Comment by cosmicgadget
16 hours ago
If you claim REing a flagship FAANG application is "extra easy", either they need to be laughed out of the room or you do.
16 hours ago
If you claim REing a flagship FAANG application is "extra easy", either they need to be laughed out of the room or you do.
Does FAANG apps have antidebug or code obfuscation? At least for google their apps are pretty lightly protected. The maximum extent of obfuscation is the standard compilation/optimization process that most apps go through (eg. r8 or proguard).
Reverse engineering is easy when the source code is available. :)
The difference between source code in a high-level language, and AArch64 machine language, is surmountable. The effort is made easier if you can focus on calls to the crypto and networking libraries.
The source is available?
Understanding program flow is very different from understanding the composition of data passing though the program.
At some level, the machine code is the source code -- but decompiling AArch64 mobile apps into something like Java is common practice.
As GP alludes, you would be looking for a secondary pathway for message transmission. This would be difficult to hide in AArch64 code (from a skilled practitioner), and extra difficult in decompiled Java.
It would be "easy" enough, and an enormous prize, for anyone in the field.
4 replies →
Note that WhatsApp as a web client, too: https://eprint.iacr.org/2025/794