In order to bring attention to how easy hackers are able to exploit applications, the people at Arxan Technologies have posted a series of videos showing how to hack mobile apps using various open source tools. You can find the videos HERE. Jonathan Carter does a pretty good job going into details on how the tools work with lots of details. Check it out.
Here is a summary of the videos
These are 7 common techniques that hackers are using to exploit applications. Select from the playlist above to view short videos (1-2 minutes or less) that demonstrate how it’s done:
- iTunes Code Encryption Bypass
- See how easy it is for hackers to bypass iOS encryption to progress a mobile app attack.
- Android APK Reverse Engineering
- Watch how hackers can easily reverse engineer binary code (the executable) back to source code — which is primed for code tampering
- Algorithm Decompilation and Analysis
- See how “Hopper” is leveraged to initiate a static, springboard attack for counterfeiting and stealing information
- Baksmali Code Modification
- Learn how hackers can easily crack open and disassemble (Baksmali) mobile code.
- Reverse Engineering String Analysis
- Watch how hackers use strings analysis as a core element for reverse engineering
- Swizzle with Code Substitution
- Learn how hackers leverage infected code to attack critical class methods of an application to intercept API calls and execute unauthorized code, leaving no trace with the code reverting back to original form
- Understanding application internal structures and methods via Class Dumps
- Learn how hackers use this widely available tool to analyze the behavior of an app as a form of reverse engineering and as a springboard to method swizzling