Venue
This workshop will take place on October 9, 2025 in conjunction with Hexacon in Paris, France. Please register via the registration form on their website.
Workshop
This 1-day workshop will equip you with a toolbox of indispensable techniques and methods for diving into the world of hacking apps on Apple's mobile devices. We will cover all basics to get beginner reverse-engineers started. The course material of this workshop is always kept up to date with the latest version of iOS – so you'll even learn about features introduced as of iOS 26!
After getting started with static reverse engineering and dynamic testing iOS apps using Ghidra and Frida, we'll pivot to challenges posed by programs written in Objective-C. We'll be using Frida to trace control flow, find interesting code paths and manipulate data.
The workshop will include hands-on exercises on physical iOS devices. Advanced iOS app internals are conveyed by breaking them down into small, easily comprehensible chunks and exercises building up on each other to form a general understanding of iOS concepts. Students will be guided through using free and open-source reverse-engineering software and frameworks (such as Ghidra and Frida) to understand the internals and perform security testing of closed-source apps. Students will be provided with slides, exercises, solutions including custom tooling, and cheat sheets to follow along the workshop.
iOS App Reverse Engineering 101
Learning objectives:
At the end of this workshop, students will have the understanding and means to perform basic static and dynamic reverse-engineering of iOS apps to identify and trace the execution of interesting functions, and write scripts to exercise the corresponding code-paths.
Topic overview:
- Apple's public documentation and source code, public frameworks, and private frameworks.
- Attack surface and threat modeling: How to approach an App from a security point of view.
- The Apple App Store security model: Code signing, App Review, Entitlements, the iOS sandbox, and TCC.
- The internal structure of an iOS application: metadata and resources in Application Bundles, third-party frameworks, AppExtensions, and Mach-O internals, FairPlay DRM & decrypting iOS Apps.
- Static analysis: Introduction to Ghidra, navigating through larger binaries, and Objective-C calling conventions.
- Dynamic Analysis with Frida: Initial approaches using frida-trace, combining static and dynamic analysis, writing stand-alone Frida scripts, hooking functions.
- Calling functions with malicious input to trigger potential security issues in closed-source apps.
- Analysis of a crash log for triage and bug fixing.
Who should attend?
This workshop is aimed at anyone interested in mobile app security, including up and coming pen testers, security or vulnerability researchers, or app developers. As a BlackHoodie workshop, it is women*-only, including anyone born and raised female or if one identifies as a woman.
For more details about BlackHoodie's mission, see their website.
Prerequisites
- Basic programming knowledge, ideally one of the following programming languages: Python, JavaScript, C/C++, Objective-C/Swift.
- Optional: Mobile app development background.
What attendees should bring
Students will need to use a laptop capable of running a virtual machine with internet connectivity, USB pass-through, 16GB of RAM, and 40GB of free disk space. On Windows, the VM is required - tools are also available natively on Linux and macOS.
What attendees will be provided with
As this is a hands-on iOS workshop, attendees will be borrowed a physical iPhone or iPad for the exercises! We will be providing a (x86_64 and Apple Silicon) virtual machine image with all required tooling. Students will get access to all workshop materials, including slides, exercises, solutions including custom tooling, and cheat sheets.
Trainer
Jiska Classen is a wireless and mobile security researcher and research group leader. The intersection of these topics means that she digs into iOS internals, reverse engineers wireless firmware, and analyzes proprietary protocols. Her practical work on public Bluetooth security analysis tooling uncovered remote code execution and cryptographic flaws in billions of mobile devices. She also likes to work on obscure and upcoming wireless technologies, for example, she recently uncovered vulnerabilities in Ultra-wideband distance measurement and reverse engineered Apple's AirTag communication protocol. She has previously spoken at Black Hat USA, DEF CON, RECon, hardwear.io, Chaos Communication Congress, Chaos Communication Camp, Gulasch Programmier Nacht, MRMCDs, Easterhegg, Troopers, Pass the Salt, NotPinkCon, gave various lectures and trainings, and published at prestigious academic venues.