering
    4. Summary
    5. Why subscribe?
  17. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share Your Thoughts

Product information

  • Title: Mobile App Reverse Engineering
  • Author(s): Abhinav Mishra
  • Release date: May 2022
  • Publisher(s): Packt Publishing
  • ISBN: 9781801073394