Mobile Offensive Security Pocket Guide: A Quick Reference Guide For Android And iOS

MOBILE OFFENSIVE SECURITY POCKET GUIDE -

A QUICK REFERENCE GUIDE FOR ANDROID AND IOS

James Stevenson

UK

ISBN-13 (pbk): 978-1-3999-2195-4

ISBN-13 (electronic): 978-1-3999-2196-1

This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed.

Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.

The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights.

While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made. The publisher makes no warranty, express or implied, with respect to the material contained herein.

Author: James Stevenson | www.jamesstevenson.me

Editor: Nic Carter | www.fiverr.com/thisisstrange

Formatting: Formatted Books | www.formattedbooks.com

For information on translations, reprint, paperback, or audio rights, please communicate with the author directly, at www.jamesstevenson.me.

CONTENTS

About the Author

Chapter 1: Introduction

Chapter 2: Reverse Engineering Fundamentals

Chapter 3: Mobile Application Reverse Engineering

Chapter 4: Dynamic Instrumentation of Mobile Applications with Frida

Chapter 5: Operating System Internals

Chapter 6: Baseband

Chapter 7: Putting It To The Test

Chapter 8: Closing Thoughts

Table of Figures

Index

ABOUT THE AUTHOR

James Stevenson has been working in the programming and computer security industry for over 5 years. Most of that has been working as an Android software engineer and vulnerability researcher. Before this, James graduated with a BSc in computer security in 2017. James has previously published the book Android Software Internals Quick Reference, with Apress publishing in 2021.

At the time of writing, James is a full-time security researcher, part-time Ph.D. student, and occasional conference speaker. Outside of Android internals, James’ research has also focused on offender profiling and cybercrime detection capabilities.

For more information and contact details, visit https://JamesStevenson.me.

CHAPTER ONE

INTRODUCTION

Mobile Offensive Security comes in many flavors—from application security and operating system internals to the vulnerability research of the baseband and other processors. This book attempts to summarize all of these unique areas of mobile offensive security into a handy and easy-to-use pocket guide.

While this pocket guide is not exhaustive in all things mobile offensive security, it sets the groundwork for how and where you can go to further your knowledge in specific areas.

Towards the end of this book, you will also find a series of challenges that summarize the key areas of many of the book’s chapters if you are looking to put your knowledge to the test.

What This Book Is

An introduction to the concepts of Reverse Engineering, Mobile Offensive Security, and other Mobile Security systems such as Baseband.

An easy-to-digest pocket guide detailing fundamental knowledge, principles, and methods related to mobile offensive security.

A reference guide for reverse engineering principles and approaches.

A guide for offensive security engagements, including Frida and dynamic instrumentation references.

An introduction to baseband and a methodology to follow when it comes to reverse engineering baseband implementations.

A summary guide for iOS and Android architectures and security assessment methodologies.

A collection of challenges, useful for putting the knowledge to the test.

What This Book Is Not

A list of zero-days or exploits for mobile devices or modern baseband implementations.

A completely exhaustive list of exploits, approaches, or techniques—this is a pocket guide.

Tools Used Throughout The Book

IDA Pro – https://hex-rays.com/ida-pro/

Ghidra – https://ghidra-sre.org/

GDB – https://www.gnu.org/software/gdb/

Jadx – https://github.com/skylot/jadx

APK Tool – https://ibotpeaches.github.io/Apktool/

Frida – https://frida.re/

Frida iOS Dump – https://github.com/AloneMonkey/frida-ios-dump

FriDump – https://github.com/Nightbringer21/fridump

Objection – https://github.com/sensepost/objection

Android Debug Bridge (ADB) – https://developer.android.com/studio/command-line/adb

dex2jar – https://sourceforge.net/projects/dex2jar/

JD GUI – http://java-decompiler.github.io/

AFL++ – https://github.com/AFLplusplus/AFLplusplus

Checkra1n – https://checkra.in/

Quark – https://github.com/quark-engine/quark-engine

Drozer – https://labs.f-secure.com/tools/drozer/

CHAPTER TWO

REVERSE ENGINEERING FUNDAMENTALS

The first chapter of this book goes through fundamental reverse engineering principles and techniques used throughout this book. For the purpose of this book, we will be using the Merriam Webster definition of reverse engineering in the context of product and application security, this being:

To disassemble and examine or analyse