Mobile Reverse Engineering with R2frida on Android and IOS

Grant Douglas, Eduardo Novella and Alex Soler



Combining dynamic with static analysis is the key to quickly solving many challenges when performing binary analysis. Have you ever thought about combining Radare2 with Frida? This combination has given birth to “R2Frida”, an IO plugin that allows you to put the power of Frida into Radare2 land.

For the beginners with Radare2 and Frida, the workshop will cover the basics of both. During this practical training, we will walk you through how to use R2Frida to analyze Android and iOS mobile apps. Attendees will learn about offensive mobile security, e.g. bypass jailbreak protections, SSL pinning, anti-debugging, or even Frida detections using Frida itself.

Students receive:

  • Access to Corellium’s virtualized devices for the duration of the training.
  • A copy of all training content to take home
  • A copy of the crackme’s, challenges, and solutions to take home.
  • Access to a trainee-trainer Telegram group which persists beyond the training for general tips, questions, etc.


Begginner and intermediate mobile security professionals or enthusiasts. Basics of radare2 and Frida will be covered but prior exposure to these will come in handy.


“Awesome work by you guys, appreciate the time and effort that was put into preparing and sourcing all the information and for instructing it too!”
“I attended the R2Frida training at R2Con 2019. The training was excellent. The content was clear, concise, and actionable. The instructors had practical real world experience and shared their tips/tricks that I now use regularly. Would recommend.”


  • Understand the basic usage of Frida
  • Understand the basic usage of Radare2
  • Understand the theory covering mobile security topics and how to analyze them
  • Gain hands on experience installing demo and real mobile apps for analysis
  • Gain hands on experience analyzing network traffic without requiring proxy interception
  • Learn and hone application tampering skills including sideloading and patching for debugging
  • Learn where applications store secrets or crypto keys and how to extract them
  • Develop certificate pinning and root/jailbreak detection bypass solutions
  • Understand mobile security findings that may arise during penetration testing and code review activities



  • Overview of the R2 IO plugin
    • What is R2Frida
    • R2Frida architecture
    • How to install R2Frida
    • My first reversing with R2Frida
  • ARM assembly basics
    • ARM instruction set
    • Conditional execution and branching
    • Stack, registers and functions
    • ARM32 and Thumb vs ARM64
  • R2Frida on mobile
    • Common commands for iOS and Android
  • R2frida on iOS
    • Objective-C for the lazy
    • Objective-C ecosystem
    • Differences between Objective-C and Swift
    • iOS-specific R2frida commands
    • Dynamic Tracing
    • Objective-C dynamic calls
  • IOS Dynamic Instrumentation
    • Obtaining crypto keys
    • Intercepting HTTP request
    • Bypassing Jailbreak detections
      • Basic detections
      • Advanced detections
  • R2frida on Android
    • Dalvik/ART and native instrumentation
    • Android-specific R2frida commands
    • Dalvik/ART tracing
    • Multidex
    • ARM/Thumb
    • Native tracing
    • Exercises
      • Bypass certificate pinning
      • Bypass simple protections
      • Analyze malware with R2Frida
      • Bypass advanced protections by:
      • Searching code at runtime via Memory.scan
      • Patching code via Arm64Writer


Basic linux/macos command line skills. Familiarity installing packages on both platforms.



A laptop able to run a x86_64 virtualbox image. Minimum i7 cpu + 16GB RAM. Ideally Linux or macOS as a host.


Virtualbox (x86_64). Students will receive a pre-built training VM ahead of time.


Grant Douglas runs reconditorium, and is a security research engineer with a specialism in mobile security and reverse engineering. Grant has over 10 years of experience performing appsec consulting, delivering developer training, penetration testing, secure code review, threat modeling, and more. Grant has worked with and actively contributes to mobile security tools such as frida and radare although currently spends most of his time developing anti-reversing technologies.

Grant has presented at various conferences throughout the world and has produced and delivered workshops to security professionals, developers and architects alike.

Eduardo Novella is a security researcher who specializes in mobile reverse engineering.

During the last decade, Eduardo has evaluated the software and hardware security of hundreds of hardened products such as pay-tv set-top-boxes, drm, smart-meters, routers, smart tvs, hce payments, mpos, android fingerprint trustlets, tee os, javacard and smartcards.

Eduardo has spoken at various security conferences such as bsides las vegas, woot usenix, radarecon, hacklu, black hat (us/uk). He also enjoys teaching students with a background in automotive at the cybertruck challenge in michigan.

Alex Soler is mobile security research engineer lead at nowsecure. He has spent +10 years doing security assessments, including penetration testing, web and mobile applications. With a global background in mobile, he is specialized on ios environments.

Alex is a regular speaker at national and international conferences, and collaborates with a cybersecurity master organized by “universitat politècnica de catalunya” as a mobile security trainer. He is also an active contributor to radare2 and r2frida, being a r2frida evangelist in his workshops and training.