06-30, 13:00–14:00 (US/Eastern), Soprano A
Mobile reverse engineering can be significantly accelerated through generating visualizations of execution paths. This workshop will demonstrate the tools and methods required to visualize execution for Android's Java and Native layers as well as the Objective-C layer for iOS.
Content will be based upon previous work: https://datalocaltmp.com/visualizing-android-code-coverage-pt-2.html as well as introduce new methods for Java and Objective-C visualization.
This workshop will introduce three separate methods for producing visualizations of Mobile execution across Android and iOS; participants can follow along with their own Android device or a Jailbroken iOS device.
-
An Introduction to Control-Flow-Graphs and Tooling (10 minutes) - Current tools for rendering CFG's in Ghidra, Jadx, Flow-Finder (new-tool to be released alongside workshop).
-
Producing Android Native & Java CFG's with Execution Highlighting (20 minutes) - Demonstration of using a non-rooted Android device to generate meaningful visualizations of Java and native layer code execution.
-
Producing iOS CFG's with Execution Highlighting (20 minutes) - Demonstration of extracting .ipa files and tools required to produce visualizations of Objective-C execution.
-
Multiple practical demonstrations using Playstore/AppStore applications (10 Minutes) - Demonstrating effective use case where visualizations can accelerate Reverse Engineering and Debugging; time permitting a Malware sample will also be demonstrated.
If you would like to follow along please have a laptop as well as an Android phone with USB debugging enabled or an iOS phone that can be jailbroken.
Mobile reverse engineer @datalocaltmp. Founded Signal 11 Research - https://s11research.com, and previously maintained https://theappanalyst.com.
Claimed bounties with Meta, Ring, Match.com, Biden Campaign, Bird Scooters, and many others; always looking for that next bug.