Case Study: A Weather App

Why are you reverse engineering?
- Define clear research goals.
- An example of research goal can be “Where is the data coming from?”.
- This may not be security relevant, its just for understanding the app.

While reverse engineering don’t fall in the trap of clicking around this will led us nowhere (just waste of time) instead set a clear research goal.

Always ask yourself:-
- Is there any http endpoint?
- Is there any hardcoded secrets?
- Am i randomly clicking through functions or on the right path to research goals?
Try to understand why is this happening what code is reponsible for this.
Don’t overcomplicate just use another method.

In case of Java Native Libraries (JNI) we can also follow devs docs and add that lib to our code and slightly match the function , package name etc we can decrypt the secret.

If native libraries are used sometimes they are way easier to reverse engineer i.e.
- If they are using native libaries to do some obfuscated thing like creating a key , deobfuscating a key etc which is passed by the apk then we can just make our own app to use that native library and extract secret.
- Sometimes we will need to reverse engineer the actual native library (.so file)
- And sometimes we are able to extract those from network interception.
- Just understand the functionality of app and act accordingly.
While using System.loadLibrary("myclibrary"); remove lib prefix and .so extension in name i.e. original name of this shared library is libmyclibrary.so JVM auto appends the lib at front and .so at end.

PreviousGetting APK from a Device NextFrida & Objection

Last updated 2 days ago

Was this helpful?

Case Study: A Weather App

Why are you reverse engineering?
- Define clear research goals.
- An example of research goal can be “Where is the data coming from?”.
- This may not be security relevant, its just for understanding the app.

While reverse engineering don’t fall in the trap of clicking around this will led us nowhere (just waste of time) instead set a clear research goal.

Always ask yourself:-
- Is there any http endpoint?
- Is there any hardcoded secrets?
- Am i randomly clicking through functions or on the right path to research goals?
Try to understand why is this happening what code is reponsible for this.
Don’t overcomplicate just use another method.

In case of Java Native Libraries (JNI) we can also follow devs docs and add that lib to our code and slightly match the function , package name etc we can decrypt the secret.

If native libraries are used sometimes they are way easier to reverse engineer i.e.
- If they are using native libaries to do some obfuscated thing like creating a key , deobfuscating a key etc which is passed by the apk then we can just make our own app to use that native library and extract secret.
- Sometimes we will need to reverse engineer the actual native library (.so file)
- And sometimes we are able to extract those from network interception.
- Just understand the functionality of app and act accordingly.
While using System.loadLibrary("myclibrary"); remove lib prefix and .so extension in name i.e. original name of this shared library is libmyclibrary.so JVM auto appends the lib at front and .so at end.

PreviousGetting APK from a Device NextFrida & Objection

Last updated 2 days ago

Was this helpful?