Case study one – automating reverse engineering tasks

During a research project, we need to analyze how secure modern mobile applications are and what percentage of these applications do not follow some best security practices of binary protection, such as a stack canary and a PIE flag.

In order to complete such research on a wide range of IPAs, we would need to automate the process of binary analysis and reverse engineering. This is where using a tool such as MobSF can be very productive. Here is how we performed such checks on more than 500 applications:

1. We stored all IPAs at one location.
2. We then used the MobSF REST APIs to automate the static analysis of binaries one by one:
   • By uploading the file: api/v1/upload
   • By scanning the uploaded file: /api/v1/scan
3. Once the analysis is done, a JSON format of the report could be fetched and analyzed to find the value of checks we are interested in:
   • By generating the JSON report: api/v1/report_json

We then...