Solared Cyber Security has unveiled its analytical report on vulnerabilities in mobile banking apps running under iOS, Android, and Windows Phone. The company has announced that 98% of examined apps contained vulnerabilities, over 40% of which were critical.
This is another episode in the series about the reading of iOS app binary files. To dive into technical details, you are strongly encouraged to read Part 1 here. In this post, you will learn about how Swift code is packed into a binary file.
So, let's code a Single View Application in Swift and add the following Inspected.swift:
The Internet is full of posts about how Objective-C runtime works. However, to get a complete understanding of what is going on under the hood, it's a good idea to drill down to the rock bottom and see how iOS app code is packed into binary files. And of course, finding yourself under the hood cannot be avoided when tackling reverse engineering tasks.
In the first two sections, I tried to cover hands-on particulars as detailed as possible to allow readers to go smoothly through this tutorial without having to hop on and off to google something like "where to find an Xcode app binary" every second.
While Solared APPscreener can detect Java bytecode vulnerabilities, highlighting a vulnerable bytecode instruction is not enough. How to show a vulnerability in source code that you do not actually have access to?
