26,39 €
Mobile App Reverse Engineering is a practical guide focused on helping cybersecurity professionals scale up their mobile security skills. With the IT world’s evolution in mobile operating systems, cybercriminals are increasingly focusing their efforts on mobile devices. This book enables you to keep up by discovering security issues through reverse engineering of mobile apps.
This book starts with the basics of reverse engineering and teaches you how to set up an isolated virtual machine environment to perform reverse engineering. You’ll then learn about modern tools such as Ghidra and Radare2 to perform reverse engineering on mobile apps as well as understand how Android and iOS apps are developed. Next, you’ll explore different ways to reverse engineer some sample mobile apps developed for this book. As you advance, you’ll learn how reverse engineering can help in penetration testing of Android and iOS apps with the help of case studies. The concluding chapters will show you how to automate the process of reverse engineering and analyzing binaries to find low-hanging security issues.
By the end of this reverse engineering book, you’ll have developed the skills you need to be able to reverse engineer Android and iOS apps and streamline the reverse engineering process with confidence.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 124
Veröffentlichungsjahr: 2022
Get started with discovering, analyzing, and exploring the internals of Android and iOS apps
Abhinav Mishra
BIRMINGHAM—MUMBAI
Copyright © 2022 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Group Product Manager: Vijin Boricha
Associate Publishing Product Manager: Prachi Sawant
Senior Editor: Athikho Sapuni Rishana
Content Development Editor: Sayali Pingale
Technical Editor: Nithik Cheruvakodan
Copy Editor: Safis Editing
Associate Project Manager: Neil Dmello
Proofreader: Safis Editing
Indexer: Pratik Shirodkar
Production Designer: Prashant Ghare
Marketing Co-ordinator: Hemangi Lotlikar
First published: April 2022
Production reference: 1200422
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
978-1-80107-339-4
www.packt.com
Dedicated to the late Rajendra Singh, a passionate teacher, accomplished author, and learner who inspired many, like me, to seek knowledge above everything else. To my wife, Kanika Singh, for being the support I have always needed. And to my mother and father, for being role models to me and for motivating me.
Abhinav Mishra is the founder and director of Enciphers, a cybersecurity consulting and training company. Abhinav has over a decade of extensive experience in finding and fixing security issues in web, mobile, and infrastructure applications. He has performed penetration tests on more than 500 mobile applications and has discovered thousands of critical vulnerabilities.
Abhinav completed his engineering degree in 2011 and since then has been involved in penetration testing and securing applications and infrastructure. Prior to founding Enciphers, Abhinav worked with Fortune 500 and giant tech companies as part of their security teams. In his spare time, he is a traveler, adventure seeker, and drone hobbyist.
I would like to thank Manoj Jain, a skilled Android developer with almost a decade of experience, and Mohammad Haroon, who is a passionate iOS developer with 12+ years of experience in developing Swift/Objective and C/C++/C apps. Both of them assisted in developing the SecureStorage app, used in the book. Their contribution to this book is highly appreciated.
Anant Shrivastava is the founder of a research firm named Cyfinoid Research. His last job was as a technical director for NotSoSecure Global Services. He has been active in the Android security field since the early days of Android development (2011). He has been a trainer and speaker at various international conferences (Black Hat – USA, Asia, EU, Nullcon, c0c0n, and many more). Anant also leads the open source projects Android Tamer and Code Vigilant. He also maintains the archive portal named Hacking Archives of India. In his spare time, he likes to take part in open communities geared to spreading information security knowledge, including the null community, Garage4hackers, Hasgeek, and OWASP.
I truly believe all of us in the technical world are standing on the shoulders of giants. The giants for me are the open communities, such as null, Garage4hackers, Hasgeek, and OWASP, where access to information is unrestricted and people are interested in helping one another. I am deeply indebted to all the communities and the people running these communities. I am also thankful to my whole family for providing all the support and tolerating my busy schedule and still standing by my side. I would also like to do a special shout-out to my son, Aarush, whose smile gives me a reason to keep going.
This section explains from scratch the reverse engineering fundamentals, terminologies, the tools used, and setting up an environment using these tools. The chapters will also explain some basic uses for those tools and the structure of mobile apps.
This part of the book comprises the following chapters:
Chapter 1, Basics of Reverse Engineering – Understanding the Structure of Mobile AppsChapter 2, Setting Up a Mobile App Reverse Engineering Environment Using Modern ToolsAll of us use cell phones in our daily lives now, and their usage has grown to such a crucial level that people frequently name cell phones as one of the three things you can't live without, after food and water. Cell phones handle almost every task, from managing funds in bank accounts and investments to travel bookings, shopping, and health appointments.
To perform these tasks, cell phones have mobile apps. These apps handle a majority of your data and help you perform tasks.
As these modern mobile apps handle sensitive user information, perform critical tasks, and provide access to a huge array of resources on the internet, the security of the data being handled and the operations performed on it also need to be improved.
A mobile application penetration tester tests the security of mobile applications in order to find vulnerabilities. To find the vulnerabilities, the tester is required to understand the internal working and logics of the application. These details can be found in the source code of the application. However, the penetration testers do not always have the source code to hand, as in the case of a black-box penetration test. During a black-box penetration test, all that the penetration tester has is the application package, that is, the Android Application Package (APK) or iOS App Store Package (IPA