We worked with the team at Ibanity to help reverse engineer banking applications in order to provide a generic Ibanity API. This API portal allows users to easily integrate with any and all banks they work with, without having to fight with the bank’s individual API.
Our work involved reverse-engineering each app entirely which includes bypassing any anti-tamper measures, such as DexGuard, to access the base functionalities. The full process involved our investigation into how the app worked, what cryptographic mechanisms they used, and through all the gates of authentication. To extract the banks’ inner workings, we needed to do so from the base code itself and then reverse engineer and replicate it for means of connection.
We did this for every major bank in Belgium and Ibanity is now connected with them, as well as banks in Luxembourg and the Netherlands. With a singular open API portal to connect, users are able to integrate on a significant level including:
- Initial enrolment process (verifying account ownership)
- Authentication upon return (PIN, fingerprint, Face ID etc.)
- Data request (for initiating and ongoing transactions)
The Ibanity team were delighted with our comprehensive delivery and the reverse-engineered source code. On top of that, they were blown away about the speed we bypassed industry leading anti-tamper solutions.