Meticulously Modern Mobile Manipulations

Conference:  Defcon 27



Runtime analysis is a powerful technique for improving mobile application testing and can be used by various disciplines, including hackers, malware reversers, and DevOps professionals.
  • Runtime analysis is more than just hooking and sizzle pinning bypasses.
  • It enables us to improve testing and not rely on old tooling that may not work on non-jailbroken devices.
  • We can build more tools and extend our arsenal without needing root access.
  • Anyone can use runtime analysis, and it's applicable to many involved in mobile application pipelines.
  • We can use runtime analysis to catch data being shipped off somewhere and understand what apps are doing.
  • We can integrate runtime analysis into Jenkins pipelines to automate testing and assert certain features.
The speaker demonstrated how runtime analysis can be integrated into a Jenkins pipeline to automate testing and assert certain features. By building an HTTP server to interact with the Frida gadget using HTTP messages, the speaker was able to query the binary protections of an iOS app at runtime and ensure that certain protections were enabled before shipping the final artifact to the end client.


Mobile app hacking peaked in 2015 with tools like keychain-dumper & ssl-kill-switch released but requiring jailbroken/rooted devices. Back then, wresting the power to understand & modify apps on our devices from dystopian looking mega corps was our cause. As jailbreaks became infrequent, the hackers’ arsenal was left behind. While this is progress against dark uses of hacking, done to protect our freedom fighters, how can hackers still hold power to account? Can we still find flaws in apps/devices & live up to the protections the technology promises? Enter runtime binary instrumentation with Frida. It’s possible to analyze apps in their final state when executed on real hardware running the latest iOS/Android with no jailbreaks. This fills a gap between source analysis & debuggers. But, simply enumerating app classes requires studying multiple blogs & a deep read of the docs. We created Objection to simplify this & hide the boilerplate so hackers could focus on unravelling apps. But, many people still rely on simple hacks & automation & rarely use new advanced techniques such as reflectively inspecting live heap objects, canary execution tracing, runtime memory edits and filesystem exploration. We’ll show hackers, malware researchers & security engineers how to use these advanced mobile hacking techniques.