This year, RandoriSec had the chance to deliver a mobile hacking workshop at BSides Dublin. The first two hours of the workshop were dedicated to Android and was delivered by Guillaume Lopes. Then, the second part was focused on iOS and was presented by Davy Douhine.
We would like to thank the BSides Dublin organizers and all people involved for the awesome event and also the speakers for the great talks. We hope to be able to go to Dublin in 2022!
Android
The objective of the Android workshop was to resolve the OWASP Crackmes (Level 1, 2 and 3) using different tools and techniques:
- Level 1
- Code Tampering with apktool
- Frida
- Frida using the frida gadget library
- Levels 2 and 3
- Frida and Ghidra
The slides provides a step by step guide to resolve the crackmes.
iOS
The slides of the iOS workshop presents a (very) short introduction to learn the main basics to assess the security of iOS apps. It contains 8 short pratical exercices in each of the 4 main aspects of mobile app assessments:
- Static Analysis
- Data Security
- Execution Analysis
- Transport Security
It was the first time the full iOS workshop was delivered using Corellium only. So no physical iOS devices was needed!
Github
You can find the slides (total of nearly 200 slides) and all needed files to replay these workshops on your own in our Github repository:
Additionnaly, we should plan new remote training sessions soon so stay tuned!!
Happy Hacking!