Mobile payment applications are already being used to completely replace physical credit cards and acceptance terminals. Given their sensitive nature, these software solutions must adhere to strict security requirements that are tested and verified by security laboratories.
SRC is an accredited and internationally recognized testing laboratory for mobile payment and acceptance applications. Our job is to ensure that security requirements are implemented in the best way possible.
In this workshop, we delve into critical security requirements that aim to protect payment applications from tampering and reverse engineering. The audience will see practical examples of reverse engineering tools, techniques, and countermeasures from the perspective of pentesters, cybercriminals, and developers. Through hands-on demonstrations, we highlight the importance of strong countermeasures and demonstrate how weak countermeasures can be bypassed using free and open source tools.
Agenda
- Intro: Mobile Sec
- Reverse Engineering (RE): Attacker’s Approach to RE a mobile app
- RE and Analysis Environment
- Static Analysis
- Dynamic Analysis
- Anti-RE: Developer‘s RE countermeasures
- Obfuscation
- Use of native code
- Anti-Emulation
- Anti-Root/Anti-Jailbreak
- Anti-Hooking
- Anti-Debugging
- Anti-Tampering
- Anti-Anti-RE: Attacker’s countermeasures against RE countermeasures