M9: Reverse Engineering
Learn about the threat of reverse engineering in software applications, its impact, preventive measures, obfuscation tools, and example attack scenarios.
Overview
This article is about the threat of reverse engineering in software applications. It discusses the potential impact on businesses and provides examples of attack scenarios. It also outlines preventive measures that can be taken to mitigate the risk of reverse engineering.
Description
Reverse engineering is a technique used by attackers to analyze and understand the inner workings of a software application. By reverse engineering an app, an attacker can gain access to sensitive information, steal intellectual property, or perform attacks against backend systems. This article explains the process of reverse engineering and its technical and business impacts. It also provides guidance on how to prevent reverse engineering by using obfuscation tools. The article concludes with example attack scenarios and references for further reading.
How to Prevent ?
To prevent reverse engineering, it is recommended to use an obfuscation tool. Obfuscation narrows down what methods/code segments to obfuscate, tunes the degree of obfuscation to balance performance impact, withstands de-obfuscation from tools like IDA Pro and Hopper, and obfuscates string tables as well as methods. There are many free and commercial grade obfuscators available in the market. It is also important to regularly test the effectiveness of the obfuscation tool by attempting to deobfuscate the code using tools like IDA Pro and Hopper.
Example Attack Scenarios:
Scenario #1: String Table Analysis: The attacker runs 'strings' against the unencrypted app and discovers a hardcoded connectivity string that contains authentication credentials to a backend database. The attacker uses those credentials to gain access to the database and steal user data.
Scenario #2: Cross-Functional Analysis: The attacker uses IDA Pro against an unencrypted app and discovers Jailbreak detection code. The attacker uses this knowledge in a subsequent code-modification attack to disable jailbreak detection and exploit the app to steal customer information.
Scenario #3: Source Code Analysis: The attacker extracts the APK file of a banking Android application and converts it to a JAR file. Using a Java decompiler, the attacker gains access to the app's source code and can analyze it for vulnerabilities or steal sensitive data.