Reverse Engineering Tools Detection

Detection of reverse engineering tools is a key RASP feature. Reverse engineering tools can be used for customization and modification of the apps and system components. They can also be used by malicious actors to analyze, tamper with, and exploit applications.

Malwarelytics for Apple is able to detect that reverse engineering tools are present on the device and can be configured to terminate the app in that case.

Configuration

let raspConfig = AppProtectionRaspConfig(
    reverseEngineeringTools: DetectionConfig
    // configuration of other RASP features
)

Available values of DetectionConfig:

Value  
.noAction indicates that reverse engineering tools will not be automatically detected. A manual check is still possible.
.notify indicates that reverse engineering tools will be automatically detected and the delegates will be notified via the reverseEngineeringToolsDetected() method.
.exit(
exitUrl: String?)
indicates that the reverse engineering tools will be automatically detected and the app will be terminated when the reverse engineering tools are automatically detected.

Reverse engineering tools detection defaults to .notify.

List of available parameters for some config values:

Parameter Description
exitUrl: String? defines the URL to be opened when the app is terminated because of the automatic detection. Defaults to nil.

Usage

After service creation, the reverse engineering tools detection feature can be accessed via AppProtectionRasp. This can be used to add a delegate or to trigger a manual reverse engineering tools detection check.

Observing Detection

Reverse engineering tools detection can trigger a certain action. To achieve that, a delegate needs to be added.

Delegate configuration:

class RaspDelegate: AppProtectionRaspDelegate {

    // other delegate code

    func reverseEngineeringToolsDetected() {
        // handle reverse engineering tools detection
    }
}

The delegate can be added in AppProtectionRasp. When it is no longer needed, it can be removed again.

let raspDelegate = RaspDelegate()
appProtection.rasp.addDelegate(raspDelegate)
appProtection.rasp.removeDelegate(raspDelegate)

Triggering a Manual Check

Reverse engineering tools detection check can be triggered manually in AppProtectionRasp by getting the isReverseEngineeringToolsPresent property value. A simple Bool answer is given.

let isReverseEngineeringToolsPresent = appProtection.rasp.isReverseEngineeringToolsPresent

More information on general RASP feature configuration and usage can be found in this overview.

Last updated on Apr 11, 2024 (08:13) View product
Search

develop

Malwarelytics for Apple