![]() ![]() Perform attacks against back end systems or.Reveal cryptographic constants and ciphers.Reveal information about back end servers.Technical ImpactsĪn attacker may exploit reverse engineering to achieve any of the following: Code will be susceptible if it is fairly easy to understand the app’s controlflow path, string table, and any pseudocode/source-code generated by these tools. Then, use the tools outlined in the “Attack Vectors” section of this document against the binary. First, decrypt the app store version of the app (if binary encryption is applied). Detecting susceptibility to reverse engineering is fairly straight forward. NET, Objective C, Swift) are particularly at risk for reverse engineering. Code written in languages / frameworks that allow for dynamic introspection at runtime (Java. Some apps are more susceptible than others. Generally, all mobile code is susceptible to reverse engineering. Attackers will use relatively affordable and well-understood tools like IDA Pro, Hopper, otool, strings, and other binary inspection tools from within the attacker’s environment. Attack VectorsĪn attacker must perform an analysis of the final core binary to determine its original string table, source code, libraries, algorithms, and resources embedded within the app. An attacker will typically download the targeted app from an app store and analyze it within their own local environment using a suite of different tools.
0 Comments
Leave a Reply. |