Mobile Reverse Engineering with R2Frida

USD $3,299.00

Duration

3 days

Delivery Method

in-person

Level

beginner / intermediate

Seats Available

20

Duration

3 days

Delivery Method

in-person

Level

beginner / intermediate

ATTEND IN-PERSONCrowne Plaza, Dubai Marina

DATE: 16-18 October 2023

TIME: 09:00 to 17:00 GST/GMT+4

Date Day Time Duration
16 Oct Monday 09:00 to 17:00 GST/GMT+4 8 Hours
17 Oct Tuesday 09:00 to 17:00 GST/GMT+4 8 Hours
18 Oct Wednesday 09:00 to 17:00 GST/GMT+4 8 Hours

Combining dynamic with static analysis is the key to quickly solving many challenges when performing binary analysis. Have you ever thought about combining Radare2 with Frida? This combination has given birth to “R2Frida”, an IO plugin that allows you to put the power of Frida into Radare2 land.

For the beginners with Radare2, the workshop will cover the basics of Radare2 and Frida. During this practical training, we will walk you through how to use R2Frida to analyze Android and iOS mobile apps. Attendees will learn about offensive mobile security, e.g. bypass jailbreak protections, SSL pinning, anti-debugging, or even Frida detections using Frida itself.

 

Key Topics Covered
  • Frida and Radare2 basics
  • Brief theory covering mobile security topics and a quick overview about how to do an application analysis
  • How to install demo and real mobile apps and how to analyze them
  • How to analyze network traffic without requiring proxy interception
  • Basic tampering techniques including sideloading and patching for debugging
  • Obtain application secrets or crypto keys through mobile application dynamic instrumentation
  • Bypassing certificate pinning and root/jailbreak detection
  • Findings to expect when performing a mobile assessment
What will students get
  • Access to Corellium’s virtualized devices for the duration of the training.
  • A copy of all training content to take home
  • A copy of the crackme’s, challenges, and solutions to take home.
  • Access to a trainee-trainer Telegram group which persists beyond the training for general tips, questions, etc.

 

What students say about this training
  • Awesome work by you guys, appreciate the time and effort that was put into preparing and sourcing all the information and for instructing it too!

  • I attended the R2Frida training at R2Con 2019. The training was excellent. The content was clear, concise, and actionable. The instructors had practical real world experience and shared their tips/tricks that I now use regularly. Would recommend.

 

Glossary
  • Workshop VM and emulators setup
  • Introduction to Radare2 and Frida
  • Overview of the R2 IO plugin
    • What is R2Frida
    • R2Frida architecture
    • How to install R2Frida
    • My first reversing with R2Frida
  • ARM assembly basics
    • ARM instruction set
    • Conditional execution and branching
    • Stack, registers and functions
    • ARM32 and Thumb vs ARM64
  • R2Frida on mobile
    • Common commands for iOS and Android
  • R2frida on iOS
    • Objective-C for the lazy
      • Objective-C ecosystem
      • Differences between Objective-C and Swift
      • iOS-specific R2frida commands
      • Dynamic Tracing
      • Objective-C dynamic calls
    • IOS Dynamic Instrumentation
      • Obtaining crypto keys
      • Intercepting HTTP request
    • Bypassing Jailbreak detections
      • Basic detections
      • Advanced detections
    • R2frida on Android
      • Dalvik/ART and native instrumentation
        • Android-specific R2frida commands
        • Dalvik/ART tracing
        • Multidex
        • ARM/Thumb
        • Native tracing
      • Exercises
        • Bypass certificate pinning
        • Bypass simple protections
        • Analyze malware with R2Frida
        • Bypass advanced protections by:
          • Searching code at runtime via Memory.scan
          • Patching code via Arm64Writer

Why You Should Take This Course

The workshop consists of three days with tons of hands-on exercises. A solid foundation about mobile security will be given and then the learned topics will be applied through R2Frida. No need for physical devices is required to attend this workshop, instead emulators will be employed for both operating systems.

Who Should Attend

The workshop is suitable for pentesters, reversers, malware analysts, and mobile developers who want to learn more about mobile security.

Key Learning Objectives

  • Getting started with Radare2 and Frida on mobile apps

  • Introduction to ARM reversing with Radare2 and Frida instrumentation

  • Getting familiar with basic Radare2 commands

  • Instrumenting mobile apps with Frida w/ and w/o R2Frida

  • Exploring the workings of mobile apps on Android & iOS

  • Understanding the power of the "R2Frida" plugin, which combines the power of static (Radare2) & dynamic analysis (Frida)

  • Employing Android and iOS emulators on your pentesting tasks

  • Bypassing mobile security protections on soft-hardened apps

  • Inspect, dump, live-patch, trace or tamper with memory at will with R2Frida

  • Tracing and tampering with registers, pointers, functions, arguments and return values

  • Solving mobile crackmes during the workshop

  • Disassembling assembly code at runtime and placing hooks on-the-fly at any moment while the app is running

  • Build up a solid methodology and skillset to assess and break mobile applications built for iOS and Android
  • Prerequisite Knowledge

    Although this is a beginner-friendly training, it does require basic skills to follow the course:
    • Reverse engineering assembly code
    • Familiar with Python and Javascript programming language
    • Basic knowledge about Java and Objective-C programming language
    • Basic prior experience on mobile security assessments
    • A laptop able to run a Vmware image
    The hands-on will be using the Android Emulator for Android and using Corellium for iOS.
    It will be a 3-day workshop, we can adapt to the available time though. It will include some demos and crackmes to be completed by the students during the workshop.

    Hardware / Software Requirements

    • A laptop able to run a Vmware image
    • Minimum 16GB Ram
    • i7 Cpu or later
    • Ideally a Linux or macOS operating system but as long as your system can run VirtualBox, it should be fine.
    • The prepackaged VM will be distributed in advance.

    Your Instructor

    Grant Douglas runs Reconditorium, and is a security research engineer with a specialism in mobile security & reverse engineering. Grant has over 10 years of experience performing AppSec consulting, delivering developer training, penetration testing, secure code review, threat modeling, and more. Grant has worked with and actively contributes to mobile security tools such as Frida and Radare although currently spends most of his time developing anti-reversing technologies.


    Grant has presented at various conferences throughout the world and has produced and delivered workshops to security professionals, developers and architects alike.

    Eduardo Novella is a security researcher who specializes in mobile reverse engineering.

    During the last decade, Eduardo evaluated the software and hardware security of hundreds of hardened products such as Pay-TV set-top-boxes, DRM, smart-meters, routers, smart TVs, HCE payments, mPOS, Android fingerprint Trustlets, TEE OS, JavaCard and smartcards.

    Eduardo has spoken at various security conferences such as Bsides Las Vegas, Woot Usenix, RadareCON, HackLu, Black Hat (US/UK). He also enjoys teaching students with a background in automotive at the CyberTruck challenge in Michigan.