Tools For Program Understanding And Reverse Engineering Of Mobile Applications
Download Tools For Program Understanding And Reverse Engineering Of Mobile Applications PDF/ePub or read online books in Mobi eBooks. Click Download or Read Online button to get Tools For Program Understanding And Reverse Engineering Of Mobile Applications book now. This website allows unlimited access to, at the time of writing, more than 1.5 million titles, including hundreds of thousands of titles in various foreign languages.
Mobile App Reverse Engineering
Author: Abhinav Mishra
language: en
Publisher: Packt Publishing Ltd
Release Date: 2022-05-27
Delve into the world of mobile application reverse engineering, learn the fundamentals of how mobile apps are created and their internals, and analyze application binaries to find security issues Key Features • Learn the skills required to reverse engineer mobile applications • Understand the internals of iOS and Android application binaries • Explore modern reverse engineering tools such as Ghidra, Radare2, Hopper, and more Book Description Mobile App Reverse Engineering is a practical guide focused on helping cybersecurity professionals scale up their mobile security skills. With the IT world's evolution in mobile operating systems, cybercriminals are increasingly focusing their efforts on mobile devices. This book enables you to keep up by discovering security issues through reverse engineering of mobile apps. This book starts with the basics of reverse engineering and teaches you how to set up an isolated virtual machine environment to perform reverse engineering. You'll then learn about modern tools such as Ghidra and Radare2 to perform reverse engineering on mobile apps as well as understand how Android and iOS apps are developed. Next, you'll explore different ways to reverse engineer some sample mobile apps developed for this book. As you advance, you'll learn how reverse engineering can help in penetration testing of Android and iOS apps with the help of case studies. The concluding chapters will show you how to automate the process of reverse engineering and analyzing binaries to find low-hanging security issues. By the end of this reverse engineering book, you'll have developed the skills you need to be able to reverse engineer Android and iOS apps and streamline the reverse engineering process with confidence. What you will learn • Understand how to set up an environment to perform reverse engineering • Discover how Android and iOS application packages are built • Reverse engineer Android applications and understand their internals • Reverse engineer iOS applications built using Objective C and Swift programming • Understand real-world case studies of reverse engineering • Automate reverse engineering to discover low-hanging vulnerabilities • Understand reverse engineering and how its defense techniques are used in mobile applications Who this book is for This book is for cybersecurity professionals, security analysts, mobile application security enthusiasts, and penetration testers interested in understanding the internals of iOS and Android apps through reverse engineering. Basic knowledge of reverse engineering as well as an understanding of mobile operating systems like iOS and Android and how mobile applications work on them are required.
Tools for Program Understanding and Reverse-engineering of Mobile Applications
Mobile software development is evolving rapidly. Software development includes computer programing, documenting, testing and bug fixing processes. These processes need a detail understanding of the application logic which often requires reverse-engineering their artifacts. My thesis identifies and addresses the following three problems in mobile software development, specifically in program understanding and reverse-engineering for mobile application development. (1) There is no graphical on-phone debugger. (2) The second problem is that mobile software programmers have to manually re-implement the conceptual screen drawings or sketches of graphical artists in code, which is cumbersome and expensive. (3) Companies try to ”go mobile” (by developing mobile apps). To do that understanding the high level business of their current legacy software systems is necessary but challenging. To address these three challenges, this dissertation introduces the following three innovations. (1) GROPG is the first graphical on-phone debugger. GROPG makes debugging mobile apps more convenient and productive than existing textbased on-phone debuggers. (2) REMAUI is a mobile digital screenshot and sketch reverse-engineering tool. REMAUI makes developing mobile user interface code easier. (3) RengLaDom is a legacy application reverse-engineering tool. RengLaDom can infer domain concepts from legacy source code. Specifically, (1) debugging mobile phone applications is hard, as current debugging techniques either require multiple computing devices or do not support graphical debugging. To address this problem we present GROPG, the first graphical on-phone debugger. We implement GROPG for Android and perform a preliminary evaluation on third-party applications. Our experiments suggest that GROPG can lower the overall debugging time of a comparable text-based on-phone debugger by up to 2/3. (2) Second, when developing the user interface code of a mobile application, a big gap exists between the sketches and digital conceptual drawings of graphic artists and working user interface code. Currently, programmers bridge this gap manually, by re-implementing the sketches and drawings in code, which is cumbersome and expensive. To bridge this gap, this dissertation introduces the first technique to automatically reverse engineer mobile application user interfaces from UI sketches, digital conceptual drawings, or screenshots (REMAUI). In our experiments on third party inputs, REMAUI's inferred runtime user interface hierarchies closely resembled the user interface runtime UI hierarchies of the applications that produced REMAUI's inputs. Further, the resulting screenshots closely resembled REMAUI's inputs and overall runtime was below one minute. (3) Finally, a promising approach to understanding the business functions implemented by a large-scale legacy application is to reverse engineer the full application code with all its complications into a high-level abstraction such as a design document that can focus exclusively on important domain concepts. Although much progress has been made, we encountered the following two problems. (a) Existing techniques often cannot distinguish between code that carries interesting domain concepts and code that merely provides low-level implementation services. (b) For an evaluation, given that design documents are typically not maintained throughout program development, how can we judge if the domain model inferred by a given technique is of a high quality? We address these problems by re-examining the notion of domain models in object-oriented development and encoding our understanding in a novel lightweight reverse engineering technique that pinpoints those program classes that likely carry domain concepts. We implement our techniques in a RengLaDom prototype tool for Java and compare how close our inferred domain models are to existing domain models. Given the lack of traditional domain models, we propose to use for such evaluation existing object-relational data persistence mappings (ORM), which map program classes to a relational database schema. The original application engineers carefully designed such mappings, consider them valuable, and maintain them as part of the application. After manually removing such OR mappings from open-source applications, our RengLaDom technique was able to reverse engineer domain models that are much closer to the original ORM domain models than the models produced by competing approaches, regardless of the particular ORM framework used. Additional experiments indicate that RengLaDom's ability to infer better domain models extends to a variety of non-ORM applications.
Advanced Computer and Communication Engineering Technology
This book covers diverse aspects of advanced computer and communication engineering, focusing specifically on industrial and manufacturing theory and applications of electronics, communications, computing and information technology. Experts in research, industry, and academia present the latest developments in technology, describe applications involving cutting-edge communication and computer systems, and explore likely future trends. In addition, a wealth of new algorithms that assist in solving computer and communication engineering problems are presented. The book is based on presentations given at ICOCOE 2015, the 2nd International Conference on Communication and Computer Engineering. It will appeal to a wide range of professionals in the field, including telecommunication engineers, computer engineers and scientists, researchers, academics and students.