This 3-day course will equip you with a toolbox of indispensable techniques and methods for diving into the world of hacking apps on mobile devices. After getting started with static reverse engineering and dynamic testing iOS apps using Ghidra and Frida, we’ll pivot to Android to adapt these methods to the quirks of the Java world. We’ll be using Frida to trace control flow, find interesting code paths, manipulate data, and finally collect code coverage – everything you’ll need to get started writing custom fuzzers for vulnerability discovery.
The training will include hands-on exercises on virtual iOS and Android devices. Students will be guided through using free and open-source reverse-engineering software and frameworks (such as Ghidra and Frida) to understand the internals and perform security testing of closed-source apps.
Training level: Intermediate; Basic
Understand the structure of an iOS application after dumping it unencrypted from a phone. Get to know methods for static and dynamic application analysis and combine both methods, apply these tools to find interesting code paths, and automate sending input to the app.
Understand common patterns used in iOS apps such as asynchronous programming with Grand Central Dispatch and cross-process communication with XPC. Trainees will learn how to follow control and data flow across threads and processes by applying their understanding of these concepts to the methods learned on Day 1. As an outlook, the techniques learned are put into the context of how one would write a custom fuzzer.
Trainees will understand fundamental differences between Android and iOS Apps from a reverse engineering perspective, adapting the methods learned on iOS to the Java ecosystem used on Android.
This class is aimed at anyone interested in mobile app security, including pen testers, security or vulnerability researchers, or app developers.
Jiska Classen is a wireless and mobile security researcher. The intersection of these topics means that she digs into iOS internals, reverse engineers wireless firmware, and analyzes proprietary protocols. Her practical work on public Bluetooth security analysis tooling uncovered remote code execution and cryptographic flaws in billions of mobile devices. She also likes to work on obscure and upcoming wireless technologies, for example, she recently uncovered vulnerabilities in Ultra-wideband distance measurement and reverse-engineered Apple's AirTag communication protocol.
She has previously spoken at Black Hat USA, DEF CON, RECon, hardwear.io, Chaos Communication Congress, Chaos Communication Camp, Gulasch Programmer Nacht, MRMCDs, Easterhegg, Troopers, Pass the Salt, NotPinkCon, gave various lectures and training, and published at prestigious academic venues.