Dive into mobile application reverse engineering with this comprehensive 48-minute conference talk from Derbycon 2015. Explore various techniques and tools for analyzing mobile apps, including sensitive data handling, HTTPS proxying, packet capture, and jailbreaking. Learn about iOS-specific methods like Keychain security analysis, binary exploration with tools such as snippetextract and classdump, and dynamic analysis techniques. Discover Android-specific approaches, including package file analysis, secure storage examination, and using the Android Debug Bridge. Master essential commands for file manipulation, string extraction, and accessing restricted files. Gain insights into decompiling and viewing source code, assessing encryption strength, and utilizing Java Debug Wire. Enhance your mobile app security knowledge through this in-depth exploration of reverse engineering methodologies.
Overview
Syllabus
Introduction
Overview
Sensitive Data
IExplore
HTTPS
Proxy Server
Credit Card
Packet Capture
Detour
Jailbreaking
Jailbreak Applications
Keychain Security
Application Binary
snoopit
snippet
extract implementation details
classdump
dynamic analysis
usage
tool summary
Android package files
What is this
Storage Secure
Debug Bridge
Download Files
File Command
Strings Command
Les Command
Access Restricted Files
Edit a Request
Get a Response
Result
Results
Dexta Jar
Get App Off Device
Verify App
Invoke Dexta
Launch JD GUI
View Source Code
Is Encryption Strong
Java Debug Wire
Summary
Questions
