SlideShare una empresa de Scribd logo

Introduction to mobile reversing

J
jduart
Tecnología
1 de 32
Descargar para leer sin conexión
Introduction to mobile reversing tora@pandas.es jose.duart@zynamics.com
Who are you? • Reverse engineer since late 90s • Malware analysis, binary auditing and behaviour analysis • Mobile and embedded systems reversing as a hobby • Working at Zynamics GmbH
Summary • Windows Mobile • Android • Dalvik VM • Decompilation • iPhone • AppStore DRM • Reversing Objective-C code
Why mobile reversing? • Few years ago: • Lots of java-based mobileOS • Only Symbian and PalmOS were “interesting” • But not much development community • First? mobile malware developed for Symbian, codename Caribe/Cabir, author Vallez/29A • Now: • Android, iPhoneOS, Windows Mobile, Bada...
Why mobile reversing? • More SDK’s, more developers... more interesting stuff
Why mobile reversing? • ... and evil stuff
Windows Mobile Reversing a banking app: BBVA
WM: First Steps • Executable file format: PE • Architecture: ARM • Language: C++ • API: Windows-like
WM: Target • Spanish “banking app”: BBVA • https://www.bbva.es/TLBS/ BBVA_MobiDesc.htm • Versions for Java, RIM, Windows Mobile, iPhone and Android
WM: Analysis
WM: Thoughts • ARM can look a bit hard at first, but is much easier than x86!! • The API is a piece of cake for people with experience in Windows XP/Vista development/reversing. • Easy to debug the targets, emulate the OS and patch apps.
Google Android Reversing a banking app: Wells Fargo
Android: First Steps • Architecture: ARM • API: Dalvik VM based • Two ways of delevolment (SDK/NDK) • Executable file format: Dex/ELF • Language: Java/C++
Android: First Steps
Android: First Steps
Android: First Steps Android Java Source .java .java Binary .dex .class Binary .odex N/A Optimized Packages .apk .jar Reversing DeDexer, Baksmali, JAD, DJ Java Tools DeoDexerant Decompiler, JD-GUI...
Android: Analysis • Sample code
Android: Analysis • DeDexer way .method public onCreate(Landroid/os/Bundle;)V .limit registers 4 ; this: v2 (Lcom/example/android/helloactivity/HelloActivity;) ; parameter[0] : v3 (Landroid/os/Bundle;) .line 36 invoke-super {v2,v3},android/app/Activity/ onCreate ; onCreate(Landroid/os/Bundle;)V .line 40 const/high16 v1,32514 invoke-virtual {v2,v1},com/example/android/ helloactivity/HelloActivity/setContentView ; setContentView (I)V
Android: Analysis • Baksmali way .method public onCreate(Landroid/os/Bundle;)V .registers 4 .parameter "savedInstanceState" .prologue .line 36 invoke-super {p0, p1}, Landroid/app/Activity;->onCreate (Landroid/os/Bundle;)V .line 40 const/high16 v1, 0x7f02 invoke-virtual {p0, v1}, Lcom/example/android/ helloactivity/HelloActivity;->setContentView(I)V
Android: Target • US banking app: Wells Fargo • Downloaded from androlib.com • Also available for iPhone
Android: Analysis II .class public Ldroidheaven/app/wellsfargo/Main; .super Landroid/app/Activity; .source "Main.java" # annotations .annotation system Ldalvik/annotation/MemberClasses; value = { Ldroidheaven/app/wellsfargo/Main$HelloWebViewClient; } .end annotation # instance fields .field webview:Landroid/webkit/WebView;
Android: Thoughts • Decompilers are not ready yet • In the future, it will be similar to Java-reversing • Free emulator: • It’s possible to install apk’s • No access to Android Market :(
Apple iPhone Reversing a banking app: HanaBank
iPhone: First Steps • Executable file format: Mach-O • Architecture: ARM • Language: Objective-C • API: iPhone SDK Framework and libc
iPhone: First Steps • Apps come in IPA packages • ZIP files with executables and resources (images, package info, config files...) • iPhone Simulator works with i386 • Tricky to setup a debug environment • enable ssh access • iphonedbg/gdb
iPhone: First Steps • AppStore • Apps are encrypted, iPhone Mach-O loader is in charge of decryption • GDB and a little understanding of Mach-O headers (otool) can help • Objective-C • 80% calls to msgSend() == lots of fun :)
iPhone: First Steps Typical objective-C callgraph
iPhone: First Steps Callgraph after script (in blue new “msg” subs)
iPhone: Target • Korean banking app: HanaBank • Downloaded from AppStore
iPhone: Analysis • Removing AppStore encryption • Playing with FLIRT signatures • Reversing Objective-C code
iPhone: Thoughts • AppStore DRM is not a big problem • Objective-C can be quite painful • Debug using GDB: • Well known tool, but you need delevoper account or a jailbroken device. • Simulator is not useful for reversing
Questions? !!!

Recomendados

ShaREing Is Caring
ShaREing Is CaringShaREing Is Caring
ShaREing Is Caringsporst
 
Packer Genetics: The selfish code
Packer Genetics: The selfish codePacker Genetics: The selfish code
Packer Genetics: The selfish codejduart
 
Bootstrapping iPhone Development
Bootstrapping iPhone DevelopmentBootstrapping iPhone Development
Bootstrapping iPhone DevelopmentThoughtWorks
 
FlawDetector - Rubykaigi2013 LT
FlawDetector - Rubykaigi2013 LT FlawDetector - Rubykaigi2013 LT
FlawDetector - Rubykaigi2013 LT ginriki
 
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)Joxean Koret
 
Assignment1 B 0
Assignment1 B 0Assignment1 B 0
Assignment1 B 0Mahmoud
 
Rootcon X - Reverse Engineering Swift Applications
Rootcon X - Reverse Engineering Swift ApplicationsRootcon X - Reverse Engineering Swift Applications
Rootcon X - Reverse Engineering Swift Applicationseightbit
 
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...Maarten Balliauw
 

Recomendados

ShaREing Is Caring
ShaREing Is CaringShaREing Is Caring
ShaREing Is Caringsporst
 
Packer Genetics: The selfish code
Packer Genetics: The selfish codePacker Genetics: The selfish code
Packer Genetics: The selfish codejduart
 
Bootstrapping iPhone Development
Bootstrapping iPhone DevelopmentBootstrapping iPhone Development
Bootstrapping iPhone DevelopmentThoughtWorks
 
FlawDetector - Rubykaigi2013 LT
FlawDetector - Rubykaigi2013 LT FlawDetector - Rubykaigi2013 LT
FlawDetector - Rubykaigi2013 LT ginriki
 
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)Joxean Koret
 
Assignment1 B 0
Assignment1 B 0Assignment1 B 0
Assignment1 B 0Mahmoud
 
Rootcon X - Reverse Engineering Swift Applications
Rootcon X - Reverse Engineering Swift ApplicationsRootcon X - Reverse Engineering Swift Applications
Rootcon X - Reverse Engineering Swift Applicationseightbit
 
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...Maarten Balliauw
 
C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#Hawkman Academy
 
C++ to java
C++ to javaC++ to java
C++ to javaAjmal Ak
 
Wahckon[2] - iOS Runtime Hacking Crash Course
Wahckon[2] - iOS Runtime Hacking Crash CourseWahckon[2] - iOS Runtime Hacking Crash Course
Wahckon[2] - iOS Runtime Hacking Crash Courseeightbit
 
ConFoo Montreal - Approaches for application request throttling
ConFoo Montreal - Approaches for application request throttlingConFoo Montreal - Approaches for application request throttling
ConFoo Montreal - Approaches for application request throttlingMaarten Balliauw
 
Handout 00 0
Handout 00 0Handout 00 0
Handout 00 0Mahmoud
 
C++vs java
C++vs javaC++vs java
C++vs javaPradeep wolf king
 
Net serialization
Net serializationNet serialization
Net serializationGreg Sohl
 
C#
C#C#
C#Gokul Ram
 
Tutorial c#
Tutorial c#Tutorial c#
Tutorial c#Mohammad Faizan
 
Object Oriented Apologetics
Object Oriented ApologeticsObject Oriented Apologetics
Object Oriented ApologeticsVance Lucas
 
Clean Code summary
Clean Code summaryClean Code summary
Clean Code summaryJan de Vries
 
C# features
C# featuresC# features
C# featuressagaroceanic11
 
Tech breakfast 18
Tech breakfast 18Tech breakfast 18
Tech breakfast 18James Leone
 
Introduction to Binary Exploitation
Introduction to Binary Exploitation Introduction to Binary Exploitation
Introduction to Binary Exploitation Cysinfo Cyber Security Community
 
How to really obfuscate your pdf malware
How to really obfuscate your pdf malwareHow to really obfuscate your pdf malware
How to really obfuscate your pdf malwarezynamics GmbH
 
1..Net Framework Architecture-(c#)
1..Net Framework Architecture-(c#)1..Net Framework Architecture-(c#)
1..Net Framework Architecture-(c#)Shoaib Ghachi
 
.NET and C# Introduction
.NET and C# Introduction.NET and C# Introduction
.NET and C# IntroductionSiraj Memon
 
2.Getting Started with C#.Net-(C#)
2.Getting Started with C#.Net-(C#)2.Getting Started with C#.Net-(C#)
2.Getting Started with C#.Net-(C#)Shoaib Ghachi
 
How To Become A Good C# Programmer
How To Become A Good C# ProgrammerHow To Become A Good C# Programmer
How To Become A Good C# ProgrammerLearnItFirst.com
 
ShaREing is Caring
ShaREing is CaringShaREing is Caring
ShaREing is Caringzynamics GmbH
 
0-knowledge fuzzing
0-knowledge fuzzing0-knowledge fuzzing
0-knowledge fuzzingVincenzo Iozzo
 
Uni mannheim debuggers
Uni mannheim debuggersUni mannheim debuggers
Uni mannheim debuggerszynamics GmbH
 

Más contenido relacionado

La actualidad más candente

C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#Hawkman Academy
 
C++ to java
C++ to javaC++ to java
C++ to javaAjmal Ak
 
Wahckon[2] - iOS Runtime Hacking Crash Course
Wahckon[2] - iOS Runtime Hacking Crash CourseWahckon[2] - iOS Runtime Hacking Crash Course
Wahckon[2] - iOS Runtime Hacking Crash Courseeightbit
 
ConFoo Montreal - Approaches for application request throttling
ConFoo Montreal - Approaches for application request throttlingConFoo Montreal - Approaches for application request throttling
ConFoo Montreal - Approaches for application request throttlingMaarten Balliauw
 
Handout 00 0
Handout 00 0Handout 00 0
Handout 00 0Mahmoud
 
Net serialization
Net serializationNet serialization
Net serializationGreg Sohl
 
Object Oriented Apologetics
Object Oriented ApologeticsObject Oriented Apologetics
Object Oriented ApologeticsVance Lucas
 
Clean Code summary
Clean Code summaryClean Code summary
Clean Code summaryJan de Vries
 
Tech breakfast 18
Tech breakfast 18Tech breakfast 18
Tech breakfast 18James Leone
 
How to really obfuscate your pdf malware
How to really obfuscate your pdf malwareHow to really obfuscate your pdf malware
How to really obfuscate your pdf malwarezynamics GmbH
 
1..Net Framework Architecture-(c#)
1..Net Framework Architecture-(c#)1..Net Framework Architecture-(c#)
1..Net Framework Architecture-(c#)Shoaib Ghachi
 
.NET and C# Introduction
.NET and C# Introduction.NET and C# Introduction
.NET and C# IntroductionSiraj Memon
 
2.Getting Started with C#.Net-(C#)
2.Getting Started with C#.Net-(C#)2.Getting Started with C#.Net-(C#)
2.Getting Started with C#.Net-(C#)Shoaib Ghachi
 
How To Become A Good C# Programmer
How To Become A Good C# ProgrammerHow To Become A Good C# Programmer
How To Become A Good C# ProgrammerLearnItFirst.com
 

La actualidad más candente (19)

C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#
 
C++ to java
C++ to javaC++ to java
C++ to java
 
Wahckon[2] - iOS Runtime Hacking Crash Course
Wahckon[2] - iOS Runtime Hacking Crash CourseWahckon[2] - iOS Runtime Hacking Crash Course
Wahckon[2] - iOS Runtime Hacking Crash Course
 
ConFoo Montreal - Approaches for application request throttling
ConFoo Montreal - Approaches for application request throttlingConFoo Montreal - Approaches for application request throttling
ConFoo Montreal - Approaches for application request throttling
 
Handout 00 0
Handout 00 0Handout 00 0
Handout 00 0
 
C++vs java
C++vs javaC++vs java
C++vs java
 
Net serialization
Net serializationNet serialization
Net serialization
 
C#
C#C#
C#
 
Tutorial c#
Tutorial c#Tutorial c#
Tutorial c#
 
Object Oriented Apologetics
Object Oriented ApologeticsObject Oriented Apologetics
Object Oriented Apologetics
 
Clean Code summary
Clean Code summaryClean Code summary
Clean Code summary
 
C# features
C# featuresC# features
C# features
 
Tech breakfast 18
Tech breakfast 18Tech breakfast 18
Tech breakfast 18
 
Introduction to Binary Exploitation
Introduction to Binary Exploitation Introduction to Binary Exploitation
Introduction to Binary Exploitation
 
How to really obfuscate your pdf malware
How to really obfuscate your pdf malwareHow to really obfuscate your pdf malware
How to really obfuscate your pdf malware
 
1..Net Framework Architecture-(c#)
1..Net Framework Architecture-(c#)1..Net Framework Architecture-(c#)
1..Net Framework Architecture-(c#)
 
.NET and C# Introduction
.NET and C# Introduction.NET and C# Introduction
.NET and C# Introduction
 
2.Getting Started with C#.Net-(C#)
2.Getting Started with C#.Net-(C#)2.Getting Started with C#.Net-(C#)
2.Getting Started with C#.Net-(C#)
 
How To Become A Good C# Programmer
How To Become A Good C# ProgrammerHow To Become A Good C# Programmer
How To Become A Good C# Programmer
 

Destacado

Uni mannheim debuggers
Uni mannheim debuggersUni mannheim debuggers
Uni mannheim debuggerszynamics GmbH
 
Architectural Diversity (German)
Architectural Diversity (German)Architectural Diversity (German)
Architectural Diversity (German)zynamics GmbH
 
Tell me that story again
Tell me that story againTell me that story again
Tell me that story againmarkcmarino
 
0-knowledge fuzzing white paper
0-knowledge fuzzing white paper0-knowledge fuzzing white paper
0-knowledge fuzzing white paperVincenzo Iozzo
 
How to really obfuscate your pdf malware
How to really obfuscate your pdf malwareHow to really obfuscate your pdf malware
How to really obfuscate your pdf malwarezynamics GmbH
 
Reverse Engineering iOS apps
Reverse Engineering iOS appsReverse Engineering iOS apps
Reverse Engineering iOS appsMax Bazaliy
 
前列腺癌治疗药物全球研发现状
前列腺癌治疗药物全球研发现状前列腺癌治疗药物全球研发现状
前列腺癌治疗药物全球研发现状shanghq_cn
 
Twitter for Social Care
Twitter for Social CareTwitter for Social Care
Twitter for Social CareDaniel Slee
 
συναντηση υπουργειου πεχωδε
συναντηση υπουργειου πεχωδεσυναντηση υπουργειου πεχωδε
συναντηση υπουργειου πεχωδεATHANASIOS KAVVADAS
 
Opnieuw verliesjaar voor firma Delphine Boël
Opnieuw verliesjaar voor firma Delphine BoëlOpnieuw verliesjaar voor firma Delphine Boël
Opnieuw verliesjaar voor firma Delphine BoëlThierry Debels
 
Data science guide for PASS Summit 2014
Data science guide for PASS Summit 2014Data science guide for PASS Summit 2014
Data science guide for PASS Summit 2014Mark Tabladillo
 
Your Health, Yourself
Your Health, YourselfYour Health, Yourself
Your Health, YourselfOgilvy Health
 
συναντηση υπουργειου αθλητισμου
συναντηση υπουργειου αθλητισμουσυναντηση υπουργειου αθλητισμου
συναντηση υπουργειου αθλητισμουATHANASIOS KAVVADAS
 
Star 8-solar-tile-presentation
Star 8-solar-tile-presentationStar 8-solar-tile-presentation
Star 8-solar-tile-presentationÔng Râu
 
Keith hopper - General Assembly Product Roundtable
Keith hopper - General Assembly Product RoundtableKeith hopper - General Assembly Product Roundtable
Keith hopper - General Assembly Product Roundtablehopperomatic
 
今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of Malaysia
今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of Malaysia今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of Malaysia
今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of MalaysiaYama San
 
Himpervinculos 1 km
Himpervinculos 1 kmHimpervinculos 1 km
Himpervinculos 1 kmKatia Vega
 

Destacado (20)

ShaREing is Caring
ShaREing is CaringShaREing is Caring
ShaREing is Caring
 
0-knowledge fuzzing
0-knowledge fuzzing0-knowledge fuzzing
0-knowledge fuzzing
 
Uni mannheim debuggers
Uni mannheim debuggersUni mannheim debuggers
Uni mannheim debuggers
 
Architectural Diversity (German)
Architectural Diversity (German)Architectural Diversity (German)
Architectural Diversity (German)
 
Tell me that story again
Tell me that story againTell me that story again
Tell me that story again
 
0-knowledge fuzzing white paper
0-knowledge fuzzing white paper0-knowledge fuzzing white paper
0-knowledge fuzzing white paper
 
How to really obfuscate your pdf malware
How to really obfuscate your pdf malwareHow to really obfuscate your pdf malware
How to really obfuscate your pdf malware
 
Reverse Engineering iOS apps
Reverse Engineering iOS appsReverse Engineering iOS apps
Reverse Engineering iOS apps
 
前列腺癌治疗药物全球研发现状
前列腺癌治疗药物全球研发现状前列腺癌治疗药物全球研发现状
前列腺癌治疗药物全球研发现状
 
Twitter for Social Care
Twitter for Social CareTwitter for Social Care
Twitter for Social Care
 
συναντηση υπουργειου πεχωδε
συναντηση υπουργειου πεχωδεσυναντηση υπουργειου πεχωδε
συναντηση υπουργειου πεχωδε
 
Opnieuw verliesjaar voor firma Delphine Boël
Opnieuw verliesjaar voor firma Delphine BoëlOpnieuw verliesjaar voor firma Delphine Boël
Opnieuw verliesjaar voor firma Delphine Boël
 
Data science guide for PASS Summit 2014
Data science guide for PASS Summit 2014Data science guide for PASS Summit 2014
Data science guide for PASS Summit 2014
 
Your Health, Yourself
Your Health, YourselfYour Health, Yourself
Your Health, Yourself
 
συναντηση υπουργειου αθλητισμου
συναντηση υπουργειου αθλητισμουσυναντηση υπουργειου αθλητισμου
συναντηση υπουργειου αθλητισμου
 
Star 8-solar-tile-presentation
Star 8-solar-tile-presentationStar 8-solar-tile-presentation
Star 8-solar-tile-presentation
 
Take care of your feet for a lifetime
Take care of your feet for a lifetimeTake care of your feet for a lifetime
Take care of your feet for a lifetime
 
Keith hopper - General Assembly Product Roundtable
Keith hopper - General Assembly Product RoundtableKeith hopper - General Assembly Product Roundtable
Keith hopper - General Assembly Product Roundtable
 
今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of Malaysia
今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of Malaysia今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of Malaysia
今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of Malaysia
 
Himpervinculos 1 km
Himpervinculos 1 kmHimpervinculos 1 km
Himpervinculos 1 km
 

Similar a Introduction to mobile reversing

Ember Conf 2016: Building Mobile Apps with Ember
Ember Conf 2016: Building Mobile Apps with EmberEmber Conf 2016: Building Mobile Apps with Ember
Ember Conf 2016: Building Mobile Apps with EmberAlex Blom
 
Mono for Android... for Google Devs
Mono for Android... for Google DevsMono for Android... for Google Devs
Mono for Android... for Google DevsCraig Dunn
 
The Great Mobile Debate: Native vs. Hybrid App Development
The Great Mobile Debate: Native vs. Hybrid App DevelopmentThe Great Mobile Debate: Native vs. Hybrid App Development
The Great Mobile Debate: Native vs. Hybrid App DevelopmentNick Landry
 
Building Effective and Rapid Applications with IBM MobileFirst Platform
Building Effective and Rapid Applications with IBM MobileFirst PlatformBuilding Effective and Rapid Applications with IBM MobileFirst Platform
Building Effective and Rapid Applications with IBM MobileFirst PlatformAndrew Ferrier
 
Building Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGap
Building Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGapBuilding Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGap
Building Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGapNick Landry
 
Outsmarting SmartPhones
Outsmarting SmartPhonesOutsmarting SmartPhones
Outsmarting SmartPhonessaurabhharit
 
Rapid Prototyping with Cordova aka Phonegap
Rapid Prototyping with Cordova aka PhonegapRapid Prototyping with Cordova aka Phonegap
Rapid Prototyping with Cordova aka PhonegapJosue Bustos
 
[2015/2016] Apache Cordova
[2015/2016] Apache Cordova[2015/2016] Apache Cordova
[2015/2016] Apache CordovaIvano Malavolta
 
NCDevCon 2017 - Cross Platform Mobile Apps
NCDevCon 2017 - Cross Platform Mobile AppsNCDevCon 2017 - Cross Platform Mobile Apps
NCDevCon 2017 - Cross Platform Mobile AppsJohn M. Wargo
 
Android Development: The Basics
Android Development: The BasicsAndroid Development: The Basics
Android Development: The BasicsMike Desjardins
 
Developing a native mobile apps using Ionic&Cordova
Developing a native mobile apps using Ionic&CordovaDeveloping a native mobile apps using Ionic&Cordova
Developing a native mobile apps using Ionic&CordovaDamir Beylkhanov
 
Mobile Vue.js – From PWA to Native
Mobile Vue.js – From PWA to NativeMobile Vue.js – From PWA to Native
Mobile Vue.js – From PWA to NativeMartinSotirov
 
HTML5 Can't Do That
HTML5 Can't Do ThatHTML5 Can't Do That
HTML5 Can't Do ThatNathan Smith
 
Android complete basic Guide
Android complete basic GuideAndroid complete basic Guide
Android complete basic GuideAKASH SINGH
 
Domo Arigato Mr. Roboto - Open Source Bridge 2009
Domo Arigato Mr. Roboto - Open Source Bridge 2009Domo Arigato Mr. Roboto - Open Source Bridge 2009
Domo Arigato Mr. Roboto - Open Source Bridge 2009sullis
 

Similar a Introduction to mobile reversing (20)

Android - Anroid Pproject
Android - Anroid PprojectAndroid - Anroid Pproject
Android - Anroid Pproject
 
Ember Conf 2016: Building Mobile Apps with Ember
Ember Conf 2016: Building Mobile Apps with EmberEmber Conf 2016: Building Mobile Apps with Ember
Ember Conf 2016: Building Mobile Apps with Ember
 
Mono for Android... for Google Devs
Mono for Android... for Google DevsMono for Android... for Google Devs
Mono for Android... for Google Devs
 
The Great Mobile Debate: Native vs. Hybrid App Development
The Great Mobile Debate: Native vs. Hybrid App DevelopmentThe Great Mobile Debate: Native vs. Hybrid App Development
The Great Mobile Debate: Native vs. Hybrid App Development
 
Building Effective and Rapid Applications with IBM MobileFirst Platform
Building Effective and Rapid Applications with IBM MobileFirst PlatformBuilding Effective and Rapid Applications with IBM MobileFirst Platform
Building Effective and Rapid Applications with IBM MobileFirst Platform
 
Xamarin v.Now
Xamarin v.NowXamarin v.Now
Xamarin v.Now
 
Introduction to android
Introduction to androidIntroduction to android
Introduction to android
 
Talk (2)
Talk (2)Talk (2)
Talk (2)
 
Building Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGap
Building Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGapBuilding Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGap
Building Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGap
 
Outsmarting SmartPhones
Outsmarting SmartPhonesOutsmarting SmartPhones
Outsmarting SmartPhones
 
Rapid Prototyping with Cordova aka Phonegap
Rapid Prototyping with Cordova aka PhonegapRapid Prototyping with Cordova aka Phonegap
Rapid Prototyping with Cordova aka Phonegap
 
[2015/2016] Apache Cordova
[2015/2016] Apache Cordova[2015/2016] Apache Cordova
[2015/2016] Apache Cordova
 
NCDevCon 2017 - Cross Platform Mobile Apps
NCDevCon 2017 - Cross Platform Mobile AppsNCDevCon 2017 - Cross Platform Mobile Apps
NCDevCon 2017 - Cross Platform Mobile Apps
 
Android Development: The Basics
Android Development: The BasicsAndroid Development: The Basics
Android Development: The Basics
 
Future of Mobile
Future of MobileFuture of Mobile
Future of Mobile
 
Developing a native mobile apps using Ionic&Cordova
Developing a native mobile apps using Ionic&CordovaDeveloping a native mobile apps using Ionic&Cordova
Developing a native mobile apps using Ionic&Cordova
 
Mobile Vue.js – From PWA to Native
Mobile Vue.js – From PWA to NativeMobile Vue.js – From PWA to Native
Mobile Vue.js – From PWA to Native
 
HTML5 Can't Do That
HTML5 Can't Do ThatHTML5 Can't Do That
HTML5 Can't Do That
 
Android complete basic Guide
Android complete basic GuideAndroid complete basic Guide
Android complete basic Guide
 
Domo Arigato Mr. Roboto - Open Source Bridge 2009
Domo Arigato Mr. Roboto - Open Source Bridge 2009Domo Arigato Mr. Roboto - Open Source Bridge 2009
Domo Arigato Mr. Roboto - Open Source Bridge 2009
 

Último

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 

Último (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 

Introduction to mobile reversing

  • 1. Introduction to mobile reversing tora@pandas.es jose.duart@zynamics.com
  • 2. Who are you? • Reverse engineer since late 90s • Malware analysis, binary auditing and behaviour analysis • Mobile and embedded systems reversing as a hobby • Working at Zynamics GmbH
  • 3. Summary • Windows Mobile • Android • Dalvik VM • Decompilation • iPhone • AppStore DRM • Reversing Objective-C code
  • 4. Why mobile reversing? • Few years ago: • Lots of java-based mobileOS • Only Symbian and PalmOS were “interesting” • But not much development community • First? mobile malware developed for Symbian, codename Caribe/Cabir, author Vallez/29A • Now: • Android, iPhoneOS, Windows Mobile, Bada...
  • 5. Why mobile reversing? • More SDK’s, more developers... more interesting stuff
  • 6. Why mobile reversing? • ... and evil stuff
  • 7. Windows Mobile Reversing a banking app: BBVA
  • 8. WM: First Steps • Executable file format: PE • Architecture: ARM • Language: C++ • API: Windows-like
  • 9. WM: Target • Spanish “banking app”: BBVA • https://www.bbva.es/TLBS/ BBVA_MobiDesc.htm • Versions for Java, RIM, Windows Mobile, iPhone and Android
  • 11. WM: Thoughts • ARM can look a bit hard at first, but is much easier than x86!! • The API is a piece of cake for people with experience in Windows XP/Vista development/reversing. • Easy to debug the targets, emulate the OS and patch apps.
  • 12. Google Android Reversing a banking app: Wells Fargo
  • 13. Android: First Steps • Architecture: ARM • API: Dalvik VM based • Two ways of delevolment (SDK/NDK) • Executable file format: Dex/ELF • Language: Java/C++
  • 16. Android: First Steps Android Java Source .java .java Binary .dex .class Binary .odex N/A Optimized Packages .apk .jar Reversing DeDexer, Baksmali, JAD, DJ Java Tools DeoDexerant Decompiler, JD-GUI...
  • 18. Android: Analysis • DeDexer way .method public onCreate(Landroid/os/Bundle;)V .limit registers 4 ; this: v2 (Lcom/example/android/helloactivity/HelloActivity;) ; parameter[0] : v3 (Landroid/os/Bundle;) .line 36 invoke-super {v2,v3},android/app/Activity/ onCreate ; onCreate(Landroid/os/Bundle;)V .line 40 const/high16 v1,32514 invoke-virtual {v2,v1},com/example/android/ helloactivity/HelloActivity/setContentView ; setContentView (I)V
  • 19. Android: Analysis • Baksmali way .method public onCreate(Landroid/os/Bundle;)V .registers 4 .parameter "savedInstanceState" .prologue .line 36 invoke-super {p0, p1}, Landroid/app/Activity;->onCreate (Landroid/os/Bundle;)V .line 40 const/high16 v1, 0x7f02 invoke-virtual {p0, v1}, Lcom/example/android/ helloactivity/HelloActivity;->setContentView(I)V
  • 20. Android: Target • US banking app: Wells Fargo • Downloaded from androlib.com • Also available for iPhone
  • 21. Android: Analysis II .class public Ldroidheaven/app/wellsfargo/Main; .super Landroid/app/Activity; .source "Main.java" # annotations .annotation system Ldalvik/annotation/MemberClasses; value = { Ldroidheaven/app/wellsfargo/Main$HelloWebViewClient; } .end annotation # instance fields .field webview:Landroid/webkit/WebView;
  • 22. Android: Thoughts • Decompilers are not ready yet • In the future, it will be similar to Java-reversing • Free emulator: • It’s possible to install apk’s • No access to Android Market :(
  • 23. Apple iPhone Reversing a banking app: HanaBank
  • 24. iPhone: First Steps • Executable file format: Mach-O • Architecture: ARM • Language: Objective-C • API: iPhone SDK Framework and libc
  • 25. iPhone: First Steps • Apps come in IPA packages • ZIP files with executables and resources (images, package info, config files...) • iPhone Simulator works with i386 • Tricky to setup a debug environment • enable ssh access • iphonedbg/gdb
  • 26. iPhone: First Steps • AppStore • Apps are encrypted, iPhone Mach-O loader is in charge of decryption • GDB and a little understanding of Mach-O headers (otool) can help • Objective-C • 80% calls to msgSend() == lots of fun :)
  • 27. iPhone: First Steps Typical objective-C callgraph
  • 28. iPhone: First Steps Callgraph after script (in blue new “msg” subs)
  • 29. iPhone: Target • Korean banking app: HanaBank • Downloaded from AppStore
  • 30. iPhone: Analysis • Removing AppStore encryption • Playing with FLIRT signatures • Reversing Objective-C code
  • 31. iPhone: Thoughts • AppStore DRM is not a big problem • Objective-C can be quite painful • Debug using GDB: • Well known tool, but you need delevoper account or a jailbroken device. • Simulator is not useful for reversing
  • 32. Questions? !!!