iOS Reverse Engineering 101

Venue

This workshop will take place on October 9, 2025 in conjunction with Hexacon in Paris, France. Please register via the registration form on their website.

Workshop

This 1-day workshop will equip you with a toolbox of indispensable techniques and methods for diving into the world of hacking apps on Apple's mobile devices. We will cover all basics to get beginner reverse-engineers started. The course material of this workshop is always kept up to date with the latest version of iOS – so you'll even learn about features introduced as of iOS 26!

After getting started with static reverse engineering and dynamic testing iOS apps using Ghidra and Frida, we'll pivot to challenges posed by programs written in Objective-C. We'll be using Frida to trace control flow, find interesting code paths and manipulate data.

The workshop will include hands-on exercises on physical iOS devices. Advanced iOS app internals are conveyed by breaking them down into small, easily comprehensible chunks and exercises building up on each other to form a general understanding of iOS concepts. Students will be guided through using free and open-source reverse-engineering software and frameworks (such as Ghidra and Frida) to understand the internals and perform security testing of closed-source apps. Students will be provided with slides, exercises, solutions including custom tooling, and cheat sheets to follow along the workshop.

iOS App Reverse Engineering 101

Learning objectives:

At the end of this workshop, students will have the understanding and means to perform basic static and dynamic reverse-engineering of iOS apps to identify and trace the execution of interesting functions, and write scripts to exercise the corresponding code-paths.

Topic overview:

Who should attend?

This workshop is aimed at anyone interested in mobile app security, including up and coming pen testers, security or vulnerability researchers, or app developers. As a BlackHoodie workshop, it is women*-only, including anyone born and raised female or if one identifies as a woman.

For more details about BlackHoodie's mission, see their website.

Prerequisites

What attendees should bring

Students will need to use a laptop capable of running a virtual machine with internet connectivity, USB pass-through, 16GB of RAM, and 40GB of free disk space. On Windows, the VM is required - tools are also available natively on Linux and macOS.

What attendees will be provided with

As this is a hands-on iOS workshop, attendees will be borrowed a physical iPhone or iPad for the exercises! We will be providing a (x86_64 and Apple Silicon) virtual machine image with all required tooling. Students will get access to all workshop materials, including slides, exercises, solutions including custom tooling, and cheat sheets.

Trainer

Jiska Classen is a wireless and mobile security researcher and research group leader. The intersection of these topics means that she digs into iOS internals, reverse engineers wireless firmware, and analyzes proprietary protocols. Her practical work on public Bluetooth security analysis tooling uncovered remote code execution and cryptographic flaws in billions of mobile devices. She also likes to work on obscure and upcoming wireless technologies, for example, she recently uncovered vulnerabilities in Ultra-wideband distance measurement and reverse engineered Apple's AirTag communication protocol. She has previously spoken at Black Hat USA, DEF CON, RECon, hardwear.io, Chaos Communication Congress, Chaos Communication Camp, Gulasch Programmier Nacht, MRMCDs, Easterhegg, Troopers, Pass the Salt, NotPinkCon, gave various lectures and trainings, and published at prestigious academic venues.


RE//verse 2026 (US) · CounterMeasure (Canada) · OBTSv8 (Spain) · BlackHoodie @ Hexacon 2025 · BlackHat US 2025 (Virtual) · OffensiveCon 2025 (Germany) · home