DOCSLIB.ORG

Ios App Reverse Engineering

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Ios App Reverse Engineering snakeninny, hangcom Translated by Ziqi Wu, 0xBBC, tianqing and Fei Cheng iOS App Reverse Engineering Table of Contents Recommendation ..................................................................................................................................................... 1 Preface ....................................................................................................................................................................... 2 Foreword ................................................................................................................................................................... 7 Part 1 Concepts ....................................................................................................................................................... 12 Chapter 1 Introduction to iOS reverse engineering ............................................................................................. 13 1.1 Prerequisites of iOS reverse engineering .......................................................................................................... 13 1.2 What does iOS reverse engineering do ............................................................................................................ 13 1.2.1 Security related iOS reverse engineering ...................................................................................................... 16 1.2.2 Development related iOS reverse engineering ............................................................................................. 17 1.3 The process of iOS reverse engineering ............................................................................................................ 19 1.3.1 System Analysis ............................................................................................................................................ 19 1.3.2 Code Analysis ................................................................................................................................................ 20 1.4 Tools for iOS reverse engineering ..................................................................................................................... 20 1.4.1 Monitors ....................................................................................................................................................... 21 1.4.2 Disassemblers ............................................................................................................................................... 21 1.4.3 DeBuggers .................................................................................................................................................... 23 1.4.4 Development kit ........................................................................................................................................... 23 1.5 Conclusion ........................................................................................................................................................ 23 Chapter 2 Introduction to jailbroken iOS .............................................................................................................. 24 2.1 iOS System Hierarchy ........................................................................................................................................ 24 2.1.1 iOS filesystem ............................................................................................................................................... 26 2.1.2 iOS file permission ........................................................................................................................................ 32 2.2 iOS file types ..................................................................................................................................................... 33 2.2.1 Application .................................................................................................................................................... 33 2.2.2 Dynamic LiBrary ............................................................................................................................................ 37 2.2.3 Daemon ........................................................................................................................................................ 38 2.3 Conclusion ........................................................................................................................................................ 39 Part 2 Tools .............................................................................................................................................................. 40 Chapter 3 OSX toolkit ............................................................................................................................................ 41 3.1 class-dump ........................................................................................................................................................ 41 3.2 Theos ................................................................................................................................................................ 43 3.2.1 Introduction to Theos ................................................................................................................................... 43 3.2.2 Install and configure Theos ........................................................................................................................... 44 3.2.3 Use Theos ..................................................................................................................................................... 46 3.2.4 An example tweak ........................................................................................................................................ 67 3.3 Reveal ............................................................................................................................................................... 70 3.4 IDA .................................................................................................................................................................... 76 3.4.1 Introduction to IDA ....................................................................................................................................... 76 3.4.2 Use IDA ......................................................................................................................................................... 77 3.4.3 An analysis example of IDA .......................................................................................................................... 90 3.5 iFunBox ............................................................................................................................................................. 95 3.6 dyld_decache .................................................................................................................................................... 96 3.7 Conclusion ........................................................................................................................................................ 97 Chapter 4 iOS toolkit .............................................................................................................................................. 98 4.1 CydiaSubstrate .................................................................................................................................................. 98 4.1.1 MoBileHooker ............................................................................................................................................... 98 4.1.2 MoBileLoader .............................................................................................................................................. 109 4.1.3 Safe mode ................................................................................................................................................... 109 4.2 Cycript ............................................................................................................................................................. 111 4.3 LLDB and debugserver .................................................................................................................................... 115 4.3.1 Introduction to LLDB ................................................................................................................................... 115 4.3.2 Introduction to deBugserver ....................................................................................................................... 116 4.3.3 Configure deBugserver ............................................................................................................................... 116 4.3.4 Process launching and attaching using deBugserver .................................................................................. 118 4.3.5 Use LLDB ..................................................................................................................................................... 119 4.3.6 Miscellaneous LLDB .................................................................................................................................... 133 4.4 dumpdecrypted .............................................................................................................................................. 134 4.5 OpenSSH ........................................................................................................................................................
Load more

Recommended publications
  • Niresh Mac Os X Mavericks
    Niresh mac os x mavericks click here to download Hackintosh Mavericks with AMD & Intel Support - USB & ISO. Install Mac OS X Mavericks on PC with Niresh Mavericks aka Mavericks Zone, to Install this you don't need access to a Mac. Thanks for the distro Niresh!. May 23, Download Niresh Mac OSX Mavericks DVD ISO free standalone offline setup for AMD and Intel Computers. Niresh Mac OSX Mavericks Zone is a powerful operating system with all the latest enhancements and fixes with better compatibility features. Download Niresh Mac OSX Mavericks. Installing Mac OS X on PC is not easy as installing windows or linux, because mac First you must download the Niresh's Mavericks USB Version from the link. Jan 3, If you're interested in running Mac OS X, but you don't want to pay ridiculous prices for a normal Mac, then a Hackintosh just might be for you. Hello. I want to instal Mac OS X Maverick and I find the nice image from Niresh on the internet. Can my PC run this mac without problems?. Hackintosh = A PC that has Mac installed on it. - Macintosh = A Mac PC. - Mac OS X Mavericks = The Mac operating system. - Niresh = A guy who hacks Mac. Nov 7, If you have installed Niresh Version of Mac OS X Mavericks system in your virtual machine software like VirtualBox, it may be really confused. Jul 11, With more than new features, OS X Mavericks brings Maps and iBooks to the Mac, introduces Finder Tabs and Tags, enhances. How to install Niresh Mavericks () on any PC!! IF your PC supports these, then you can install MAC OS X on your PC.
    [Show full text]
  • Introducing the Iwatch
    May 2014 Jun June 2014 Welcome to Volume 5, Issue 6 of iDevices (iPhone, iPod & iPad) SIG Meetings Need Help? Go to the iDevice FORUM, click HERE To find Apps that are free for a short time, click these 2 icons: Introducing the iWatch Click to see the video New iPhone Lock screen bypass discovered Here's how to protect against it! By Rene Ritchie, Monday, Jun 9, 2014 16 A new iOS 7.1.1 iPhone Lock screen bypass has been discovered. Lock screen bypasses in and of themselves aren't new — trying to protect a phone while also allowing access to convenient features results is an incredible tension — but this one can provide access to an app, which makes it one of the most serious to date. It does require physical access to your iPhone, but if you do lose possession, here's how the bypass works and, more importantly, how you can protect yourself from it. Note: iMore tested the exploit and its scope before reporting on it. We were able to duplicate it but also get a sense of its ramifications and limitations. First, in order to get around the passcode lock, this bypass requires that the iPhone be placed into Airplane mode, and that a missed phone call notification be present. When those conditions are met, tapping or swiping the missed call notification will cause a Settings popup to appear on top of whatever app was last active (in the foreground) on the iPhone prior to it being locked. Dismiss the popup and you have access to the app.
    [Show full text]
  • View Managing Devices and Corporate Data On
    Overview Managing Devices & Corporate Data on iOS Overview Overview Contents Businesses everywhere are empowering their employees with iPhone and iPad. Overview Management Basics The key to a successful mobile strategy is balancing IT control with user Separating Work and enablement. By personalizing iOS devices with their own apps and content, Personal Data users take greater ownership and responsibility, leading to higher levels of Flexible Management Options engagement and increased productivity. This is enabled by Apple’s management Summary framework, which provides smart ways to manage corporate data and apps discretely, seamlessly separating work data from personal data. Additionally, users understand how their devices are being managed and trust that their privacy is protected. This document offers guidance on how essential IT control can be achieved while at the same time keeping users enabled with the best tools for their job. It complements the iOS Deployment Reference, a comprehensive online technical reference for deploying and managing iOS devices in your enterprise. To refer to the iOS Deployment Reference, visit help.apple.com/deployment/ios. Managing Devices and Corporate Data on iOS July 2018 2 Management Basics Management Basics With iOS, you can streamline iPhone and iPad deployments using a range of built-in techniques that allow you to simplify account setup, configure policies, distribute apps, and apply device restrictions remotely. Our simple framework With Apple’s unified management framework in iOS, macOS, tvOS, IT can configure and update settings, deploy applications, monitor compliance, query devices, and remotely wipe or lock devices. The framework supports both corporate-owned and user-owned as well as personally-owned devices.
    [Show full text]
  • Legal-Process Guidelines for Law Enforcement
    Legal Process Guidelines Government & Law Enforcement within the United States These guidelines are provided for use by government and law enforcement agencies within the United States when seeking information from Apple Inc. (“Apple”) about customers of Apple’s devices, products and services. Apple will update these Guidelines as necessary. All other requests for information regarding Apple customers, including customer questions about information disclosure, should be directed to https://www.apple.com/privacy/contact/. These Guidelines do not apply to requests made by government and law enforcement agencies outside the United States to Apple’s relevant local entities. For government and law enforcement information requests, Apple complies with the laws pertaining to global entities that control our data and we provide details as legally required. For all requests from government and law enforcement agencies within the United States for content, with the exception of emergency circumstances (defined in the Electronic Communications Privacy Act 1986, as amended), Apple will only provide content in response to a search issued upon a showing of probable cause, or customer consent. All requests from government and law enforcement agencies outside of the United States for content, with the exception of emergency circumstances (defined below in Emergency Requests), must comply with applicable laws, including the United States Electronic Communications Privacy Act (ECPA). A request under a Mutual Legal Assistance Treaty or the Clarifying Lawful Overseas Use of Data Act (“CLOUD Act”) is in compliance with ECPA. Apple will provide customer content, as it exists in the customer’s account, only in response to such legally valid process.
    [Show full text]
  • Presenter-To-Go™ Springboard™ Module User's Guide
    Presenter-to-Go™ Springboard™ Module User’s Guide Digital Projector The Presenter-to-Go Module Slides into the Springboard Slot in the back of the Visor HandspringTM VisorTM Includes Instructions For: • Presenter-to-Go Palm OS Presentation Application with File Creation Support on Windows 98, Millennium, 2000 and Mac OS 9. • MARGI Mirror Palm OS Graphics Display Application. MARGI Systems Inc. • Fremont, CA 94538 • www.presenter-to-go.com 1 Table of Contents 1. Introduction ...............................................................................4 Your Product Packaging Contains:.......................................................4 2. System Requirements................................................................4 Handheld ...............................................................................................5 Desktop or Laptop.................................................................................5 Display Device......................................................................................5 3. Visor Installation/Setup.............................................................5 4. PC Creation Software Installation/Setup ..................................6 Installing the Presenter-to-Go PC Creation Software drivers...............6 Un-Installing the PC Creation Software drivers...................................6 5. Creating Your Presentation.......................................................7 Creating Presentations from within Microsoft PowerPoint on your desktop PC (or laptop): .........................................................................7
    [Show full text]
  • Online Platforms and Market Power Part 6: Examining the Dominance of Amazon, Apple, Facebook, and Google Questions for the Recor
    Online Platforms and Market Power Part 6: Examining the Dominance of Amazon, Apple, Facebook, and Google Questions for the Record from the Honorable David N. Cicilline, Chairman, Subcommittee on Antitrust, Commercial and Administrative Law of the Committee on the Judiciary Questions for Mr. Tim Cook, CEO, Apple, Inc. 1. You testified that Apple’s apps “go through the same rules” that third-party apps are required to follow. The App Store Guidelines (“Guidelines”) are designed to ensure that the App Store remains a safe and trusted place for consumers to discover and download software for their Apple devices. The Guidelines apply to any app, Apple or third-party, that is available on the App Store in the first instance. a. How many Apple apps are pre-loaded on current iPhone models? The first iPhone included 13 integrated Apple apps. There were no third-party apps available for that iPhone. Apple’s subsequent decision to open the iPhone to third-party app development unleashed a wave of innovation and competition. Thirteen years later, there are more than 1.8 million third-party apps available through the App Store and only about 40 Apple apps integrated into the current iPhone models. Apple’s focus has always been to deliver a great consumer experience out of the box. That is why the iPhone comes with Apple apps like Phone, Notes, Settings, Files, Clock, Tips, Measure, and Reminders to provide basic functionality. In addition, apps like FaceTime, iMessage, Apple Music, TV, and others help differentiate the iPhone in a competitive smartphone market. The few apps that Apple has integrated into the iPhone are a drop in the bucket of the overall app ecosystem.
    [Show full text]
  • Signcryption in Imessage
    A preliminary version of this paper appears in EUROCRYPT 2020. This is the full version. Security under Message-Derived Keys: Signcryption in iMessage Mihir Bellare1 Igors Stepanovs2 February 2020 Abstract At the core of Apple’s iMessage is a signcryption scheme that involves symmetric encryption of a message under a key that is derived from the message itself. This motivates us to formalize a primitive we call Encryption under Message-Derived Keys (EMDK). We prove security of the EMDK scheme underlying iMessage. We use this to prove security of the signcryption scheme itself, with respect to definitions of signcryption we give that enhance prior ones to cover issues peculiar to messaging protocols. Our provable-security results are quantitative, and we discuss the practical implications for iMessage. 1 Department of Computer Science & Engineering, University of California San Diego, 9500 Gilman Drive, La Jolla, California 92093, USA. Email: [email protected]. URL: https://cseweb.ucsd.edu/~mihir/. Supported in part by NSF grant CNS-1717640 and a gift from Microsoft. 2 Department of Computer Science, ETH Zürich, Universitätstrasse 6, 8092 Zürich, Switzerland. Email: [email protected]. URL: https://sites.google.com/site/igorsstepanovs/. Supported in part by grants of first author. Work done while at UCSD. Contents 1 Introduction 2 2 Preliminaries 6 3 Signcryption 7 4 Encryption under message derived keys 12 4.1 Syntax, correctness and security of EMDK . 12 4.2 iMessage-based EMDK scheme . 14 5 Design and security of iMessage 16 5.1 iMessage-based signcryption scheme IMSG-SC ...................... 16 5.2 Parameter-choice induced attacks on privacy of iMessage ...............
    [Show full text]
  • Download Mac Os Sierra Iso After Macos Sierra Disappears from the Mac App Store
    download mac os sierra iso after macOS Sierra disappears from the Mac App Store. Previously, whenever a major new version of macOS (or OS X) would launch on the Mac App Store, the previous version would still be available for download in the Purchased tab on the store. But things have changed this year. Now that macOS High Sierra has launched, its predecessor, Sierra, is nowhere to be found. It appears that updates for macOS are no longer tied to your Apple ID, which explains why Sierra and High Sierra don't show up in your Purchased tab. However, Sierra is also missing when you search for it in the Mac App Store. As Stephen Hackett of 512 Pixels notes: This means there's no easy way for someone to install macOS Sierra at this point. If your Mac came with 10.12.4 or greater, you can reinstall that version from Apple's servers, but going back from High Sierra isn't doable unless you've got a copy of Sierra laying around. As Hackett goes on to note, it's likely that at least part of this move is motivated by Apple's desire for Macs running Sierra to upgrade to High Sierra, which offers many refinements of the Sierra experience. It's also worth noting that, at least for Macs with internal SSDs, downgrading from High Sierra would be more difficult thanks to the APFS transition. Question: Q: Where can I download OSX Sierra DMG/ISO? Mac wont start! I upgraded my Macbook Pro OS to Sierra on Thursday Friday morning and its been a disaster.
    [Show full text]
  • Iphone Productivity Tips
    IPHONE PRODUCTIVITY TIPS Useful lifehacks by ABBYY Mobile The functionality of today’s smartphones is awesome, and sometimes we just can’t comprehend it all. In this book, we have collected the most useful tips that will help you to know your iPhone and level up your productivity. Smartphones are not only about solving everyday and business routine but also allow to reduce paper usage. ABBYY Mobile has been providing paperless technologies for 10 years. To know more about productive data capturing from documents and business cards, check the second part of this ebook. ABBYY Mobile Blog: mobileblog.abbyy.com Learn more about ABBYY Mobile Apps: abbyy.com/mobile © 2019, ABBYY Mobile Blog. ABBYY is either registered trademark or trademark of ABBYY Software Ltd. All other trademarks are the sole property of their respective owners. Permission is hereby granted, free of charge, to any person obtaining a copy of this e-book, to use, copy and distribute this e-book, subject to the following conditions: The above copyright notice, this permission notice and the following disclaimer shall be included in all copies or substantial portions of the e-book and/or materials provided along with it. The information provided in e-book is for educational and informational purposes only. Any references to third-party products, services, processes, links to third-party web sites mentioned in e-book are provided only for your convenience and for information purposes only. Reference herein to any products, services, processes, links to third-party web sites or other information of third parties or to any trade name, trademark, manufacturer, supplier, etc.
    [Show full text]
  • Debugger for Hackintosh
    Debug for bug: Crack and Hack Apple Core by itself Lilang Wu, Moony Li About US ❖ Lilang Wu ❖ 4 years security experience ❖ macOS/iOS malware/vulnerability ❖ Fuzzing project ❖ BH USA 2018, BH EU 2018, HITB, CodeBlue About US ❖ Moony Li ❖ 9 years security experience ❖ macOS/iOS/Android malware/ vulnerability ❖ 0Day/NDay hunting/exploit ❖ BH EU 2015, BH USA2018, BH EU 2018, BH ASIA 2018, HITB, CodeBlue Agenda ❖ Kernel Debugger Overview ❖ The Introduction of LLDBFuzzer ❖ Attack Surfaces on Graphic Extensions ❖ Practice and Demo ❖ Vulnerabilities Found ❖ Implement a Debugger for Hackintosh ❖ Conclusion Agenda ❖ Kernel Debugger Overview ❖ The Introduction of LLDBFuzzer ❖ Attack Surfaces on Graphic Extensions ❖ Practice and Demo ❖ Vulnerabilities Found ❖ Implement a Debugger for Hackintosh ❖ Conclusion Kernel Debugger Overview ❖ KDP: a remote debugger protocol ❖ Active by change boot-args ❖ Only a single IOKernelDebugger can be activated at a given time ❖ Ethernet Debugging, Firewire Debugging, Serial Debugging Kernel Debugging Overview NetworkingFamily.kext Ethernet Driver BSD Kernel receivePacket kdp_poll Ethernet Debugger Driver Loop sendPacket kdp_reply Debugger world Kernel smp_init() kdp_i386_trap() handle_debugger_trap() BSD Kernel Bootstrap kernel_thread_creat() kdp_raise_exception() kdp_init() kdp_handler() kdp_register_send_receive() kdp_poll() kdp_reply() receive = kdp_en_recv_pkt kdp_receive_data() kdp_send_data() send = kdp_en_send_pkt Kdp Packet Process kdp.c IONetworkingFamily.kext IONetworkController:: IOKernelDebugger IOKernelDebugger
    [Show full text]
  • Breaking Down Imessage's End-To-End Encryption, and How It
    Breaking Down iMessage’s End-to-End Encryption, and How It Got Hacked in iOS 9.3 Xiaoyu Shi Mentor: Ming Chow Part I: Abstract iMessage, as an instant messaging service developed by Apple Inc., is the default messaging application on both iOS and OS X devices. Due to the fact that it is costless and that it is convenient for sending attachments, most users of Apple devices have been using iMessage instead of Short Message Service, or “text messages”. Earlier this year, Eddie Cue, Apple’s senior VP of Internet Software and Services, has disclosed that an many as 200,000 iMessages could be exchanged per second [1]. Besides that, although iMessage is not open source, Apple has published documents asserting that its end-to-end encryption has made iMessage one of the safest means of communication [2]. However, recent concerns of iMessage security have been raised following the discovery of an iMessage security flaw that allows third parties to decrypt attachments to iMessages, like images and videos, if the raw encrypted data has been intercepted. This paper will focus on Apple’s security specifications and its promises to the users, how the end-to-end encryption of iMessage is conducted, and dive into the topic concerning how this vulnerability of iMessage was found. [1] Apple says people send as many as 200,000 iMessages per second http://www.businessinsider.com/eddy-cue-200k-imessages-per-second-2016-2 [2] https://www.apple.com/business/docs/iOS_Security_Guide.pdf 1 Part II: Background 1. Statistics and status quo of Apple devices and iMessage a.
    [Show full text]
  • Computer Requirements (Kenzie Academy)
    KENZIE ACADEMY COMPUTER REQUIREMENTS It’s going to be the #1 tool in your career. You may use it more than anything in your life (other than a bed). So get the best one you can, treat it well, and pay for the warranty if you can afford it. Note: If the links in this document do not work for you, then download and open the PDF. Simple PDF previewers, such as those running on websites in your browser, don’t support the advanced features in this PDF. Operating Systems Hardware Models Minimum Specs macOS Catalina (10.15.x) or newer Approved models only Memory: 8 GB+ (no Hackintosh) Processor: ”Intel” or “AMD” only(!) Storage: 10 GB+ of free space Ubuntu 18.04.x or newer Approved models only (avoid dual-boot) (avoid VMs) Other: Headset, webcam, Windows 10 Pro or Home Any model with a physical second monitor, etc. keyboard Note: Chromebooks, Android devices, and iOS devices cannot run the software you will need. Some Good Advice Computers: “You get what you pay for!” Generally, when it comes to computers, you do get what you pay for – although sometimes you are paying, in part, for the aesthetics, build-quality, or the brand. But as a rule-of-thumb, if a computer is inexpensive, it is not likely to last long. So weigh your options: you don’t want your computer breaking down during your time in the program, if you can help it. If you’re choosing Ubuntu, install it well before Orientation Day! Have Ubuntu installed before Orientation Day.
    [Show full text]