Mobile App Reverse Engineering E-Book

Mobile App Reverse Engineering

Get started with discovering, analyzing, and exploring the internals of Android and iOS apps

Abhinav Mishra

BIRMINGHAM—MUMBAI

Mobile App Reverse Engineering

Copyright © 2022 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Vijin Boricha

Associate Publishing Product Manager: Prachi Sawant

Senior Editor: Athikho Sapuni Rishana

Content Development Editor: Sayali Pingale

Technical Editor: Nithik Cheruvakodan

Copy Editor: Safis Editing

Associate Project Manager: Neil Dmello

Proofreader: Safis Editing

Indexer: Pratik Shirodkar

Production Designer: Prashant Ghare

Marketing Co-ordinator: Hemangi Lotlikar

First published: April 2022

Production reference: 1200422

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

978-1-80107-339-4

www.packt.com

Dedicated to the late Rajendra Singh, a passionate teacher, accomplished author, and learner who inspired many, like me, to seek knowledge above everything else. To my wife, Kanika Singh, for being the support I have always needed. And to my mother and father, for being role models to me and for motivating me.

Contributors

About the author

Abhinav Mishra is the founder and director of Enciphers, a cybersecurity consulting and training company. Abhinav has over a decade of extensive experience in finding and fixing security issues in web, mobile, and infrastructure applications. He has performed penetration tests on more than 500 mobile applications and has discovered thousands of critical vulnerabilities.

Abhinav completed his engineering degree in 2011 and since then has been involved in penetration testing and securing applications and infrastructure. Prior to founding Enciphers, Abhinav worked with Fortune 500 and giant tech companies as part of their security teams. In his spare time, he is a traveler, adventure seeker, and drone hobbyist.

I would like to thank Manoj Jain, a skilled Android developer with almost a decade of experience, and Mohammad Haroon, who is a passionate iOS developer with 12+ years of experience in developing Swift/Objective and C/C++/C apps. Both of them assisted in developing the SecureStorage app, used in the book. Their contribution to this book is highly appreciated.

About the reviewer

Anant Shrivastava is the founder of a research firm named Cyfinoid Research. His last job was as a technical director for NotSoSecure Global Services. He has been active in the Android security field since the early days of Android development (2011). He has been a trainer and speaker at various international conferences (Black Hat – USA, Asia, EU, Nullcon, c0c0n, and many more). Anant also leads the open source projects Android Tamer and Code Vigilant. He also maintains the archive portal named Hacking Archives of India. In his spare time, he likes to take part in open communities geared to spreading information security knowledge, including the null community, Garage4hackers, Hasgeek, and OWASP.

I truly believe all of us in the technical world are standing on the shoulders of giants. The giants for me are the open communities, such as null, Garage4hackers, Hasgeek, and OWASP, where access to information is unrestricted and people are interested in helping one another. I am deeply indebted to all the communities and the people running these communities. I am also thankful to my whole family for providing all the support and tolerating my busy schedule and still standing by my side. I would also like to do a special shout-out to my son, Aarush, whose smile gives me a reason to keep going.

Table of Contents

Preface

Section 1: Basics of Mobile App Reverse Engineering, Common Tools and Techniques, and Setting up the Environment

Chapter 1: Basics of Reverse Engineering – Understanding the Structure of Mobile Apps

Technical requirements

Reverse engineering fundamentals

Android application fundamentals

iOS application fundamentals

Summary

Chapter 2: Setting Up a Mobile App Reverse Engineering Environment Using Modern Tools

Technical requirements

Tools for the reverse engineering of mobile applications

apktool

JADX – Dex-to-Java decompiler

smali/baksmali

strings

Ghidra

Radare

Mobexler virtual machine

Summary

Section 2: Mobile Application Reverse Engineering Methodology and Approach

Chapter 3: Reverse Engineering an Android Application

Technical requirements

Android application development

The reverse engineering of Android applications

Extracting the Java source code

Converting DEX files to smali

Reverse engineering and penetration testing

Modifying and recompiling the application

Code obfuscation in Android apps

Summary

Chapter 4: Reverse Engineering an iOS Application

Technical requirements

iOS app development

Understanding the binary format

Reverse engineering an iOS app

Extracting strings from the binary

Disassembling the application binary

Manually reviewing the disassembled binary for security issues

Using Mac-only tools for iOS app reverse engineering

Summary

Chapter 5: Reverse Engineering an iOS Application (Developed Using Swift)

Technical requirements

Understanding the difference between Objective C and Swift applications

The difference between Objective C and Swift from a reverse engineering perspective

Reverse engineering a Swift application

Installing the Radare2 framework

Using the Radare2 framework to reverse engineer a Swift application

Summary

Section 3: Automating Some Parts of the Reverse Engineering Process

Chapter 6: Open Source and Commercial Reverse Engineering Tools

Technical requirements

Tools for mobile application reverse engineering

Open source mobile application reverse engineering tools

Commercial mobile application reverse engineering tools

Case study – reverse engineering during a penetration test

Case study – reverse engineering during malware analysis

Summary

Chapter 7: Automating the Reverse Engineering Process

Technical requirements

Automated static analysis of mobile applications

MobSF

Performing a static scan on SecureStorage

Case study one – automating reverse engineering tasks

Case study two – automating test cases to find security issues

Summary

Chapter 8: Conclusion

Excelling in Android application reverse engineering – the way forward

Excelling in iOS application reverse engineering – the way forward

Utilizing reverse engineering skills

Exposing unreleased features in an application through reverse engineering

Summary

Other Books You May Enjoy

Section 1: Basics of Mobile App Reverse Engineering, Common Tools and Techniques, and Setting up the Environment

This section explains from scratch the reverse engineering fundamentals, terminologies, the tools used, and setting up an environment using these tools. The chapters will also explain some basic uses for those tools and the structure of mobile apps.

This part of the book comprises the following chapters:

Chapter 1: Basics of Reverse Engineering – Understanding the Structure of Mobile Apps

All of us use cell phones in our daily lives now, and their usage has grown to such a crucial level that people frequently name cell phones as one of the three things you can't live without, after food and water. Cell phones handle almost every task, from managing funds in bank accounts and investments to travel bookings, shopping, and health appointments.

To perform these tasks, cell phones have mobile apps. These apps handle a majority of your data and help you perform tasks.

As these modern mobile apps handle sensitive user information, perform critical tasks, and provide access to a huge array of resources on the internet, the security of the data being handled and the operations performed on it also need to be improved.

A mobile application penetration tester tests the security of mobile applications in order to find vulnerabilities. To find the vulnerabilities, the tester is required to understand the internal working and logics of the application. These details can be found in the source code of the application. However, the penetration testers do not always have the source code to hand, as in the case of a black-box penetration test. During a black-box penetration test, all that the penetration tester has is the application package, that is, the Android Application Package (APK) or iOS App Store Package (IPA