Skip to content

Call For Authors: The Ultimate Open-Source Mobile App Reverse Engineering Guide

Reverse engineering is an art, and describing every available facet of it would fill a whole library. The sheer range techniques and possible specializations is mind-blowing: One can spend years working on a very specific, isolated sub-problem, such as automating malware analysis or developing novel de-obfuscation methods. For mobile app security testers, it can be challenging to filter through the vast amount of information and build a working methodology. Things become even more problematic when one is tasked to assess apps that are heavily obfuscated and have anti-tampering measures built in.

One of the main goals in the MSTG is to build the ultimate resource for mobile reverse engineers. This includes not only basic static and dynamic analysis, but also advanced de-obfuscation, scripting and automation. Obviously, writing all this content is a lot of work, both in terms of general content and OS-specific how-tos. We're therefore looking for talented authors that want to join the project early on. Topics include the following:

  • Basic Hybrid Static/Dynamic Analysis
  • Code Injection and Dynamic Instrumentation (Substrate, FRIDA)
  • Dynamic Binary Instrumentation (Valgrind, PIE)
  • Analysis Frameworks (Metasm / Miasm)
  • Symbolic Execution
  • DCA and DPA attacks on white-box crypto
  • Dynamic analysis frameworks (PANDA / DroidScope,...)
  • Anything else we might have missed

What is in for me?

All of this is unpaid, volunteer work. However, depending on your contribution, you will be named in the "lead authors" or "contributors" list, and you'll be able to point to the fact that you co-authored the guide. You'll also be contributing to the field, helping others who are just starting out, and in turn becoming a happier person yourself (reaping the full benefits of your altruism).

Where do I sign up?

First of all, have a look at the existing RE chapters outline. You'll probably immediately have ideas on how you can contribute. If that's the case, read the Contribution Guide first.

Then contact Bernhard Mueller - ideally directly on the OWASP Mobile Security Project Slack Channel, where you'll find all the other project members. You can sign up for an account here.