Chip Security Testing 
New advanced analytical tools, increased customization options, and improved integration capabilities.
ALL-IN-ONE PLATFORM

  • esDynamic

    Manage your attack workflows in a powerful and collaborative platform.

  • Expertise Modules

    Executable catalog of attacks and techniques.

  • Infrastructure

    Integrate your lab equipment and remotely manage your bench.

  • Lab equipments

    Upgrade your lab with the latest hardware technologies.

PHYSICAL ATTACKS

  • Side Channel Attacks

    Evaluate cryptography algorithms from data acquitition to result visualisation.

  • Fault Injection Attacks

    Laser, Electromagnetic or Glitch to exploit a physical disruption.

  • Security Failure Analysis

    Explore photoemission and thermal laser stimulation techniques.

EXPERTISE SERVICES

  • Evaluation Lab

    Our team is ready to provide expert analysis of your hardware.

  • Starter Kits

    Build know-how via built-in use cases developed on modern chips.

  • Cybersecurity Training

    Grow expertise with hands-on training modules guided by a coach.

Binary Security Analysis 
Get started with 𝗲𝘀𝗥𝗲𝘃𝗲𝗿𝘀𝗲: the collaborative platform for advanced software binary analyses.
ALL-IN-ONE PLATFORM

  • esReverse

    Static, dynamic and stress testing in a powerful and collaborative platform.

  • Extension: Intel x86, x64

    Dynamic analyses for x86/x64 binaries with dedicated emulation frameworks.

  • Extension: ARM 32, 64

    Dynamic analyses for ARM binaries with dedicated emulation frameworks.

DIFFERENT USAGES

  • Penetration Testing

    Identify and exploit system vulnerabilities in a single platform.

  • Vulnerability Research

    Uncover and address security gaps faster and more efficiently.

  • Malevolent Code Analysis

    Effectively detect and neutralise harmful software.

  • Digital Forensics

    Collaboratively analyse data to ensure thorough investigation.

EXPERTISE SERVICES

  • Software Assessment

    Our team is ready to provide expert analysis of your binary code.

  • Cybersecurity training

    Grow expertise with hands-on training modules guided by a coach.

Resources 
Empowering teams with 𝗸𝗻𝗼𝘄-𝗵𝗼𝘄 to build a more secure world through cybersecurity. Join our mission.
INDUSTRIES

  • Semiconductor

  • Security Labs

  • Governmental agencies

  • Academics

ABOUT US

  • Why eShard?

  • Our team

  • Careers

FOLLOW US

  • Linkedin

  • Twitter

  • Youtube

  • Gitlab

  • Github

Blog
Contact us
eShard
/
Pentesting Mobileapp

Mobile App Penetration Testing

With a penetration test, we determine the resilience of your mobile app against well known attacks. Our experts take the mobile app’s perspective and assume the underlying platform (iOS or Android) by default as insecure and untrusted, i.e. a mobile app cannot rely on platform services only and has to defend itself against other mobile apps, the platform and attackers.

Identifying Vulnerabilities

We identify vulnerabilities and attack paths in the mobile app that can be exploited to gain access to critical information. The complexity of an attack and resiliency of a mobile app is measured in days which is a key determinator of the actual risk. Another is related to the nature of an attack and the question whether an attack is limited to a single device, e.g. because an attack assumes physical access to the device, or whether it can be mounted remotely.

Attacks with remote access to the device or the mobile app require particular attention, because these attacks can be applied to a large number of devices at a time and entailing the risk of a compromise at scale.

Assessing the Risks

We perform penetration tests and consider the specific threats to mobile apps on iOS or Android platforms, such as:

  • Data stealing (at rest and/or at runtime) from a malicious apps on the mobile device;
  • Application tampering, eased by a tampered device (rooted/jailbroken);
  • Mobile app cloning (binary and data);
  • Code and data lifting, i.e. extract, copy and run/use of MA parts;
  • Tampering network communication, connecting to and interfacing with internal APIs, i.e. Man-in-the-Middle, disabling certificate pinning etc;
  • Gaining access to a MA on a lost or stolen device.

State-of-the-art Techniques

For that, we use advanced tools and apply state-of-the-art techniques to gain access to the assets, e.g. personal data, banking account and payment data, health data, cryptographic keys, tokens, code etc. Depending on the objectives, we consider solely the mobile app binary (black box) or the binary in combination with its security design (gray box) and/or source code (white box).

A penetration test typically includes Reverse Engineering techniques such as:

  • Debugging, disassembly, decompilation
  • Deobfuscation and cryptanalysis
  • Emulation, tracing and control flow analysis
  • And code patching and dynamic binary instrumentation

to analyze the code and tamper with the mobile app, at rest and at runtime.

Think Like a Hacker

Like real attackers, to disable the various security protections and gaining access to the assets, we use an arsenal of tools like Apktool, JADX, JEB, QEMU, Unicorn, Ghidra, Frida, IDA Pro, angr, etc.

To analyze the resilience of a mobile app or a component (SDK or software protection tool) against an advanced attacker, we perform a penetration test in a team: depending on the specific skills required, the pentesters are supported by a team of experts in other subject matters.

Track Record

We have a proven track record in Security Testing and Reverse Engineering of:

Mobile apps and Handsets

IoT devices

Healthcare Devices

SmartCards

POIs, ICs and SOCs

Cryptography

Interested?

Contact us

Blog Articles

Mobile App & Software

iOS Crackme: an efficient way to learn by doing

7 min read
CopyRights eShard 2024.
All rights reserved
Privacy policy | Legal Notice