Announcement: NowSecure Launches AI-Navigator

NowSecure AI-Navigator finds mobile app risks that hide behind the login.

Learn More
NS AI Navigator Main hero image
Announcement: NowSecure Launches AI-Navigator Announcement: NowSecure Launches AI-Navigator Learn More
magnifying glass icon

NowSecure at r2con2024: Top Takeaways and Mobile Security Highlights

Posted by

Sergi Àlvarez i Capilla

Mobile Security Analyst at NowSecure
Sergi, also known as Pancake, performs mobile security research at NowSecure and is the creator of Radare, an open-source reverse-engineering tool.
Industry News

r2con2024 was the highly anticipated return of the Radare2 conference after a five-year pause, driven by the challenges of the COVID-19 pandemic and a period of community reorganization. As the gathering spot for developers, security researchers and enthusiasts of the open-source Radare2 framework, this year’s event stands as a powerful testament to the resilience of the community, with new tools, fresh insights and an expanded focus on inclusivity and knowledge sharing.

Over the years, NowSecure has consistently supported the Radare2 project and Frida, a toolkit for dynamic analysis, recognizing the valuable role these tools play in mobile security and binary analysis. Open-source tools like Radare2 and Frida are now essential in security research, helping users worldwide understand and secure mobile apps against new threats. Through this support, NowSecure promotes a collaborative approach to security, giving researchers the resources to improve their skills, gain important insights and make mobile application security testing stronger and more accessible. 

NowSecure Key Highlights

At r2con2024, NowSecure speakers hosted presentations and workshops focused on binary analysis, mobile security and vulnerability detection. Their talks covered topics like new methods in binary analysis and ways to use Radare2 and Frida for mobile security blending theory with practical techniques. These sessions highlighted the teamwork within the Radare2 community to improve tools and techniques that make mobile security stronger for everyone.

Combining frida-trace with radare2

Ole André Vadla Ravnås, Research Engineer at NowSecure, kicked off the second day of r2con2024 with his presentation, “Combining frida-trace with radare2,” which showcased the powerful new integration of radare2 with Frida’s tracing capabilities. He introduced a streamlined way to inspect assembly code directly from a web browser using a new Frida trace UI. This interface integrates a WebAssembly build of radare2, allowing users to view and modify hooks in real time with just a few clicks. With this seamless experience, Ole demonstrated how Frida users could quickly become familiar with radare2’s features, opening up new possibilities for intuitive and interactive code analysis.

Frida hooking tricks on non-jailbroken iOS

Francesco Tamagni, iOS Security Research Engineer and also known as mrmacete, explored how Frida can be applied in iOS environments with and without jailbreak privileges. He examined the limitations and trade-offs of “jailed” hooking techniques, offering a practical guide on placing Frida hooks within app processes when jailbreak superpowers are unavailable. Francesco provided step-by-step examples, showcasing how to inspect dyldcaches.

Decompiling with AI

In an unexpected and exciting twist at r2con2024, NowSecure Research Engineer and radare2 author Pancake surprised attendees with a demo of Decai, an AI-powered decompiler integrated with radare2. Decai takes radare2’s pseudocode and translates it into high-level languages like Python, Swift, or even C#, making it easier to identify vulnerabilities in modern applications. This capability is especially valuable for analyzing SwiftUI and Unity apps, where high-level code clarity can reveal security flaws within complex code structures. The talk, not listed on the official schedule, captivated the audience as Pancake demonstrated how this new feature could transform the speed and ease of binary analysis for mobile app security.

NowSecure has consistently supported the Radare2 project and Frida, a toolkit for dynamic analysis, recognizing the valuable role these tools play in mobile security and binary analysis.

Hack-proof your mobile apps

Carlos Holguera, known as grepharder, and a key figure in the OWASP community, as a co-author of the Mobile Application Security Testing Guide (MASTG) shared crucial insights into mobile security risks and guidance from the mentioned project. He demonstrated how static and dynamic analysis tools, mainly radare2 and Frida, are used to uncover security and privacy issues within iOS and Android binaries. Attendees were introduced to the new Mobile Application Security Weakness Enumeration (MASWE).

A Hitchhikers Guide for Unity: Reversing mobile games on iOS

NowSecure Research Lead Alex Soler, known as Murphy, presented “A Hitchhiker’s Guide for Unity: Reversing Mobile Games on iOS,” offering a deep dive into the world of reverse-engineering Unity-based mobile games. In his talk, Alex demonstrated how to leverage r2frida, il2cpp, and Decai to decompile Unity applications, sideload metadata, and symbolicate the code back into readable C#.

Through these techniques, he walked attendees through recovering key parts of the original game code to understand the app’s internal logic as the developer intended. Alex also highlighted the security implications, explaining some weaknesses in APIs and payment methodologies within Unity games can pose risks to both the ecosystem and the user experience. His presentation showcased the r2frida plugin capabilities in analyzing and manipulating game behavior dynamically.

Other r2con2024 Highlights

This year’s edition featured six workshops on Friday, ranging from introductory development sessions delving into the internals of the radare2 codebase to hands-on applications of radare2 for hardware hacking.

Speakers from around the globe shared their expertise, including Travis Goodspeed from the United States, who led a training on recovering Gameboy ROMs by analyzing images taken with a microscope. Condret from Germany explored the advanced potential of radare2’s IO library, sha0 conducted an introductory session on malware analysis, and pancake ran a workshop on the scripting capabilities of radare2, demonstrating various methods for automating binary analysis processes.

On Saturday, the focus shifted to presentations. After Ole’s presentation on the new frida-trace UI, Sylvain and Karim Sudki’s shared their work on enhancing cryptographic support in radare2. They showcased improvements to the toolset’s ability to scan for private keys and demonstrated cracking the SM4 algorithm on real devices. Lars followed with a presentation on his multi-user platform built on radare2, designed to enable analysts to reuse work across different versions of the same binaries, making analysis more efficient and collaborative.

Sunday’s presentations were fully online, streamed on YouTube, allowing remote participants to enjoy the talks from home. Satk0 from Poland introduced his first contribution to the project, a plugin named “afen,” which rewrites expressions to aid in reverse-engineering Flutter apps. Next, dnakov from New York showcased his work on the new Visual mode in r2ai, demonstrating its “auto mode,” capable of solving crackmes and other reverse engineering tasks with a single prompt.

Further highlights included apkunpacker’s demonstration of using radare2, Frida and r2frida to bypass SSL pinning in Flutter apps with statically linked SSL libraries. Roman Valls (aka brainstorm) presented his efforts in fixing e-waste by reverse-engineering hardware firmware with radare2 and DecAI, the AI-powered decompiler, which successfully analyzed STM8 chip firmware. Closing the day, Dennis Goodlett discussed the vulnerabilities in Python’s Pickle binaries, explaining how they could lead to code execution and demonstrating various obfuscation techniques using his radare2 plugins for enhanced security testing.

Looking Ahead and Closing

With r2con2024 concluded, it offers a moment to reflect on the importance of free software and the open-source contributions and gathering meetups from the security community. NowSecure remains dedicated to supporting radare2’s growth and evolution, reinforcing its belief in the value of accessible, collaborative tools for security research.

For security professionals looking to expand their skills, radare2 offers a rich environment for exploring binary analysis and mobile security, bringing powerful insights within reach. This year’s r2con underscored the community’s resilience, creativity and shared commitment to innovation.

NowSecure is proud to contribute to these advancements and looks forward to pushing the boundaries of mobile security through continued research and active engagement in events like r2con, keeping the spirit of collaboration and learning alive.

To learn more about r2con and Radare2, check out these resources:

Related Content

Meet NowSecure at r2con2024: Exploring Mobile App Security Innovations
Reversing iOS System Libraries Using Radare2: A Deep Dive into Dyld Cache (Part 1)
NowSecure Commits to Security Standards
Case Study