Overview
Explore runtime manipulation techniques for Android and iOS applications in this conference talk from AppSecUSA 2014. Delve into powerful tools and methods for runtime analysis, memory manipulation, and binary analysis to enhance mobile application security testing skills. Learn about cycript, snoop-it, jdb, and other tools for runtime manipulation and memory analysis. Gain insights into iOS execution flow, method swizzling, memory dumping, and Android decompiling. Discover how to improve mobile security testing results and better understand security controls in mobile applications. Suitable for pen testers and security professionals looking to expand their mobile security toolbox.
Syllabus
Intro
Runtime Analysis and Manipulation
Runtime Analysis: Android
Runtime Analysis: iOS
Snoop-it Features
IOS Execution Flow
Cycript Common Functions
Cycript Method Swizzling
Memory Dumping and Analysis
Memory Analysis: Android
Memory Analysis: iOS
IOS Binary Analysis
Disassembler
Other Tools..
Android: Decompiling
Example: Android Decompiling
Example: Decompile & Re-compile
Taught by
OWASP Foundation