+ All Categories
Home > Technology > Hooking101 - Deeper on iOS Island

Hooking101 - Deeper on iOS Island

Date post: 13-Apr-2017
Category:

Technology
Upload: ackcent
View: 142 times
Download: 0 times
Download Report this document
Share this document with a friend
14
Hooking 101 Deeper on iOS Island Alex Soler @as0ler 30/03/2016 Barcelona Cybersecurity
Transcript
Page 1: Hooking101 - Deeper on iOS Island

Hooking 101Deeper on iOS Island

Alex Soler@as0ler

30/03/2016

Barcelona Cybersecurity

Page 2: Hooking101 - Deeper on iOS Island

2

Who I am

Alex Soler (@as0ler)Red Team Officer @ [email protected]

Page 3: Hooking101 - Deeper on iOS Island

3

Mobile Security is….

Page 4: Hooking101 - Deeper on iOS Island

4

Dynamic Analysis is…

Runtime Instrumentation.Runtime Manipulation.Know what is done, when is done.

Page 5: Hooking101 - Deeper on iOS Island

5

iOS Runtime

Page 6: Hooking101 - Deeper on iOS Island

6

iOS RuntimeCurrent Execution point…Person *somePerson = [[Person alloc] init];[somePerson saySomething];…

Person implementation@implementation Person - (void) saySomething {

NSLog(@”Say Hello”);}

@end

Page 7: Hooking101 - Deeper on iOS Island

7

OnEnter: implementation@implementation- (void) onEnter_saySomething

{} @end

iOS RuntimeCurrent Execution point…Person *somePerson = [[Person alloc] init];[somePerson saySomething];…

Person implementation@implementation Person - (void) saySomething {

NSLog(@”Say Hello”);} @end

OnLeave: implementation@implementation- (void) onLeave_saySomething

{} @end

Page 8: Hooking101 - Deeper on iOS Island

8

Frida

What is Frida?- Dynamic instrumentation toolkit- Debug live processes- Scriptable- Execute your own debug scripts inside another process

- Multi-platform- Windows, Mac, Linux, iOS, Android, QNX

- Open Source- More info @ http://www.frida.re

http://www.frida.re/
Page 9: Hooking101 - Deeper on iOS Island

9

Frida

Basic Usage- Scripting (Python / Javascript)- Frida-trace- FridaCLI- Frida-ps- Frida-discover

Page 10: Hooking101 - Deeper on iOS Island

10

Keychain

Key-Value store/private/var/Keychains/keychain-2.db

Page 11: Hooking101 - Deeper on iOS Island

11

Keychain

OSStatus SecItemDelete ( CFDictionaryRef query );

OSStatus SecItemUpdate ( CFDictionaryRef query, CFDictionaryRef attributesToUpdate );

OSStatus SecItemAdd ( CFDictionaryRef attributes, CFTypeRef _Nullable *result );

https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
https://developer.apple.com/library/ios/documentation/CoreFoundation/Reference/CFDictionaryRef/index.html#//apple_ref/doc/c_ref/CFDictionaryRef
Page 12: Hooking101 - Deeper on iOS Island

12

Files

Files on iOS are protected by Data Protection Classes

- (BOOL)createFileAtPath:(NSString *)path contents:(NSData *)contents attributes:(NSDictionary<NSString *id> *)attributes

https://developer.apple.com/library/mac/documentation/Cocoa/Reference/Foundation/Classes/NSString_Class/index.html#//apple_ref/doc/c_ref/NSString
https://developer.apple.com/library/mac/documentation/Cocoa/Reference/Foundation/Classes/NSString_Class/index.html#//apple_ref/doc/c_ref/NSString
https://developer.apple.com/library/mac/documentation/Cocoa/Reference/Foundation/Classes/NSString_Class/index.html#//apple_ref/doc/c_ref/NSString
https://developer.apple.com/library/mac/documentation/Cocoa/Reference/Foundation/Classes/NSString_Class/index.html#//apple_ref/doc/c_ref/NSString
https://developer.apple.com/library/mac/documentation/Cocoa/Reference/Foundation/Classes/NSString_Class/index.html#//apple_ref/doc/c_ref/NSString
https://developer.apple.com/library/mac/documentation/Cocoa/Reference/Foundation/Classes/NSString_Class/index.html#//apple_ref/doc/c_ref/NSString
https://developer.apple.com/library/mac/documentation/Cocoa/Reference/Foundation/Classes/NSData_Class/index.html#//apple_ref/doc/c_ref/NSData
https://developer.apple.com/library/mac/documentation/Cocoa/Reference/Foundation/Classes/NSData_Class/index.html#//apple_ref/doc/c_ref/NSData
https://developer.apple.com/library/mac/documentation/Cocoa/Reference/Foundation/Classes/NSData_Class/index.html#//apple_ref/doc/c_ref/NSData
https://developer.apple.com/library/mac/documentation/Cocoa/Reference/Foundation/Classes/NSData_Class/index.html#//apple_ref/doc/c_ref/NSData
https://developer.apple.com/library/mac/documentation/Cocoa/Reference/Foundation/Classes/NSData_Class/index.html#//apple_ref/doc/c_ref/NSData
https://developer.apple.com/library/mac/documentation/Cocoa/Reference/Foundation/Classes/NSDictionary_Class/index.html#//apple_ref/doc/c_ref/NSDictionary
Page 13: Hooking101 - Deeper on iOS Island

13

Jailbreak detection

Some apps doesn’t like jailbreak Devices

Page 14: Hooking101 - Deeper on iOS Island

14

Thank you for your attention

Questions?


Recommended
User Manual - deepersonar.com€¦ · To connect Deeper to iOS device, you have to put Deeper in the water and head to smartphone or tablet settings. There you have to open WiFi settings

User Manual - deepersonar.com€¦ · To connect Deeper to iOS device, you have to put Deeper in the water and head to smartphone or tablet settings. There you have to open WiFi settings

Documents

RAD Studio XE4 - iOS Tutorials: Delphi iOS Application ...docs.embarcadero.com/products/rad_studio/radstudioXE4/iOS Tutorial... · iOS Tutorials: Delphi iOS Application Development

RAD Studio XE4 - iOS Tutorials: Delphi iOS Application ...docs.embarcadero.com/products/rad_studio/radstudioXE4/iOS Tutorial... · iOS Tutorials: Delphi iOS Application Development

Documents

Deeper Africa | Travel + Leisure | February 2018 | Circ ...€¦ · FEBRUARY 2018 TANZANIA SPAIN CHARLESTON • VENICE • BHUTAN TRAVEL LEISURE Island Getaways OISPLAY FEBRUARY 23.

Deeper Africa | Travel + Leisure | February 2018 | Circ ...€¦ · FEBRUARY 2018 TANZANIA SPAIN CHARLESTON • VENICE • BHUTAN TRAVEL LEISURE Island Getaways OISPLAY FEBRUARY 23.

Documents

Deeper South

Deeper South

Documents

Special Events 2018/2019 Growing Deeper Growing deeper

Special Events 2018/2019 Growing Deeper Growing deeper

Documents

DEEPER LEARNING RESEARCH SERIES DEEPER LEARNING …DEEPER LEARNING RESEARCH SERIES DEEPER LEARNING FOR ... only to describe best practices in the nation’s high schools but also to

DEEPER LEARNING RESEARCH SERIES DEEPER LEARNING …DEEPER LEARNING RESEARCH SERIES DEEPER LEARNING FOR ... only to describe best practices in the nation’s high schools but also to

Documents

Installation & User Manual - TECNO-GAZ industriesEzSensor HD(HI) IOS-U20VF U2… · Installation & User Manual (IOS-U20VF, IOS-U15VF, IOS-U10VF, IOS-U20IF, ... Consists of a special

Installation & User Manual - TECNO-GAZ industriesEzSensor HD(HI) IOS-U20VF U2… · Installation & User Manual (IOS-U20VF, IOS-U15VF, IOS-U10VF, IOS-U20IF, ... Consists of a special

Documents

CHAPTER 2 THEORITICAL FOUNDATION 2.1. Tourismlibrary.binus.ac.id/eColls/eThesisdoc/Bab2/bab 2_2014...iPad iPad 2 iPad 3 iPad 4 iPad Air iOS iOS 3,2 iOS 4,3 iOS 5,1 iOS 6 iOS 7 Screen

CHAPTER 2 THEORITICAL FOUNDATION 2.1. Tourismlibrary.binus.ac.id/eColls/eThesisdoc/Bab2/bab 2_2014...iPad iPad 2 iPad 3 iPad 4 iPad Air iOS iOS 3,2 iOS 4,3 iOS 5,1 iOS 6 iOS 7 Screen

Documents

NTUntuhighlights.ntu.edu.tw/pdf/012fulltext.pdf · Islands to do volunteer work. Their trip will allow NTU students to gain a deeper understanding of the island nation and promote

NTUntuhighlights.ntu.edu.tw/pdf/012fulltext.pdf · Islands to do volunteer work. Their trip will allow NTU students to gain a deeper understanding of the island nation and promote

Documents

Duet #13: Deeper - beinghueman.org€¦ · Duet #13: Deeper (Continued …) The kisses go deeper and deeper and deeper The blisses go deeper and deeper and deeper . I love you in

Duet #13: Deeper - beinghueman.org€¦ · Duet #13: Deeper (Continued …) The kisses go deeper and deeper and deeper The blisses go deeper and deeper and deeper . I love you in

Documents

Digging Deeper Into the CCCSS Montgomery County School ... Deeper Into the CCCSS... · Deeper Understanding of the ELA Common Core Page Page 11 Digging Deeper into the ELA Common

Digging Deeper Into the CCCSS Montgomery County School ... Deeper Into the CCCSS... · Deeper Understanding of the ELA Common Core Page Page 11 Digging Deeper into the ELA Common

Documents

Context: Geology, Gabriola Island Copyright restrictions ... · to erode new and deeper channels through their former tidal flats; increases the volume of sediment discharged into

Context: Geology, Gabriola Island Copyright restrictions ... · to erode new and deeper channels through their former tidal flats; increases the volume of sediment discharged into

Documents

Deeper Living

Deeper Living

Documents

Cisco Router IOS M Clements. 20-Jan-16 IOS Version - choice and deployment 2 This week …… Cisco IOS versions IOS Features Choosing an IOS IOS upgrade.

Cisco Router IOS M Clements. 20-Jan-16 IOS Version - choice and deployment 2 This week …… Cisco IOS versions IOS Features Choosing an IOS IOS upgrade.

Documents

Deeper Voice

Deeper Voice

Documents

iOS Demo Day - iOS Dev Portugal

iOS Demo Day - iOS Dev Portugal

Technology

Deeper Care.docx

Deeper Care.docx

Documents

Deeper Learning Audience Research Insights€¦ · Deeper Learning Audience Research Insights 4 Defining Deeper Learning When asked to define deeper learning, stakeholders came

Deeper Learning Audience Research Insights€¦ · Deeper Learning Audience Research Insights 4 Defining Deeper Learning When asked to define deeper learning, stakeholders came

Documents