An attacker will typically download the targeted app from an app store and analyze it within their own local environment using a suite of different tools. An attacker must perform an analysis of the final core binary to determine its original string table, source code, libraries, algorithms, and resources embedded within the app. Attackers will use relatively affordable and well-understood tools like IDA Pro, Hopper, otool, strings, and other binary inspection tools from within the attacker’s environment. Generally, all mobile code is susceptible to reverse engineering. Some apps are more susceptible than others. Code written in languages / frameworks that allow for dynamic introspection at runtime (Java, .NET, Objective C, Swift) are particularly at risk for reverse engineering. Detecting susceptibility to reverse engineering is fairly straight forward. First, decrypt the app store version of the app (if binary encryption is applied). Then, use the tools outlined in the “Attack Vectors” section of this document against the binary. Code will be susceptible if it is fairly easy to understand the app’s controlflow path, string table, and any pseudocode/source-code generated by these tools.
An attacker may exploit reverse engineering to achieve any of the following:
- Reveal information about back end servers;
- Reveal cryptographic constants and ciphers;
- Steal intellectual property;
- Perform attacks against back end systems; or
- Gain intelligence needed to perform subsequent code modification.
Am I Vulnerable To ‘Reverse Engineering’? Generally, most applications are susceptible to reverse engineering due to the inherent nature of code. Most languages used to write apps today are rich in metadata that greatly aides a programmer in debugging the app. This same capability also grealy aides an attacker in understanding how the app works.
An app is said to be susceptible to reverse engineering if an attacker can do any of the following things:
- Clearly understand the contents of a binary’s string table
- Accurately perform cross-functional analysis
- Derive a reasonably accurate recreation of the source code from the binary
Although most apps are susceptible to reverse engineering, it’s important to examine the potential business impact of reverse engineering when considering whether or not to mitigate this risk. See the examples below for a small sampling of what can be done with reverse engineering on its own.