You're reading from Mobile App Reverse Engineering Get started with discovering, analyzing, and exploring the internals of Android and iOS apps

Product type Paperback

Published in May 2022

Publisher Packt

ISBN-13 9781801073394

Length 166 pages

Edition 1st Edition

Languages

Tools

Android

Concepts

Reverse Engineering

Author (1):

Abhinav Mishra

View More author details

Table of Contents (13) Chapters

Preface

1. Section 1: Basics of Mobile App Reverse Engineering, Common Tools and Techniques, and Setting up the Environment

2. Chapter 1: Basics of Reverse Engineering – Understanding the Structure of Mobile Apps FREE CHAPTER

3. Chapter 2: Setting Up a Mobile App Reverse Engineering Environment Using Modern Tools

4. Section 2: Mobile Application Reverse Engineering Methodology and Approach

5. Chapter 3: Reverse Engineering an Android Application

6. Chapter 4: Reverse Engineering an iOS Application

7. Chapter 5: Reverse Engineering an iOS Application (Developed Using Swift)

8. Section 3: Automating Some Parts of the Reverse Engineering Process

9. Chapter 6: Open Source and Commercial Reverse Engineering Tools

10. Chapter 7: Automating the Reverse Engineering Process

11. Chapter 8: Conclusion

12. Other Books You May Enjoy

Reverse engineering and penetration testing

As we have successfully reverse engineered an APK to the Java source code, it is now important to understand why reverse engineering is very important and might be required during penetration testing. Often in a penetration testing engagement (black box), all that is available to the penetration tester is the name of the application. The penetration tester downloads the application on a device and extracts the APK.

There might be several cases when it is not evident how certain functions of the application are implemented just by using the app. In order to find vulnerabilities in the application, it is required to understand how it works. Reverse engineering helps to answer some of these questions.

Let's take an example. Imagine you are given a banking application to test (penetration testing). While using the application, you notice that the application implements a security control that encrypts all the user-submitted data values...