Mobile Application Penetration Testing Guide

Let’s know How I have explored the buried secrets in React Native application

A new era in Android Reverse Engineering part-1

Thanks for the huge response to my previous write-up. Recently I have found a bug regards to hard-coded credentials issue that was found by a different approach instead of old reverse engineering methodology.

Introduction:

React Native is a mobile application framework that is most commonly used to develop applications for Android and iOS by enabling the use of React and native platform capabilities. These days, it’s become increasingly popular to use React across platforms.

Old-fashioned way of Android Reverse Engineering

Typically, when reversing an Android application, it is de-compiled using apktool, dex2jar and then analyzed using JD-GUI. When dealing with React Native applications, this can be useful if the application has any native code that you would like to analyze.

But most of the time, the core logic of the application lies in the React Native JavaScript that can be obtained without needing to use dex2jar.

Reverse Engineering Process: React Native application

Step-1: Let’s confirm whether the application was built on React Native framework.