MSTG Book Sprint - Reverse Engineering and Cracking
As of today, no widely accepted standard for mobile app security exists. The goal of our project is to rectify this situation. In addition to a mobile appsec security standard, we are producing a comprehensive testing guide that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results. We aim to release the guide in the form of a free e-book and potentially a printed book by the end of this year.
The objective of this working session is to complete a first draft of the Mobile Security Testing Guide (MSTG). Tasks include:
- Write original content, such as describing testing processes and writing test cases
- Proofread and technical edit to improve the overall quality of the MSTG
Participants may join working groups organised along the main topics covered in the guide. Work will be split between working groups based on mobile OS and topics as listed below.
This working session deals with everything related to mobile reversing, anti-reversing and cracking. Participants can help in the following ways:
- Contribute reverse engineering write-ups to describe specific processes, tools and techniques
- Help us figure out resiliency testing processes and obfuscation metrics
- Solve crackmes and contribute a tutorial to the guide (preferable a technique that’s not already documented. Check the TOC first)
- Write and add new crackmes along with solutions (These should also describe something not already in the guide. Cracking white-boxes, dynamic analysis using an emulator / introspection, etc.)
Associated chapters in the MSTG:
- Android Reverse Engineering
- Android Anti-Reversing Defenses
- iOS Reverse Engineering
- iOS Anti-Reversing Defenses
- Assessing Anti-Reverse Engineering Schemes
This Working Session will complete a first draft of the Mobile Security Testing Guide (MSTG).
How to Join
Follow the “Edit this page here” link at the bottom of this page and add yourself to the “participants” field. Signing up is not mandatory, but helps us to better organize the sessions.
More things to do once you have signed up:
- Make yourself familiar with the existing content. Or even better, start contributing right away :)
- Ping us on the OWASP MSTG Slack channel (sushi2k or bernhardm).
- If you have rooted Android / jailbroken iOS devices, please bring them along to the session.
The target audience for this Working Session is:
- Security Testers
- Reverse Engineers
- Everyone else with good writing skills and some technical know-how :)
- Draft of the Mobile Security Testing Guide
- Jailbroken iOS devices, rooted Android devices
Back to list of all Working Sessions and Tracks
Edit this page here