S W I F TO F F I C E H O U R S

03/23/2017

“Thinkdifferently.Don'tbeafraidtobedifferent.It'sthecrazyoneswhochangetheworld”―SteveJobs

HACKINGW I T H L O V EOnce upon a time, in a connected world…

By: Suhaib Alfageeh

Delivery“Hear Ye, Hear Ye…”

TestUsing real-world customer

apps

DevelopmentRinse. Repeat.

DesignNot your average UX

I W O R K O N M O B I L E S C A N N I N G S O F T W A R E

S E N I O R S O F T W A R E E N G I N E E R AT V E R A C O D E I N C .

BundleResourcesAssetts/iTunesArtwork/iTunesArtwork@2x

App Binary/Payload/Appname.app/Appname

iTunesMetadata.plist

What’s inside?

ASK A QUESTION

B.

A.

C.

D.

WHYWhy does this happen?

HOWHow does this work?

WHATWhat’s being communicated?

WHEREWhere is all this information going?

DIG DEEPER

WHYWhy is this app crashing?

HOWHow is this feature designed?

WHATWhat functions are called when I do this?

WHEREWhat REST API endpoints are reached?

PILLARS OF iOS REVERSE ENGINEERING.

DECRYPT(BINARY)01 EXTRACT

BLUEPRINT02 STUDY & UNDERSTAND03 MODIFY /

OPTIMIZE04

Apple App Store apps are encrypted using FairPlay

Dump headers containing objective-c runtime info

Stored in the Mach-O

Perform static and dynamic analysis to understand behavior

Inject custom code at runtime to create new

features or modify existing ones

Why Tinder

SIMPLE TO USE

EASY TO READ

EASYTO UNDERSTAND

MARKET SIZELet’s face it…most of us.

FLEXB Y : F L I P B O A R Dhttps://github.com/Flipboard/FLEX

F L E XFLEX(FlipboardExplorer)isasetofin-appdebuggingandexplorationtoolsforiOSdevelopment.

J o h n C o a t e s@ p u n k s o m e t h i n g

w w w . f r i d a . r e

D y n a m i c C o d e I n s t r u m e n t a t i o n To o l k i t

W h a t c a n y o u d o w i t h i t ?

D y n a m i c I n s t r u m e n t a t i o n

I n j e c t a n i n s t r u m e n t a t i o n s c r i p t i n t r o a r u n n i n g a p p l i c a t i o n

L i s t a l l r u n n i n g p r o c e s s e s a n d P I D s o f a U S B c o n n e c t e d d e v i c e

Tr a c e n a t i v e A P I s

Tr a c e n a t i v e A P I s i n a s p e c i f i c p r o c e s s$ f r i d a - t r a c e – n T i n d e r - i “ * U R L * ” $

Tr a c e O b j e c t i v e - C C a l l s$ f r i d a - t r a c e – U T i n d e r – m “ [ T N D R * * L i k e *

A n i n t e r a c t i v e c o n s o l e t h a t i n t e r c e p t s t r a f f i c- I n s p e c t- M o d i f y- R e p l a y

M I T M P r o x y i n t e r c e p t s y o u r H T T P / S t r a f f i cT h i s a l l o w s u s t o l e a r n a b o u t t h e T i n d e r A P I

LIKE PASS RECS UPDATES

/like/{id} /pass/{id} /user/recs /updates/

api.got inder.com

O u r t i m e l i n e

Q&AYour work is going to fill a large part of your life, and the only way to be truly satisfied is to do what you believe is great work. And the only way to do great work is to love what you do. If you haven't found it yet, keep looking. Don't settle. As with all matters of the heart, you'll know when you find it.- Steve Jobs