RE-iOS-Apps: completely free, open source and online course about Reverse Engineering iOS Applications
Reverse Engineering iOS Applications
Welcome to my course Reverse Engineering iOS Applications. If you’re here it means that you share my interest for application security and exploitation on iOS. Or maybe you just clicked the wrong link 😂
All the vulnerabilities that I’ll show you here are real, they’ve been found in production applications by security researchers, including myself, as part of bug bounty programs or just regular research. One of the reasons why you don’t often see writeups with these types of vulnerabilities is because most of the companies prohibit the publication of such content. We’ve helped these companies by reporting them these issues and we’ve been rewarded with bounties for that, but no one other than the researcher(s) and the company’s engineering team will learn from those experiences. This is part of the reason I decided to create this course, by creating a fake iOS application that contains all the vulnerabilities I’ve encountered in my own research or in the very few publications from other researchers. Even though there are already some projects[^1] aimed to teach you common issues on iOS applications, I felt like we needed one that showed the kind of vulnerabilities we’ve seen on applications downloaded from the App Store.
This course is divided in 5 modules that will take you from zero to reversing production applications on the Apple App Store. Every module is intended to explain a single part of the process in a series of step-by-step instructions that should guide you all the way to success.
This is my first attempt to creating an online course so bear with me if it’s not the best. I love feedback and even if you absolutely hate it, let me know; but hopefully you’ll enjoy this ride and you’ll get to learn something new. Yes, I’m a n00b!
If you find typos, mistakes or plain wrong concepts please be kind and tell me so that I can fix them and we all get to learn!
Modules
- Prerequisites
- Introduction
- Module 1 – Environment Setup
- Module 2 – Decrypting iOS Applications
- Module 3 – Static Analysis
- Module 4 – Dynamic Analysis and Hacking
- Module 5 – Binary Patching
- Final Thoughts
- Resources
Download
Copyright 2019 Ivan Rodriguez <ios [at] ivrodriguez.com>
