SlideShare ist ein Scribd-Unternehmen logo

Introduction to mobile reversing

J
jduart
Technologie
1 von 32
Downloaden Sie, um offline zu lesen
Introduction to mobile reversing tora@pandas.es jose.duart@zynamics.com
Who are you? • Reverse engineer since late 90s • Malware analysis, binary auditing and behaviour analysis • Mobile and embedded systems reversing as a hobby • Working at Zynamics GmbH
Summary • Windows Mobile • Android • Dalvik VM • Decompilation • iPhone • AppStore DRM • Reversing Objective-C code
Why mobile reversing? • Few years ago: • Lots of java-based mobileOS • Only Symbian and PalmOS were “interesting” • But not much development community • First? mobile malware developed for Symbian, codename Caribe/Cabir, author Vallez/29A • Now: • Android, iPhoneOS, Windows Mobile, Bada...
Why mobile reversing? • More SDK’s, more developers... more interesting stuff
Why mobile reversing? • ... and evil stuff
Windows Mobile Reversing a banking app: BBVA
WM: First Steps • Executable file format: PE • Architecture: ARM • Language: C++ • API: Windows-like
WM: Target • Spanish “banking app”: BBVA • https://www.bbva.es/TLBS/ BBVA_MobiDesc.htm • Versions for Java, RIM, Windows Mobile, iPhone and Android
WM: Analysis
WM: Thoughts • ARM can look a bit hard at first, but is much easier than x86!! • The API is a piece of cake for people with experience in Windows XP/Vista development/reversing. • Easy to debug the targets, emulate the OS and patch apps.
Google Android Reversing a banking app: Wells Fargo
Android: First Steps • Architecture: ARM • API: Dalvik VM based • Two ways of delevolment (SDK/NDK) • Executable file format: Dex/ELF • Language: Java/C++
Android: First Steps
Android: First Steps
Android: First Steps Android Java Source .java .java Binary .dex .class Binary .odex N/A Optimized Packages .apk .jar Reversing DeDexer, Baksmali, JAD, DJ Java Tools DeoDexerant Decompiler, JD-GUI...
Android: Analysis • Sample code
Android: Analysis • DeDexer way .method public onCreate(Landroid/os/Bundle;)V .limit registers 4 ; this: v2 (Lcom/example/android/helloactivity/HelloActivity;) ; parameter[0] : v3 (Landroid/os/Bundle;) .line 36 invoke-super {v2,v3},android/app/Activity/ onCreate ; onCreate(Landroid/os/Bundle;)V .line 40 const/high16 v1,32514 invoke-virtual {v2,v1},com/example/android/ helloactivity/HelloActivity/setContentView ; setContentView (I)V
Android: Analysis • Baksmali way .method public onCreate(Landroid/os/Bundle;)V .registers 4 .parameter "savedInstanceState" .prologue .line 36 invoke-super {p0, p1}, Landroid/app/Activity;->onCreate (Landroid/os/Bundle;)V .line 40 const/high16 v1, 0x7f02 invoke-virtual {p0, v1}, Lcom/example/android/ helloactivity/HelloActivity;->setContentView(I)V
Android: Target • US banking app: Wells Fargo • Downloaded from androlib.com • Also available for iPhone
Android: Analysis II .class public Ldroidheaven/app/wellsfargo/Main; .super Landroid/app/Activity; .source "Main.java" # annotations .annotation system Ldalvik/annotation/MemberClasses; value = { Ldroidheaven/app/wellsfargo/Main$HelloWebViewClient; } .end annotation # instance fields .field webview:Landroid/webkit/WebView;
Android: Thoughts • Decompilers are not ready yet • In the future, it will be similar to Java-reversing • Free emulator: • It’s possible to install apk’s • No access to Android Market :(
Apple iPhone Reversing a banking app: HanaBank
iPhone: First Steps • Executable file format: Mach-O • Architecture: ARM • Language: Objective-C • API: iPhone SDK Framework and libc
iPhone: First Steps • Apps come in IPA packages • ZIP files with executables and resources (images, package info, config files...) • iPhone Simulator works with i386 • Tricky to setup a debug environment • enable ssh access • iphonedbg/gdb
iPhone: First Steps • AppStore • Apps are encrypted, iPhone Mach-O loader is in charge of decryption • GDB and a little understanding of Mach-O headers (otool) can help • Objective-C • 80% calls to msgSend() == lots of fun :)
iPhone: First Steps Typical objective-C callgraph
iPhone: First Steps Callgraph after script (in blue new “msg” subs)
iPhone: Target • Korean banking app: HanaBank • Downloaded from AppStore
iPhone: Analysis • Removing AppStore encryption • Playing with FLIRT signatures • Reversing Objective-C code
iPhone: Thoughts • AppStore DRM is not a big problem • Objective-C can be quite painful • Debug using GDB: • Well known tool, but you need delevoper account or a jailbroken device. • Simulator is not useful for reversing
Questions? !!!

Empfohlen

ShaREing Is Caring
ShaREing Is CaringShaREing Is Caring
ShaREing Is Caringsporst
 
Packer Genetics: The selfish code
Packer Genetics: The selfish codePacker Genetics: The selfish code
Packer Genetics: The selfish codejduart
 
Bootstrapping iPhone Development
Bootstrapping iPhone DevelopmentBootstrapping iPhone Development
Bootstrapping iPhone DevelopmentThoughtWorks
 
FlawDetector - Rubykaigi2013 LT
FlawDetector - Rubykaigi2013 LT FlawDetector - Rubykaigi2013 LT
FlawDetector - Rubykaigi2013 LT ginriki
 
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)Joxean Koret
 
Assignment1 B 0
Assignment1 B 0Assignment1 B 0
Assignment1 B 0Mahmoud
 
Rootcon X - Reverse Engineering Swift Applications
Rootcon X - Reverse Engineering Swift ApplicationsRootcon X - Reverse Engineering Swift Applications
Rootcon X - Reverse Engineering Swift Applicationseightbit
 
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...Maarten Balliauw
 

Empfohlen

ShaREing Is Caring
ShaREing Is CaringShaREing Is Caring
ShaREing Is Caringsporst
 
Packer Genetics: The selfish code
Packer Genetics: The selfish codePacker Genetics: The selfish code
Packer Genetics: The selfish codejduart
 
Bootstrapping iPhone Development
Bootstrapping iPhone DevelopmentBootstrapping iPhone Development
Bootstrapping iPhone DevelopmentThoughtWorks
 
FlawDetector - Rubykaigi2013 LT
FlawDetector - Rubykaigi2013 LT FlawDetector - Rubykaigi2013 LT
FlawDetector - Rubykaigi2013 LT ginriki
 
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)Joxean Koret
 
Assignment1 B 0
Assignment1 B 0Assignment1 B 0
Assignment1 B 0Mahmoud
 
Rootcon X - Reverse Engineering Swift Applications
Rootcon X - Reverse Engineering Swift ApplicationsRootcon X - Reverse Engineering Swift Applications
Rootcon X - Reverse Engineering Swift Applicationseightbit
 
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...Maarten Balliauw
 
C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#Hawkman Academy
 
C++ to java
C++ to javaC++ to java
C++ to javaAjmal Ak
 
Wahckon[2] - iOS Runtime Hacking Crash Course
Wahckon[2] - iOS Runtime Hacking Crash CourseWahckon[2] - iOS Runtime Hacking Crash Course
Wahckon[2] - iOS Runtime Hacking Crash Courseeightbit
 
ConFoo Montreal - Approaches for application request throttling
ConFoo Montreal - Approaches for application request throttlingConFoo Montreal - Approaches for application request throttling
ConFoo Montreal - Approaches for application request throttlingMaarten Balliauw
 
Handout 00 0
Handout 00 0Handout 00 0
Handout 00 0Mahmoud
 
C++vs java
C++vs javaC++vs java
C++vs javaPradeep wolf king
 
Net serialization
Net serializationNet serialization
Net serializationGreg Sohl
 
C#
C#C#
C#Gokul Ram
 
Tutorial c#
Tutorial c#Tutorial c#
Tutorial c#Mohammad Faizan
 
Object Oriented Apologetics
Object Oriented ApologeticsObject Oriented Apologetics
Object Oriented ApologeticsVance Lucas
 
Clean Code summary
Clean Code summaryClean Code summary
Clean Code summaryJan de Vries
 
C# features
C# featuresC# features
C# featuressagaroceanic11
 
Tech breakfast 18
Tech breakfast 18Tech breakfast 18
Tech breakfast 18James Leone
 
Introduction to Binary Exploitation
Introduction to Binary Exploitation Introduction to Binary Exploitation
Introduction to Binary Exploitation Cysinfo Cyber Security Community
 
How to really obfuscate your pdf malware
How to really obfuscate your pdf malwareHow to really obfuscate your pdf malware
How to really obfuscate your pdf malwarezynamics GmbH
 
1..Net Framework Architecture-(c#)
1..Net Framework Architecture-(c#)1..Net Framework Architecture-(c#)
1..Net Framework Architecture-(c#)Shoaib Ghachi
 
.NET and C# Introduction
.NET and C# Introduction.NET and C# Introduction
.NET and C# IntroductionSiraj Memon
 
2.Getting Started with C#.Net-(C#)
2.Getting Started with C#.Net-(C#)2.Getting Started with C#.Net-(C#)
2.Getting Started with C#.Net-(C#)Shoaib Ghachi
 
How To Become A Good C# Programmer
How To Become A Good C# ProgrammerHow To Become A Good C# Programmer
How To Become A Good C# ProgrammerLearnItFirst.com
 
ShaREing is Caring
ShaREing is CaringShaREing is Caring
ShaREing is Caringzynamics GmbH
 
0-knowledge fuzzing
0-knowledge fuzzing0-knowledge fuzzing
0-knowledge fuzzingVincenzo Iozzo
 
Uni mannheim debuggers
Uni mannheim debuggersUni mannheim debuggers
Uni mannheim debuggerszynamics GmbH
 

Weitere ähnliche Inhalte

Was ist angesagt?

C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#Hawkman Academy
 
C++ to java
C++ to javaC++ to java
C++ to javaAjmal Ak
 
Wahckon[2] - iOS Runtime Hacking Crash Course
Wahckon[2] - iOS Runtime Hacking Crash CourseWahckon[2] - iOS Runtime Hacking Crash Course
Wahckon[2] - iOS Runtime Hacking Crash Courseeightbit
 
ConFoo Montreal - Approaches for application request throttling
ConFoo Montreal - Approaches for application request throttlingConFoo Montreal - Approaches for application request throttling
ConFoo Montreal - Approaches for application request throttlingMaarten Balliauw
 
Handout 00 0
Handout 00 0Handout 00 0
Handout 00 0Mahmoud
 
Net serialization
Net serializationNet serialization
Net serializationGreg Sohl
 
Object Oriented Apologetics
Object Oriented ApologeticsObject Oriented Apologetics
Object Oriented ApologeticsVance Lucas
 
Clean Code summary
Clean Code summaryClean Code summary
Clean Code summaryJan de Vries
 
Tech breakfast 18
Tech breakfast 18Tech breakfast 18
Tech breakfast 18James Leone
 
How to really obfuscate your pdf malware
How to really obfuscate your pdf malwareHow to really obfuscate your pdf malware
How to really obfuscate your pdf malwarezynamics GmbH
 
1..Net Framework Architecture-(c#)
1..Net Framework Architecture-(c#)1..Net Framework Architecture-(c#)
1..Net Framework Architecture-(c#)Shoaib Ghachi
 
.NET and C# Introduction
.NET and C# Introduction.NET and C# Introduction
.NET and C# IntroductionSiraj Memon
 
2.Getting Started with C#.Net-(C#)
2.Getting Started with C#.Net-(C#)2.Getting Started with C#.Net-(C#)
2.Getting Started with C#.Net-(C#)Shoaib Ghachi
 
How To Become A Good C# Programmer
How To Become A Good C# ProgrammerHow To Become A Good C# Programmer
How To Become A Good C# ProgrammerLearnItFirst.com
 

Was ist angesagt? (19)

C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#C# 101: Intro to Programming with C#
C# 101: Intro to Programming with C#
 
C++ to java
C++ to javaC++ to java
C++ to java
 
Wahckon[2] - iOS Runtime Hacking Crash Course
Wahckon[2] - iOS Runtime Hacking Crash CourseWahckon[2] - iOS Runtime Hacking Crash Course
Wahckon[2] - iOS Runtime Hacking Crash Course
 
ConFoo Montreal - Approaches for application request throttling
ConFoo Montreal - Approaches for application request throttlingConFoo Montreal - Approaches for application request throttling
ConFoo Montreal - Approaches for application request throttling
 
Handout 00 0
Handout 00 0Handout 00 0
Handout 00 0
 
C++vs java
C++vs javaC++vs java
C++vs java
 
Net serialization
Net serializationNet serialization
Net serialization
 
C#
C#C#
C#
 
Tutorial c#
Tutorial c#Tutorial c#
Tutorial c#
 
Object Oriented Apologetics
Object Oriented ApologeticsObject Oriented Apologetics
Object Oriented Apologetics
 
Clean Code summary
Clean Code summaryClean Code summary
Clean Code summary
 
C# features
C# featuresC# features
C# features
 
Tech breakfast 18
Tech breakfast 18Tech breakfast 18
Tech breakfast 18
 
Introduction to Binary Exploitation
Introduction to Binary Exploitation Introduction to Binary Exploitation
Introduction to Binary Exploitation
 
How to really obfuscate your pdf malware
How to really obfuscate your pdf malwareHow to really obfuscate your pdf malware
How to really obfuscate your pdf malware
 
1..Net Framework Architecture-(c#)
1..Net Framework Architecture-(c#)1..Net Framework Architecture-(c#)
1..Net Framework Architecture-(c#)
 
.NET and C# Introduction
.NET and C# Introduction.NET and C# Introduction
.NET and C# Introduction
 
2.Getting Started with C#.Net-(C#)
2.Getting Started with C#.Net-(C#)2.Getting Started with C#.Net-(C#)
2.Getting Started with C#.Net-(C#)
 
How To Become A Good C# Programmer
How To Become A Good C# ProgrammerHow To Become A Good C# Programmer
How To Become A Good C# Programmer
 

Andere mochten auch

Uni mannheim debuggers
Uni mannheim debuggersUni mannheim debuggers
Uni mannheim debuggerszynamics GmbH
 
Architectural Diversity (German)
Architectural Diversity (German)Architectural Diversity (German)
Architectural Diversity (German)zynamics GmbH
 
Tell me that story again
Tell me that story againTell me that story again
Tell me that story againmarkcmarino
 
0-knowledge fuzzing white paper
0-knowledge fuzzing white paper0-knowledge fuzzing white paper
0-knowledge fuzzing white paperVincenzo Iozzo
 
How to really obfuscate your pdf malware
How to really obfuscate your pdf malwareHow to really obfuscate your pdf malware
How to really obfuscate your pdf malwarezynamics GmbH
 
Reverse Engineering iOS apps
Reverse Engineering iOS appsReverse Engineering iOS apps
Reverse Engineering iOS appsMax Bazaliy
 
前列腺癌治疗药物全球研发现状
前列腺癌治疗药物全球研发现状前列腺癌治疗药物全球研发现状
前列腺癌治疗药物全球研发现状shanghq_cn
 
Twitter for Social Care
Twitter for Social CareTwitter for Social Care
Twitter for Social CareDaniel Slee
 
συναντηση υπουργειου πεχωδε
συναντηση υπουργειου πεχωδεσυναντηση υπουργειου πεχωδε
συναντηση υπουργειου πεχωδεATHANASIOS KAVVADAS
 
Opnieuw verliesjaar voor firma Delphine Boël
Opnieuw verliesjaar voor firma Delphine BoëlOpnieuw verliesjaar voor firma Delphine Boël
Opnieuw verliesjaar voor firma Delphine BoëlThierry Debels
 
Data science guide for PASS Summit 2014
Data science guide for PASS Summit 2014Data science guide for PASS Summit 2014
Data science guide for PASS Summit 2014Mark Tabladillo
 
Your Health, Yourself
Your Health, YourselfYour Health, Yourself
Your Health, YourselfOgilvy Health
 
συναντηση υπουργειου αθλητισμου
συναντηση υπουργειου αθλητισμουσυναντηση υπουργειου αθλητισμου
συναντηση υπουργειου αθλητισμουATHANASIOS KAVVADAS
 
Star 8-solar-tile-presentation
Star 8-solar-tile-presentationStar 8-solar-tile-presentation
Star 8-solar-tile-presentationÔng Râu
 
Keith hopper - General Assembly Product Roundtable
Keith hopper - General Assembly Product RoundtableKeith hopper - General Assembly Product Roundtable
Keith hopper - General Assembly Product Roundtablehopperomatic
 
今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of Malaysia
今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of Malaysia今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of Malaysia
今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of MalaysiaYama San
 
Himpervinculos 1 km
Himpervinculos 1 kmHimpervinculos 1 km
Himpervinculos 1 kmKatia Vega
 

Andere mochten auch (20)

ShaREing is Caring
ShaREing is CaringShaREing is Caring
ShaREing is Caring
 
0-knowledge fuzzing
0-knowledge fuzzing0-knowledge fuzzing
0-knowledge fuzzing
 
Uni mannheim debuggers
Uni mannheim debuggersUni mannheim debuggers
Uni mannheim debuggers
 
Architectural Diversity (German)
Architectural Diversity (German)Architectural Diversity (German)
Architectural Diversity (German)
 
Tell me that story again
Tell me that story againTell me that story again
Tell me that story again
 
0-knowledge fuzzing white paper
0-knowledge fuzzing white paper0-knowledge fuzzing white paper
0-knowledge fuzzing white paper
 
How to really obfuscate your pdf malware
How to really obfuscate your pdf malwareHow to really obfuscate your pdf malware
How to really obfuscate your pdf malware
 
Reverse Engineering iOS apps
Reverse Engineering iOS appsReverse Engineering iOS apps
Reverse Engineering iOS apps
 
前列腺癌治疗药物全球研发现状
前列腺癌治疗药物全球研发现状前列腺癌治疗药物全球研发现状
前列腺癌治疗药物全球研发现状
 
Twitter for Social Care
Twitter for Social CareTwitter for Social Care
Twitter for Social Care
 
συναντηση υπουργειου πεχωδε
συναντηση υπουργειου πεχωδεσυναντηση υπουργειου πεχωδε
συναντηση υπουργειου πεχωδε
 
Opnieuw verliesjaar voor firma Delphine Boël
Opnieuw verliesjaar voor firma Delphine BoëlOpnieuw verliesjaar voor firma Delphine Boël
Opnieuw verliesjaar voor firma Delphine Boël
 
Data science guide for PASS Summit 2014
Data science guide for PASS Summit 2014Data science guide for PASS Summit 2014
Data science guide for PASS Summit 2014
 
Your Health, Yourself
Your Health, YourselfYour Health, Yourself
Your Health, Yourself
 
συναντηση υπουργειου αθλητισμου
συναντηση υπουργειου αθλητισμουσυναντηση υπουργειου αθλητισμου
συναντηση υπουργειου αθλητισμου
 
Star 8-solar-tile-presentation
Star 8-solar-tile-presentationStar 8-solar-tile-presentation
Star 8-solar-tile-presentation
 
Take care of your feet for a lifetime
Take care of your feet for a lifetimeTake care of your feet for a lifetime
Take care of your feet for a lifetime
 
Keith hopper - General Assembly Product Roundtable
Keith hopper - General Assembly Product RoundtableKeith hopper - General Assembly Product Roundtable
Keith hopper - General Assembly Product Roundtable
 
今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of Malaysia
今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of Malaysia今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of Malaysia
今日1日おつかれさま、これはマレーシアのおいしい果物 Delicious Fruits of Malaysia
 
Himpervinculos 1 km
Himpervinculos 1 kmHimpervinculos 1 km
Himpervinculos 1 km
 

Ähnlich wie Introduction to mobile reversing

Ember Conf 2016: Building Mobile Apps with Ember
Ember Conf 2016: Building Mobile Apps with EmberEmber Conf 2016: Building Mobile Apps with Ember
Ember Conf 2016: Building Mobile Apps with EmberAlex Blom
 
Mono for Android... for Google Devs
Mono for Android... for Google DevsMono for Android... for Google Devs
Mono for Android... for Google DevsCraig Dunn
 
The Great Mobile Debate: Native vs. Hybrid App Development
The Great Mobile Debate: Native vs. Hybrid App DevelopmentThe Great Mobile Debate: Native vs. Hybrid App Development
The Great Mobile Debate: Native vs. Hybrid App DevelopmentNick Landry
 
Building Effective and Rapid Applications with IBM MobileFirst Platform
Building Effective and Rapid Applications with IBM MobileFirst PlatformBuilding Effective and Rapid Applications with IBM MobileFirst Platform
Building Effective and Rapid Applications with IBM MobileFirst PlatformAndrew Ferrier
 
Building Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGap
Building Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGapBuilding Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGap
Building Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGapNick Landry
 
Outsmarting SmartPhones
Outsmarting SmartPhonesOutsmarting SmartPhones
Outsmarting SmartPhonessaurabhharit
 
Rapid Prototyping with Cordova aka Phonegap
Rapid Prototyping with Cordova aka PhonegapRapid Prototyping with Cordova aka Phonegap
Rapid Prototyping with Cordova aka PhonegapJosue Bustos
 
[2015/2016] Apache Cordova
[2015/2016] Apache Cordova[2015/2016] Apache Cordova
[2015/2016] Apache CordovaIvano Malavolta
 
NCDevCon 2017 - Cross Platform Mobile Apps
NCDevCon 2017 - Cross Platform Mobile AppsNCDevCon 2017 - Cross Platform Mobile Apps
NCDevCon 2017 - Cross Platform Mobile AppsJohn M. Wargo
 
Android Development: The Basics
Android Development: The BasicsAndroid Development: The Basics
Android Development: The BasicsMike Desjardins
 
Developing a native mobile apps using Ionic&Cordova
Developing a native mobile apps using Ionic&CordovaDeveloping a native mobile apps using Ionic&Cordova
Developing a native mobile apps using Ionic&CordovaDamir Beylkhanov
 
Mobile Vue.js – From PWA to Native
Mobile Vue.js – From PWA to NativeMobile Vue.js – From PWA to Native
Mobile Vue.js – From PWA to NativeMartinSotirov
 
HTML5 Can't Do That
HTML5 Can't Do ThatHTML5 Can't Do That
HTML5 Can't Do ThatNathan Smith
 
Android complete basic Guide
Android complete basic GuideAndroid complete basic Guide
Android complete basic GuideAKASH SINGH
 
Domo Arigato Mr. Roboto - Open Source Bridge 2009
Domo Arigato Mr. Roboto - Open Source Bridge 2009Domo Arigato Mr. Roboto - Open Source Bridge 2009
Domo Arigato Mr. Roboto - Open Source Bridge 2009sullis
 

Ähnlich wie Introduction to mobile reversing (20)

Android - Anroid Pproject
Android - Anroid PprojectAndroid - Anroid Pproject
Android - Anroid Pproject
 
Ember Conf 2016: Building Mobile Apps with Ember
Ember Conf 2016: Building Mobile Apps with EmberEmber Conf 2016: Building Mobile Apps with Ember
Ember Conf 2016: Building Mobile Apps with Ember
 
Mono for Android... for Google Devs
Mono for Android... for Google DevsMono for Android... for Google Devs
Mono for Android... for Google Devs
 
The Great Mobile Debate: Native vs. Hybrid App Development
The Great Mobile Debate: Native vs. Hybrid App DevelopmentThe Great Mobile Debate: Native vs. Hybrid App Development
The Great Mobile Debate: Native vs. Hybrid App Development
 
Building Effective and Rapid Applications with IBM MobileFirst Platform
Building Effective and Rapid Applications with IBM MobileFirst PlatformBuilding Effective and Rapid Applications with IBM MobileFirst Platform
Building Effective and Rapid Applications with IBM MobileFirst Platform
 
Xamarin v.Now
Xamarin v.NowXamarin v.Now
Xamarin v.Now
 
Introduction to android
Introduction to androidIntroduction to android
Introduction to android
 
Talk (2)
Talk (2)Talk (2)
Talk (2)
 
Building Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGap
Building Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGapBuilding Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGap
Building Mobile Cross-Platform Apps with HTML5, jQuery Mobile & PhoneGap
 
Outsmarting SmartPhones
Outsmarting SmartPhonesOutsmarting SmartPhones
Outsmarting SmartPhones
 
Rapid Prototyping with Cordova aka Phonegap
Rapid Prototyping with Cordova aka PhonegapRapid Prototyping with Cordova aka Phonegap
Rapid Prototyping with Cordova aka Phonegap
 
[2015/2016] Apache Cordova
[2015/2016] Apache Cordova[2015/2016] Apache Cordova
[2015/2016] Apache Cordova
 
NCDevCon 2017 - Cross Platform Mobile Apps
NCDevCon 2017 - Cross Platform Mobile AppsNCDevCon 2017 - Cross Platform Mobile Apps
NCDevCon 2017 - Cross Platform Mobile Apps
 
Android Development: The Basics
Android Development: The BasicsAndroid Development: The Basics
Android Development: The Basics
 
Future of Mobile
Future of MobileFuture of Mobile
Future of Mobile
 
Developing a native mobile apps using Ionic&Cordova
Developing a native mobile apps using Ionic&CordovaDeveloping a native mobile apps using Ionic&Cordova
Developing a native mobile apps using Ionic&Cordova
 
Mobile Vue.js – From PWA to Native
Mobile Vue.js – From PWA to NativeMobile Vue.js – From PWA to Native
Mobile Vue.js – From PWA to Native
 
HTML5 Can't Do That
HTML5 Can't Do ThatHTML5 Can't Do That
HTML5 Can't Do That
 
Android complete basic Guide
Android complete basic GuideAndroid complete basic Guide
Android complete basic Guide
 
Domo Arigato Mr. Roboto - Open Source Bridge 2009
Domo Arigato Mr. Roboto - Open Source Bridge 2009Domo Arigato Mr. Roboto - Open Source Bridge 2009
Domo Arigato Mr. Roboto - Open Source Bridge 2009
 

Kürzlich hochgeladen

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Kürzlich hochgeladen (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

Introduction to mobile reversing

  • 1. Introduction to mobile reversing tora@pandas.es jose.duart@zynamics.com
  • 2. Who are you? • Reverse engineer since late 90s • Malware analysis, binary auditing and behaviour analysis • Mobile and embedded systems reversing as a hobby • Working at Zynamics GmbH
  • 3. Summary • Windows Mobile • Android • Dalvik VM • Decompilation • iPhone • AppStore DRM • Reversing Objective-C code
  • 4. Why mobile reversing? • Few years ago: • Lots of java-based mobileOS • Only Symbian and PalmOS were “interesting” • But not much development community • First? mobile malware developed for Symbian, codename Caribe/Cabir, author Vallez/29A • Now: • Android, iPhoneOS, Windows Mobile, Bada...
  • 5. Why mobile reversing? • More SDK’s, more developers... more interesting stuff
  • 6. Why mobile reversing? • ... and evil stuff
  • 7. Windows Mobile Reversing a banking app: BBVA
  • 8. WM: First Steps • Executable file format: PE • Architecture: ARM • Language: C++ • API: Windows-like
  • 9. WM: Target • Spanish “banking app”: BBVA • https://www.bbva.es/TLBS/ BBVA_MobiDesc.htm • Versions for Java, RIM, Windows Mobile, iPhone and Android
  • 11. WM: Thoughts • ARM can look a bit hard at first, but is much easier than x86!! • The API is a piece of cake for people with experience in Windows XP/Vista development/reversing. • Easy to debug the targets, emulate the OS and patch apps.
  • 12. Google Android Reversing a banking app: Wells Fargo
  • 13. Android: First Steps • Architecture: ARM • API: Dalvik VM based • Two ways of delevolment (SDK/NDK) • Executable file format: Dex/ELF • Language: Java/C++
  • 16. Android: First Steps Android Java Source .java .java Binary .dex .class Binary .odex N/A Optimized Packages .apk .jar Reversing DeDexer, Baksmali, JAD, DJ Java Tools DeoDexerant Decompiler, JD-GUI...
  • 18. Android: Analysis • DeDexer way .method public onCreate(Landroid/os/Bundle;)V .limit registers 4 ; this: v2 (Lcom/example/android/helloactivity/HelloActivity;) ; parameter[0] : v3 (Landroid/os/Bundle;) .line 36 invoke-super {v2,v3},android/app/Activity/ onCreate ; onCreate(Landroid/os/Bundle;)V .line 40 const/high16 v1,32514 invoke-virtual {v2,v1},com/example/android/ helloactivity/HelloActivity/setContentView ; setContentView (I)V
  • 19. Android: Analysis • Baksmali way .method public onCreate(Landroid/os/Bundle;)V .registers 4 .parameter "savedInstanceState" .prologue .line 36 invoke-super {p0, p1}, Landroid/app/Activity;->onCreate (Landroid/os/Bundle;)V .line 40 const/high16 v1, 0x7f02 invoke-virtual {p0, v1}, Lcom/example/android/ helloactivity/HelloActivity;->setContentView(I)V
  • 20. Android: Target • US banking app: Wells Fargo • Downloaded from androlib.com • Also available for iPhone
  • 21. Android: Analysis II .class public Ldroidheaven/app/wellsfargo/Main; .super Landroid/app/Activity; .source "Main.java" # annotations .annotation system Ldalvik/annotation/MemberClasses; value = { Ldroidheaven/app/wellsfargo/Main$HelloWebViewClient; } .end annotation # instance fields .field webview:Landroid/webkit/WebView;
  • 22. Android: Thoughts • Decompilers are not ready yet • In the future, it will be similar to Java-reversing • Free emulator: • It’s possible to install apk’s • No access to Android Market :(
  • 23. Apple iPhone Reversing a banking app: HanaBank
  • 24. iPhone: First Steps • Executable file format: Mach-O • Architecture: ARM • Language: Objective-C • API: iPhone SDK Framework and libc
  • 25. iPhone: First Steps • Apps come in IPA packages • ZIP files with executables and resources (images, package info, config files...) • iPhone Simulator works with i386 • Tricky to setup a debug environment • enable ssh access • iphonedbg/gdb
  • 26. iPhone: First Steps • AppStore • Apps are encrypted, iPhone Mach-O loader is in charge of decryption • GDB and a little understanding of Mach-O headers (otool) can help • Objective-C • 80% calls to msgSend() == lots of fun :)
  • 27. iPhone: First Steps Typical objective-C callgraph
  • 28. iPhone: First Steps Callgraph after script (in blue new “msg” subs)
  • 29. iPhone: Target • Korean banking app: HanaBank • Downloaded from AppStore
  • 30. iPhone: Analysis • Removing AppStore encryption • Playing with FLIRT signatures • Reversing Objective-C code
  • 31. iPhone: Thoughts • AppStore DRM is not a big problem • Objective-C can be quite painful • Debug using GDB: • Well known tool, but you need delevoper account or a jailbroken device. • Simulator is not useful for reversing
  • 32. Questions? !!!