Mobile Reverse Engineering with r2frida // Grant Douglas, Eduardo Novella, Alex Soler

Virtual | March 22-31 | 32 Hours

BOOK NOW

ABSTRACT

Combining dynamic with static analysis is the key to quickly solving many challenges when performing binary analysis. Have you ever thought about combining Radare2 with Frida? This combination has given birth to “R2Frida”, an IO plugin that allows you to put the power of Frida into Radare2 land.
For the beginners with Radare2 and Frida, the workshop will cover the basics of both. During this practical training, we will walk you through how to use R2Frida to analyze Android and iOS mobile apps. Attendees will learn about offensive mobile security, e.g. bypass jailbreak protections, SSL pinning, anti-debugging, or even Frida detections using Frida itself.

Students receive:

• Access to Corellium’s virtualized devices for the duration of the training.
• A copy of all training content to take home
• A copy of the crackme’s, challenges, and solutions to take home.
• Access to a trainee-trainer Telegram group which persists beyond the training for general tips, questions, etc.

INTENDED AUDIENCE

Beginner and intermediate mobile security professionals or enthusiasts. Basics of radare2 and Frida will be covered but prior exposure to these will come in handy.

KEY LEARNING OBJECTIVES

• Understand the basic usage of Frida
• Understand the basic usage of Radare2
• Understand the theory covering mobile security topics and how to analyze them
• Gain hands on experience installing demo and real mobile apps for analysis
• Gain hands on experience analyzing network traffic without requiring proxy interception
• Learn and hone application tampering skills including sideloading and patching for debugging
• Learn where applications store secrets or crypto keys and how to extract them
• Develop certificate pinning and root/jailbreak detection bypass solutions
• Understand mobile security findings that may arise during penetration testing and code review activities

COURSE OUTLINE

Overview of the R2 IO plugin

• What is R2Frida
• R2Frida architecture
• How to install R2Frida
• My first reversing with R2Frida

ARM assembly basics

• ARM instruction set
• Conditional execution and branching
• Stack, registers and functions
• ARM32 and Thumb vs ARM64

R2Frida on mobile

• Common commands for iOS and Android

R2frida on iOS

• Objective-C for the lazy
• Objective-C ecosystem
• Differences between Objective-C and Swift
• iOS-specific R2frida commands
• Dynamic Tracing
• Objective-C dynamic calls

IOS Dynamic Instrumentation

• Obtaining crypto keys
• Intercepting HTTP request
• Bypassing Jailbreak detections
  • Basic detections
  • Advanced detections

R2frida on Android

• Dalvik/ART and native instrumentation
• Android-specific R2frida commands
• Dalvik/ART tracing
• Multidex
• ARM/Thumb
• Native tracing
• Exercises
• Bypass certificate pinning
• Bypass simple protections
  • Analyze malware with R2Frida
  • Bypass advanced protections by:
  • Searching code at runtime via Memory.scan
  • Patching code via Arm64Writer

Knowledge Prerequisites

Basic linux/macos command line skills. Familiarity installing packages on both platforms.

System Requirements

A laptop to access an in-cloud virtual desktop.

Students will be provided with an in-cloud virtual desktop, where all tools are preinstalled. Students will receive a setup guide to set up the lab and tools at home in the future, but all training will be carried out within the provided virtual desktops.

YOUR INSTRUCTORS: Grant Douglas, Eduardo Novella, Alex Soler

Grant Douglas runs reconditorium, and is a security research engineer with a specialism in mobile security and reverse engineering. Grant has over 10 years of experience performing appsec consulting, delivering developer training, penetration testing, secure code review, threat modeling, and more. Grant has worked with and actively contributes to mobile security tools such as frida and radare although currently spends most of his time developing anti-reversing technologies.

Grant has presented at various conferences throughout the world and has produced and delivered workshops to security professionals, developers and architects alike.

Eduardo Novella is a security researcher who specializes in mobile reverse engineering.

During the last decade, Eduardo has evaluated the software and hardware security of hundreds of hardened products such as pay-tv set-top-boxes, drm, smart-meters, routers, smart tvs, hce payments, mpos, android fingerprint trustlets, tee os, javacard and smartcards.

Eduardo has spoken at various security conferences such as bsides las vegas, woot usenix, radarecon, hacklu, black hat (us/uk). He also enjoys teaching students with a background in automotive at the cybertruck challenge in michigan.

Alex Soler is mobile security research engineer lead at nowsecure. He has spent +10 years doing security assessments, including penetration testing, web and mobile applications. With a global background in mobile, he is specialized on ios environments.

Alex is a regular speaker at national and international conferences, and collaborates with a cybersecurity master organized by “universitat politècnica de catalunya” as a mobile security trainer. He is also an active contributor to radare2 and r2frida, being a r2frida evangelist in his workshops and training.

Ringzer0’s Virtual Training Experience & FAQ

What can I expect from a virtual training delivered by Ringzer0, and answers to frequently asked questions.

Ringzer0Ringzer0

OTHER VIRTUAL TRAINING COURSES