As part of reverse engineering, performing static code analysis is not a simple task as it requires fairly good understanding of the assembly language and the app language by itself. However, one can use some of the available commercial tools to perform this task.
Loading the app into Hopper provides excellent details about the code and the app itself, as shown in the following screen capture. Hopper provides the feature of pseudo code and control flow graph (CFG).
You can view the assembly level using CFG; as shown in the following figure, Hopper provides the option to export this into PDF:
In this section, let's take up the challenge of Security Decisions via Untrusted Input (Chapter 1, The Mobile Application Security Landscape). This can be achieved by following these simple steps:
Load the app executable into Hopper. Search for OpenURL in the labels.
Select
AppDelegate Application:openURL
and click on the Pseudo Code, and you should be able to see the...