Understanding reverse engineering is a critical skill for security researchers, ethical hackers, and developer teams alike. Reverse engineering in mobile security testing involves decompiling and disassembling mobile applications to understand their underlying functionality, a process that is essential for identifying vulnerabilities and building scripts to exploit them.
iOS reverse engineering, in particular, can be quite challenging as it’s difficult to get devices that you can jailbreak for iOS operating systems. Corellium Chief Evangelist Brian Robison, Corellium Researcher Steven Smiley, and mobile cybersecurity professional Robert Ferri recently dug in to iOS reverse engineering tactics and techniques, showing live demonstrations of disassembling and application patching using virtual iOS devices.
Watch the full webinar, “Hunting for Vulnerabilities in iOS Apps," here and find the top highlights below.
To kick off the demonstration, Steven Smiley introduced the Corellium Cafe app, a fictitious coffee shop application that serves as a playground for ethical hackers. The app is full of vulnerabilities, including hardcoded values, bypassable root detection mechanisms and areas to exploit via dynamic instrumentation, that give security researchers an opportunity to experiment with and practice testing. Steven demonstrated how to use tools like Hopper and Ghidra to identify secrets hardcoded in an iOS application. Follow along with our webinar series for more updates on how to get access to Corellium Cafe.
During the live demonstration, Robert Ferri went into common techniques that are used for jailbreak detection as well as common bypasses. Using the Corellium Cafe app as an example, Robert demonstrated tools and techniques he uses all the time when doing mobile penetration tests.
“My goal for this talk is to show you that you don't actually have to be like a reverse engineering wizard or be able to read assembly at a really high level to figure out what's going on in the app and to do some basic reverse engineering.” — Robert Ferri, Mobile Cybersecurity Professional
Robert specifically focused on R2Frida, including its use cases, how to download and set it up, and how to launch R2Frida on a jailbroken iOS within Corellium. Radare2 (R2) and Frida are both essential tools for static and dynamic analysis. While R2 offers a comprehensive suite for disassembling, Frida is known for its dynamic instrumentation toolkit, allowing for real-time code injections and manipulations. The versatility of R2Frida makes it a must-have in a researcher's toolkit.
For those new to the world of reverse engineering, becoming familiar with the commands and their syntax in R2Frida can be daunting. Ferri walked through the syntax of R2 commands and explained how R2 files, described as configuration files, allow researchers to type out commands. When imported, these files automatically execute traces and hooks, streamlining the analysis process. Additionally, Ferri covered the following:
Wanting to learn more? Watch the full webinar, “Hunting for Vulnerabilites in iOS Apps.” Also, be sure to check out Corellium for mobile app penetration testing. You can spin-up near limitless combinations of devices and OS, no jailbreak required, and access Arm-native virtual devices to enable both static (SAST) and dynamic (DAST) app vulnerability discovery and exploitation testing.
Happy hunting, and may your code be secure!
Equip your security teams with unprecedented tools for both manual and automated testing, freeing up valuable engineering time and saving money. Discover the power of Corellium’s high-fidelity virtual devices and spin-up near limitless combinations of device and OS with one-click jailbreak/root access. Book a meeting today to see how we can streamline your processes and reduce costs.