You're reading from Mobile App Reverse Engineering Get started with discovering, analyzing, and exploring the internals of Android and iOS apps

Product type Paperback

Published in May 2022

Publisher Packt

ISBN-13 9781801073394

Length 166 pages

Edition 1st Edition

Languages

Tools

Android

Concepts

Reverse Engineering

Author (1):

Abhinav Mishra

View More author details

Table of Contents (13) Chapters

Preface

1. Section 1: Basics of Mobile App Reverse Engineering, Common Tools and Techniques, and Setting up the Environment

2. Chapter 1: Basics of Reverse Engineering – Understanding the Structure of Mobile Apps FREE CHAPTER

3. Chapter 2: Setting Up a Mobile App Reverse Engineering Environment Using Modern Tools

4. Section 2: Mobile Application Reverse Engineering Methodology and Approach

5. Chapter 3: Reverse Engineering an Android Application

6. Chapter 4: Reverse Engineering an iOS Application

7. Chapter 5: Reverse Engineering an iOS Application (Developed Using Swift)

8. Section 3: Automating Some Parts of the Reverse Engineering Process

9. Chapter 6: Open Source and Commercial Reverse Engineering Tools

10. Chapter 7: Automating the Reverse Engineering Process

11. Chapter 8: Conclusion

12. Other Books You May Enjoy

Reverse engineering an iOS app

In a "black box" penetration test, it is the job of the penetration tester to somehow extract the application package (IPA) from a device. When an application is installed from the Apple App Store, it is protected by Digital Rights Management (DRM). The application binary file is encrypted when it is stored on the iOS device. That's why simply extracting the binary from the device and reverse engineering it is not going to work.

Extracting an unencrypted application from an iOS device can be done using tools such as frida-ios-dump (https://github.com/AloneMonkey/frida-ios-dump) and frida-ipa-dump (https://github.com/integrity-sa/frida-ipa-dump). The steps to extract the unencrypted IPA won't be covered in this book since that is part of the penetration testing process. However, to learn more about how to extract the unencrypted IPA, it is recommended to follow the steps given on the GitHub page for frida-ios-dump (or frida-ipa...