SlideShare a Scribd company logo

Introduction to mobile reversing

J
jduart
Technology
1 of 32
Download to read offline
Introduction to mobile reversing tora@pandas.es jose.duart@zynamics.com
Who are you? • Reverse engineer since late 90s • Malware analysis, binary auditing and behaviour analysis • Mobile and embedded systems reversing as a hobby • Working at Zynamics GmbH
Summary • Windows Mobile • Android • Dalvik VM • Decompilation • iPhone • AppStore DRM • Reversing Objective-C code
Why mobile reversing? • Few years ago: • Lots of java-based mobileOS • Only Symbian and PalmOS were “interesting” • But not much development community • First? mobile malware developed for Symbian, codename Caribe/Cabir, author Vallez/29A • Now: • Android, iPhoneOS, Windows Mobile, Bada...
Why mobile reversing? • More SDK’s, more developers... more interesting stuff
Why mobile reversing? • ... and evil stuff
Windows Mobile Reversing a banking app: BBVA
WM: First Steps • Executable file format: PE • Architecture: ARM • Language: C++ • API: Windows-like
WM: Target • Spanish “banking app”: BBVA • https://www.bbva.es/TLBS/ BBVA_MobiDesc.htm • Versions for Java, RIM, Windows Mobile, iPhone and Android
WM: Analysis
WM: Thoughts • ARM can look a bit hard at first, but is much easier than x86!! • The API is a piece of cake for people with experience in Windows XP/Vista development/reversing. • Easy to debug the targets, emulate the OS and patch apps.
Google Android Reversing a banking app: Wells Fargo
Android: First Steps • Architecture: ARM • API: Dalvik VM based • Two ways of delevolment (SDK/NDK) • Executable file format: Dex/ELF • Language: Java/C++
Android: First Steps
Android: First Steps
Android: First Steps Android Java Source .java .java Binary .dex .class Binary .odex N/A Optimized Packages .apk .jar Reversing DeDexer, Baksmali, JAD, DJ Java Tools DeoDexerant Decompiler, JD-GUI...
Android: Analysis • Sample code
Android: Analysis • DeDexer way .method public onCreate(Landroid/os/Bundle;)V .limit registers 4 ; this: v2 (Lcom/example/android/helloactivity/HelloActivity;) ; parameter[0] : v3 (Landroid/os/Bundle;) .line 36 invoke-super {v2,v3},android/app/Activity/ onCreate ; onCreate(Landroid/os/Bundle;)V .line 40 const/high16 v1,32514 invoke-virtual {v2,v1},com/example/android/ helloactivity/HelloActivity/setContentView ; setContentView (I)V
Android: Analysis • Baksmali way .method public onCreate(Landroid/os/Bundle;)V .registers 4 .parameter "savedInstanceState" .prologue .line 36 invoke-super {p0, p1}, Landroid/app/Activity;->onCreate (Landroid/os/Bundle;)V .line 40 const/high16 v1, 0x7f02 invoke-virtual {p0, v1}, Lcom/example/android/ helloactivity/HelloActivity;->setContentView(I)V
Android: Target • US banking app: Wells Fargo • Downloaded from androlib.com • Also available for iPhone
Android: Analysis II .class public Ldroidheaven/app/wellsfargo/Main; .super Landroid/app/Activity; .source "Main.java" # annotations .annotation system Ldalvik/annotation/MemberClasses; value = { Ldroidheaven/app/wellsfargo/Main$HelloWebViewClient; } .end annotation # instance fields .field webview:Landroid/webkit/WebView;
Android: Thoughts • Decompilers are not ready yet • In the future, it will be similar to Java-reversing • Free emulator: • It’s possible to install apk’s • No access to Android Market :(
Apple iPhone Reversing a banking app: HanaBank
iPhone: First Steps • Executable file format: Mach-O • Architecture: ARM • Language: Objective-C • API: iPhone SDK Framework and libc
iPhone: First Steps • Apps come in IPA packages • ZIP files with executables and resources (images, package info, config files...) • iPhone Simulator works with i386 • Tricky to setup a debug environment • enable ssh access • iphonedbg/gdb
iPhone: First Steps • AppStore • Apps are encrypted, iPhone Mach-O loader is in charge of decryption • GDB and a little understanding of Mach-O headers (otool) can help • Objective-C • 80% calls to msgSend() == lots of fun :)
iPhone: First Steps Typical objective-C callgraph
iPhone: First Steps Callgraph after script (in blue new “msg” subs)
iPhone: Target • Korean banking app: HanaBank • Downloaded from AppStore
iPhone: Analysis • Removing AppStore encryption • Playing with FLIRT signatures • Reversing Objective-C code
iPhone: Thoughts • AppStore DRM is not a big problem • Objective-C can be quite painful • Debug using GDB: • Well known tool, but you need delevoper account or a jailbroken device. • Simulator is not useful for reversing
Questions? !!!

Recommended

ShaREing Is Caring
ShaREing Is CaringShaREing Is Caring
ShaREing Is Caringsporst
 
Packer Genetics: The selfish code
Packer Genetics: The selfish codePacker Genetics: The selfish code
Packer Genetics: The selfish codejduart
 
Bootstrapping iPhone Development
Bootstrapping iPhone DevelopmentBootstrapping iPhone Development
Bootstrapping iPhone DevelopmentThoughtWorks
 
FlawDetector - Rubykaigi2013 LT
FlawDetector - Rubykaigi2013 LT FlawDetector - Rubykaigi2013 LT
FlawDetector - Rubykaigi2013 LT ginriki
 
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)Joxean Koret
 
Assignment1 B 0
Assignment1 B 0Assignment1 B 0
Assignment1 B 0Mahmoud
 
Rootcon X - Reverse Engineering Swift Applications
Rootcon X - Reverse Engineering Swift ApplicationsRootcon X - Reverse Engineering Swift Applications
Rootcon X - Reverse Engineering Swift Applicationseightbit
 
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...Maarten Balliauw
 

Recommended

ShaREing Is Caring
ShaREing Is CaringShaREing Is Caring
ShaREing Is Caringsporst
 
Packer Genetics: The selfish code
Packer Genetics: The selfish codePacker Genetics: The selfish code
Packer Genetics: The selfish codejduart
 
Bootstrapping iPhone Development
Bootstrapping iPhone DevelopmentBootstrapping iPhone Development
Bootstrapping iPhone DevelopmentThoughtWorks
 
FlawDetector - Rubykaigi2013 LT
FlawDetector - Rubykaigi2013 LT FlawDetector - Rubykaigi2013 LT
FlawDetector - Rubykaigi2013 LT ginriki
 
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)Joxean Koret
 
Assignment1 B 0
Assignment1 B 0Assignment1 B 0
Assignment1 B 0Mahmoud
 
Rootcon X - Reverse Engineering Swift Applications
Rootcon X - Reverse Engineering Swift ApplicationsRootcon X - Reverse Engineering Swift Applications
Rootcon X - Reverse Engineering Swift Applicationseightbit
 
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...Maarten Balliauw
 
C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#Hawkman Academy
 
C++ to java
C++ to javaC++ to java
C++ to javaAjmal Ak
 
Wahckon[2] - iOS Runtime Hacking Crash Course
Wahckon[2] - iOS Runtime Hacking Crash CourseWahckon[2] - iOS Runtime Hacking Crash Course
Wahckon[2] - iOS Runtime Hacking Crash Courseeightbit
 
ConFoo Montreal - Approaches for application request throttling
ConFoo Montreal - Approaches for application request throttlingConFoo Montreal - Approaches for application request throttling
ConFoo Montreal - Approaches for application request throttlingMaarten Balliauw
 
Handout 00 0
Handout 00 0Handout 00 0
Handout 00 0Mahmoud
 
C++vs java
C++vs javaC++vs java
C++vs javaPradeep wolf king
 
Net serialization
Net serializationNet serialization
Net serializationGreg Sohl
 
C#
C#C#
C#Gokul Ram
 
Tutorial c#
Tutorial c#Tutorial c#
Tutorial c#Mohammad Faizan
 
Object Oriented Apologetics
Object Oriented ApologeticsObject Oriented Apologetics
Object Oriented ApologeticsVance Lucas
 
Clean Code summary
Clean Code summaryClean Code summary
Clean Code summaryJan de Vries
 
C# features
C# featuresC# features
C# featuressagaroceanic11
 
Tech breakfast 18
Tech breakfast 18Tech breakfast 18
Tech breakfast 18James Leone
 
Introduction to Binary Exploitation
Introduction to Binary Exploitation Introduction to Binary Exploitation
Introduction to Binary Exploitation Cysinfo Cyber Security Community
 
How to really obfuscate your pdf malware
How to really obfuscate your pdf malwareHow to really obfuscate your pdf malware
How to really obfuscate your pdf malwarezynamics GmbH
 
1..Net Framework Architecture-(c#)
1..Net Framework Architecture-(c#)1..Net Framework Architecture-(c#)
1..Net Framework Architecture-(c#)Shoaib Ghachi
 
.NET and C# Introduction
.NET and C# Introduction.NET and C# Introduction
.NET and C# IntroductionSiraj Memon
 
2.Getting Started with C#.Net-(C#)
2.Getting Started with C#.Net-(C#)2.Getting Started with C#.Net-(C#)
2.Getting Started with C#.Net-(C#)Shoaib Ghachi
 
How To Become A Good C# Programmer
How To Become A Good C# ProgrammerHow To Become A Good C# Programmer
How To Become A Good C# ProgrammerLearnItFirst.com
 
ShaREing is Caring
ShaREing is CaringShaREing is Caring
ShaREing is Caringzynamics GmbH
 
0-knowledge fuzzing
0-knowledge fuzzing0-knowledge fuzzing
0-knowledge fuzzingVincenzo Iozzo
 
Uni mannheim debuggers
Uni mannheim debuggersUni mannheim debuggers
Uni mannheim debuggerszynamics GmbH
 

More Related Content

What's hot

C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#Hawkman Academy
 
C++ to java
C++ to javaC++ to java
C++ to javaAjmal Ak
 
Wahckon[2] - iOS Runtime Hacking Crash Course
Wahckon[2] - iOS Runtime Hacking Crash CourseWahckon[2] - iOS Runtime Hacking Crash Course
Wahckon[2] - iOS Runtime Hacking Crash Courseeightbit
 
ConFoo Montreal - Approaches for application request throttling
ConFoo Montreal - Approaches for application request throttlingConFoo Montreal - Approaches for application request throttling
ConFoo Montreal - Approaches for application request throttlingMaarten Balliauw
 
Handout 00 0
Handout 00 0Handout 00 0
Handout 00 0Mahmoud
 
Net serialization
Net serializationNet serialization
Net serializationGreg Sohl
 
Object Oriented Apologetics
Object Oriented ApologeticsObject Oriented Apologetics
Object Oriented ApologeticsVance Lucas
 
Clean Code summary
Clean Code summaryClean Code summary
Clean Code summaryJan de Vries
 
Tech breakfast 18
Tech breakfast 18Tech breakfast 18
Tech breakfast 18James Leone
 
How to really obfuscate your pdf malware
How to really obfuscate your pdf malwareHow to really obfuscate your pdf malware
How to really obfuscate your pdf malwarezynamics GmbH
 
1..Net Framework Architecture-(c#)
1..Net Framework Architecture-(c#)1..Net Framework Architecture-(c#)
1..Net Framework Architecture-(c#)Shoaib Ghachi
 
.NET and C# Introduction
.NET and C# Introduction.NET and C# Introduction
.NET and C# IntroductionSiraj Memon
 
2.Getting Started with C#.Net-(C#)
2.Getting Started with C#.Net-(C#)2.Getting Started with C#.Net-(C#)
2.Getting Started with C#.Net-(C#)Shoaib Ghachi
 
How To Become A Good C# Programmer
How To Become A Good C# ProgrammerHow To Become A Good C# Programmer
How To Become A Good C# ProgrammerLearnItFirst.com
 

What's hot (19)

C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#
 
C++ to java
C++ to javaC++ to java
C++ to java
 
Wahckon[2] - iOS Runtime Hacking Crash Course
Wahckon[2] - iOS Runtime Hacking Crash CourseWahckon[2] - iOS Runtime Hacking Crash Course
Wahckon[2] - iOS Runtime Hacking Crash Course
 
ConFoo Montreal - Approaches for application request throttling
ConFoo Montreal - Approaches for application request throttlingConFoo Montreal - Approaches for application request throttling
ConFoo Montreal - Approaches for application request throttling
 
Handout 00 0
Handout 00 0Handout 00 0
Handout 00 0
 
C++vs java
C++vs javaC++vs java
C++vs java
 
Net serialization
Net serializationNet serialization
Net serialization
 
C#
C#C#
C#
 
Tutorial c#
Tutorial c#Tutorial c#
Tutorial c#
 
Object Oriented Apologetics
Object Oriented ApologeticsObject Oriented Apologetics
Object Oriented Apologetics
 
Clean Code summary
Clean Code summaryClean Code summary
Clean Code summary
 
C# features
C# featuresC# features
C# features
 
Tech breakfast 18
Tech breakfast 18Tech breakfast 18
Tech breakfast 18
 
Introduction to Binary Exploitation
Introduction to Binary Exploitation Introduction to Binary Exploitation
Introduction to Binary Exploitation
 
How to really obfuscate your pdf malware
How to really obfuscate your pdf malwareHow to really obfuscate your pdf malware
How to really obfuscate your pdf malware
 
1..Net Framework Architecture-(c#)
1..Net Framework Architecture-(c#)1..Net Framework Architecture-(c#)
1..Net Framework Architecture-(c#)
 
.NET and C# Introduction
.NET and C# Introduction.NET and C# Introduction
.NET and C# Introduction
 
2.Getting Started with C#.Net-(C#)
2.Getting Started with C#.Net-(C#)2.Getting Started with C#.Net-(C#)
2.Getting Started with C#.Net-(C#)
 
How To Become A Good C# Programmer
How To Become A Good C# ProgrammerHow To Become A Good C# Programmer
How To Become A Good C# Programmer
 

Viewers also liked

Uni mannheim debuggers
Uni mannheim debuggersUni mannheim debuggers
Uni mannheim debuggerszynamics GmbH
 
Architectural Diversity (German)
Architectural Diversity (German)Architectural Diversity (German)
Architectural Diversity (German)zynamics GmbH
 
Tell me that story again
Tell me that story againTell me that story again
Tell me that story againmarkcmarino
 
0-knowledge fuzzing white paper
0-knowledge fuzzing white paper0-knowledge fuzzing white paper
0-knowledge fuzzing white paperVincenzo Iozzo
 
How to really obfuscate your pdf malware
How to really obfuscate your pdf malwareHow to really obfuscate your pdf malware
How to really obfuscate your pdf malwarezynamics GmbH
 
Reverse Engineering iOS apps
Reverse Engineering iOS appsReverse Engineering iOS apps
Reverse Engineering iOS appsMax Bazaliy
 
前列腺癌治疗药物全球研发现状
前列腺癌治疗药物全球研发现状前列腺癌治疗药物全球研发现状
前列腺癌治疗药物全球研发现状shanghq_cn
 
Twitter for Social Care
Twitter for Social CareTwitter for Social Care
Twitter for Social CareDaniel Slee
 
συναντηση υπουργειου πεχωδε
συναντηση υπουργειου πεχωδεσυναντηση υπουργειου πεχωδε
συναντηση υπουργειου πεχωδεATHANASIOS KAVVADAS
 
Opnieuw verliesjaar voor firma Delphine Boël
Opnieuw verliesjaar voor firma Delphine BoëlOpnieuw verliesjaar voor firma Delphine Boël
Opnieuw verliesjaar voor firma Delphine BoëlThierry Debels
 
Data science guide for PASS Summit 2014
Data science guide for PASS Summit 2014Data science guide for PASS Summit 2014
Data science guide for PASS Summit 2014Mark Tabladillo
 
Your Health, Yourself
Your Health, YourselfYour Health, Yourself
Your Health, YourselfOgilvy Health
 
συναντηση υπουργειου αθλητισμου
συναντηση υπουργειου αθλητισμουσυναντηση υπουργειου αθλητισμου
συναντηση υπουργειου αθλητισμουATHANASIOS KAVVADAS
 
Star 8-solar-tile-presentation
Star 8-solar-tile-presentationStar 8-solar-tile-presentation
Star 8-solar-tile-presentationÔng Râu
 
Keith hopper - General Assembly Product Roundtable
Keith hopper - General Assembly Product RoundtableKeith hopper - General Assembly Product Roundtable
Keith hopper - General Assembly Product Roundtablehopperomatic
 
今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of Malaysia
今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of Malaysia今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of Malaysia
今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of MalaysiaYama San
 
Himpervinculos 1 km
Himpervinculos 1 kmHimpervinculos 1 km
Himpervinculos 1 kmKatia Vega
 

Viewers also liked (20)

ShaREing is Caring
ShaREing is CaringShaREing is Caring
ShaREing is Caring
 
0-knowledge fuzzing
0-knowledge fuzzing0-knowledge fuzzing
0-knowledge fuzzing
 
Uni mannheim debuggers
Uni mannheim debuggersUni mannheim debuggers
Uni mannheim debuggers
 
Architectural Diversity (German)
Architectural Diversity (German)Architectural Diversity (German)
Architectural Diversity (German)
 
Tell me that story again
Tell me that story againTell me that story again
Tell me that story again
 
0-knowledge fuzzing white paper
0-knowledge fuzzing white paper0-knowledge fuzzing white paper
0-knowledge fuzzing white paper
 
How to really obfuscate your pdf malware
How to really obfuscate your pdf malwareHow to really obfuscate your pdf malware
How to really obfuscate your pdf malware
 
Reverse Engineering iOS apps
Reverse Engineering iOS appsReverse Engineering iOS apps
Reverse Engineering iOS apps
 
前列腺癌治疗药物全球研发现状
前列腺癌治疗药物全球研发现状前列腺癌治疗药物全球研发现状
前列腺癌治疗药物全球研发现状
 
Twitter for Social Care
Twitter for Social CareTwitter for Social Care
Twitter for Social Care
 
συναντηση υπουργειου πεχωδε
συναντηση υπουργειου πεχωδεσυναντηση υπουργειου πεχωδε
συναντηση υπουργειου πεχωδε
 
Opnieuw verliesjaar voor firma Delphine Boël
Opnieuw verliesjaar voor firma Delphine BoëlOpnieuw verliesjaar voor firma Delphine Boël
Opnieuw verliesjaar voor firma Delphine Boël
 
Data science guide for PASS Summit 2014
Data science guide for PASS Summit 2014Data science guide for PASS Summit 2014
Data science guide for PASS Summit 2014
 
Your Health, Yourself
Your Health, YourselfYour Health, Yourself
Your Health, Yourself
 
συναντηση υπουργειου αθλητισμου
συναντηση υπουργειου αθλητισμουσυναντηση υπουργειου αθλητισμου
συναντηση υπουργειου αθλητισμου
 
Star 8-solar-tile-presentation
Star 8-solar-tile-presentationStar 8-solar-tile-presentation
Star 8-solar-tile-presentation
 
Take care of your feet for a lifetime
Take care of your feet for a lifetimeTake care of your feet for a lifetime
Take care of your feet for a lifetime
 
Keith hopper - General Assembly Product Roundtable
Keith hopper - General Assembly Product RoundtableKeith hopper - General Assembly Product Roundtable
Keith hopper - General Assembly Product Roundtable
 
今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of Malaysia
今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of Malaysia今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of Malaysia
今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of Malaysia
 
Himpervinculos 1 km
Himpervinculos 1 kmHimpervinculos 1 km
Himpervinculos 1 km
 

Similar to Introduction to mobile reversing

Ember Conf 2016: Building Mobile Apps with Ember
Ember Conf 2016: Building Mobile Apps with EmberEmber Conf 2016: Building Mobile Apps with Ember
Ember Conf 2016: Building Mobile Apps with EmberAlex Blom
 
Mono for Android... for Google Devs
Mono for Android... for Google DevsMono for Android... for Google Devs
Mono for Android... for Google DevsCraig Dunn
 
The Great Mobile Debate: Native vs. Hybrid App Development
The Great Mobile Debate: Native vs. Hybrid App DevelopmentThe Great Mobile Debate: Native vs. Hybrid App Development
The Great Mobile Debate: Native vs. Hybrid App DevelopmentNick Landry
 
Building Effective and Rapid Applications with IBM MobileFirst Platform
Building Effective and Rapid Applications with IBM MobileFirst PlatformBuilding Effective and Rapid Applications with IBM MobileFirst Platform
Building Effective and Rapid Applications with IBM MobileFirst PlatformAndrew Ferrier
 
Building Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGap
Building Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGapBuilding Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGap
Building Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGapNick Landry
 
Outsmarting SmartPhones
Outsmarting SmartPhonesOutsmarting SmartPhones
Outsmarting SmartPhonessaurabhharit
 
Rapid Prototyping with Cordova aka Phonegap
Rapid Prototyping with Cordova aka PhonegapRapid Prototyping with Cordova aka Phonegap
Rapid Prototyping with Cordova aka PhonegapJosue Bustos
 
[2015/2016] Apache Cordova
[2015/2016] Apache Cordova[2015/2016] Apache Cordova
[2015/2016] Apache CordovaIvano Malavolta
 
NCDevCon 2017 - Cross Platform Mobile Apps
NCDevCon 2017 - Cross Platform Mobile AppsNCDevCon 2017 - Cross Platform Mobile Apps
NCDevCon 2017 - Cross Platform Mobile AppsJohn M. Wargo
 
Android Development: The Basics
Android Development: The BasicsAndroid Development: The Basics
Android Development: The BasicsMike Desjardins
 
Developing a native mobile apps using Ionic&Cordova
Developing a native mobile apps using Ionic&CordovaDeveloping a native mobile apps using Ionic&Cordova
Developing a native mobile apps using Ionic&CordovaDamir Beylkhanov
 
Mobile Vue.js – From PWA to Native
Mobile Vue.js – From PWA to NativeMobile Vue.js – From PWA to Native
Mobile Vue.js – From PWA to NativeMartinSotirov
 
HTML5 Can't Do That
HTML5 Can't Do ThatHTML5 Can't Do That
HTML5 Can't Do ThatNathan Smith
 
Android complete basic Guide
Android complete basic GuideAndroid complete basic Guide
Android complete basic GuideAKASH SINGH
 
Domo Arigato Mr. Roboto - Open Source Bridge 2009
Domo Arigato Mr. Roboto - Open Source Bridge 2009Domo Arigato Mr. Roboto - Open Source Bridge 2009
Domo Arigato Mr. Roboto - Open Source Bridge 2009sullis
 

Similar to Introduction to mobile reversing (20)

Android - Anroid Pproject
Android - Anroid PprojectAndroid - Anroid Pproject
Android - Anroid Pproject
 
Ember Conf 2016: Building Mobile Apps with Ember
Ember Conf 2016: Building Mobile Apps with EmberEmber Conf 2016: Building Mobile Apps with Ember
Ember Conf 2016: Building Mobile Apps with Ember
 
Mono for Android... for Google Devs
Mono for Android... for Google DevsMono for Android... for Google Devs
Mono for Android... for Google Devs
 
The Great Mobile Debate: Native vs. Hybrid App Development
The Great Mobile Debate: Native vs. Hybrid App DevelopmentThe Great Mobile Debate: Native vs. Hybrid App Development
The Great Mobile Debate: Native vs. Hybrid App Development
 
Building Effective and Rapid Applications with IBM MobileFirst Platform
Building Effective and Rapid Applications with IBM MobileFirst PlatformBuilding Effective and Rapid Applications with IBM MobileFirst Platform
Building Effective and Rapid Applications with IBM MobileFirst Platform
 
Xamarin v.Now
Xamarin v.NowXamarin v.Now
Xamarin v.Now
 
Introduction to android
Introduction to androidIntroduction to android
Introduction to android
 
Talk (2)
Talk (2)Talk (2)
Talk (2)
 
Building Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGap
Building Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGapBuilding Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGap
Building Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGap
 
Outsmarting SmartPhones
Outsmarting SmartPhonesOutsmarting SmartPhones
Outsmarting SmartPhones
 
Rapid Prototyping with Cordova aka Phonegap
Rapid Prototyping with Cordova aka PhonegapRapid Prototyping with Cordova aka Phonegap
Rapid Prototyping with Cordova aka Phonegap
 
[2015/2016] Apache Cordova
[2015/2016] Apache Cordova[2015/2016] Apache Cordova
[2015/2016] Apache Cordova
 
NCDevCon 2017 - Cross Platform Mobile Apps
NCDevCon 2017 - Cross Platform Mobile AppsNCDevCon 2017 - Cross Platform Mobile Apps
NCDevCon 2017 - Cross Platform Mobile Apps
 
Android Development: The Basics
Android Development: The BasicsAndroid Development: The Basics
Android Development: The Basics
 
Future of Mobile
Future of MobileFuture of Mobile
Future of Mobile
 
Developing a native mobile apps using Ionic&Cordova
Developing a native mobile apps using Ionic&CordovaDeveloping a native mobile apps using Ionic&Cordova
Developing a native mobile apps using Ionic&Cordova
 
Mobile Vue.js – From PWA to Native
Mobile Vue.js – From PWA to NativeMobile Vue.js – From PWA to Native
Mobile Vue.js – From PWA to Native
 
HTML5 Can't Do That
HTML5 Can't Do ThatHTML5 Can't Do That
HTML5 Can't Do That
 
Android complete basic Guide
Android complete basic GuideAndroid complete basic Guide
Android complete basic Guide
 
Domo Arigato Mr. Roboto - Open Source Bridge 2009
Domo Arigato Mr. Roboto - Open Source Bridge 2009Domo Arigato Mr. Roboto - Open Source Bridge 2009
Domo Arigato Mr. Roboto - Open Source Bridge 2009
 

Recently uploaded

What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024Stephanie Beckett
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxAbida Shariff
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Product School
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Alison B. Lowndes
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...Product School
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsExpeed Software
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupCatarinaPereira64715
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsStefano
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backElena Simperl
 

Recently uploaded (20)

What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 

Introduction to mobile reversing

  • 1. Introduction to mobile reversing tora@pandas.es jose.duart@zynamics.com
  • 2. Who are you? • Reverse engineer since late 90s • Malware analysis, binary auditing and behaviour analysis • Mobile and embedded systems reversing as a hobby • Working at Zynamics GmbH
  • 3. Summary • Windows Mobile • Android • Dalvik VM • Decompilation • iPhone • AppStore DRM • Reversing Objective-C code
  • 4. Why mobile reversing? • Few years ago: • Lots of java-based mobileOS • Only Symbian and PalmOS were “interesting” • But not much development community • First? mobile malware developed for Symbian, codename Caribe/Cabir, author Vallez/29A • Now: • Android, iPhoneOS, Windows Mobile, Bada...
  • 5. Why mobile reversing? • More SDK’s, more developers... more interesting stuff
  • 6. Why mobile reversing? • ... and evil stuff
  • 7. Windows Mobile Reversing a banking app: BBVA
  • 8. WM: First Steps • Executable file format: PE • Architecture: ARM • Language: C++ • API: Windows-like
  • 9. WM: Target • Spanish “banking app”: BBVA • https://www.bbva.es/TLBS/ BBVA_MobiDesc.htm • Versions for Java, RIM, Windows Mobile, iPhone and Android
  • 11. WM: Thoughts • ARM can look a bit hard at first, but is much easier than x86!! • The API is a piece of cake for people with experience in Windows XP/Vista development/reversing. • Easy to debug the targets, emulate the OS and patch apps.
  • 12. Google Android Reversing a banking app: Wells Fargo
  • 13. Android: First Steps • Architecture: ARM • API: Dalvik VM based • Two ways of delevolment (SDK/NDK) • Executable file format: Dex/ELF • Language: Java/C++
  • 16. Android: First Steps Android Java Source .java .java Binary .dex .class Binary .odex N/A Optimized Packages .apk .jar Reversing DeDexer, Baksmali, JAD, DJ Java Tools DeoDexerant Decompiler, JD-GUI...
  • 18. Android: Analysis • DeDexer way .method public onCreate(Landroid/os/Bundle;)V .limit registers 4 ; this: v2 (Lcom/example/android/helloactivity/HelloActivity;) ; parameter[0] : v3 (Landroid/os/Bundle;) .line 36 invoke-super {v2,v3},android/app/Activity/ onCreate ; onCreate(Landroid/os/Bundle;)V .line 40 const/high16 v1,32514 invoke-virtual {v2,v1},com/example/android/ helloactivity/HelloActivity/setContentView ; setContentView (I)V
  • 19. Android: Analysis • Baksmali way .method public onCreate(Landroid/os/Bundle;)V .registers 4 .parameter "savedInstanceState" .prologue .line 36 invoke-super {p0, p1}, Landroid/app/Activity;->onCreate (Landroid/os/Bundle;)V .line 40 const/high16 v1, 0x7f02 invoke-virtual {p0, v1}, Lcom/example/android/ helloactivity/HelloActivity;->setContentView(I)V
  • 20. Android: Target • US banking app: Wells Fargo • Downloaded from androlib.com • Also available for iPhone
  • 21. Android: Analysis II .class public Ldroidheaven/app/wellsfargo/Main; .super Landroid/app/Activity; .source "Main.java" # annotations .annotation system Ldalvik/annotation/MemberClasses; value = { Ldroidheaven/app/wellsfargo/Main$HelloWebViewClient; } .end annotation # instance fields .field webview:Landroid/webkit/WebView;
  • 22. Android: Thoughts • Decompilers are not ready yet • In the future, it will be similar to Java-reversing • Free emulator: • It’s possible to install apk’s • No access to Android Market :(
  • 23. Apple iPhone Reversing a banking app: HanaBank
  • 24. iPhone: First Steps • Executable file format: Mach-O • Architecture: ARM • Language: Objective-C • API: iPhone SDK Framework and libc
  • 25. iPhone: First Steps • Apps come in IPA packages • ZIP files with executables and resources (images, package info, config files...) • iPhone Simulator works with i386 • Tricky to setup a debug environment • enable ssh access • iphonedbg/gdb
  • 26. iPhone: First Steps • AppStore • Apps are encrypted, iPhone Mach-O loader is in charge of decryption • GDB and a little understanding of Mach-O headers (otool) can help • Objective-C • 80% calls to msgSend() == lots of fun :)
  • 27. iPhone: First Steps Typical objective-C callgraph
  • 28. iPhone: First Steps Callgraph after script (in blue new “msg” subs)
  • 29. iPhone: Target • Korean banking app: HanaBank • Downloaded from AppStore
  • 30. iPhone: Analysis • Removing AppStore encryption • Playing with FLIRT signatures • Reversing Objective-C code
  • 31. iPhone: Thoughts • AppStore DRM is not a big problem • Objective-C can be quite painful • Debug using GDB: • Well known tool, but you need delevoper account or a jailbroken device. • Simulator is not useful for reversing
  • 32. Questions? !!!