(Cydia) – Erica U4li4es (Cydia) – iOSBinPack * • Jonathan Levin compiled a number of commonly used binaries for iOS • Automated toolkits – Idb Tool, Snoop-IT, iRET, Introspy, Appmon *, Needle * – Varying levels of support
require device to be unlocked • Unsecured API’s • Hard-coded secrets • The truth however is that most of these bugs closed – Binary protec4ons are now standard – Data Protec4on API’s – Universal links introduced with iOS 9 address IPC loophole – etc ….. • Some4mes we may come up short because of several other reasons…
Or your Google Fu returns nothing ? • Custom security protec4ons in place • Extending an exis4ng tool? • Finding deeply hidden Logic bugs – Crypto func4ons etc • iOS System bugs
a “new” approach one that involves Reverse Engineering and leverages knowledge of • iOS internals • ARM(32/64) Assembly • Deep dive into Objec4ve-C/Swij • …..... • Our first step is to improve our toolkit • And expand our knowledge base
interac4ng with tasks • task_for_pid, processor_set_tasks • Inter Process Communica4on(IPC) – Mach Ports, Mach Messages, XPC • ARM Assembly (32/64) • Behind the scenes with Objec4ve-C and SWIFT • Lot more details but limited 4me see full talk here – h"ps://www.youtube.com/watch?v=4WHEQA3GG9k&feature=youtu.be – h"ps://speakerdeck.com/_dark_knight_/beyond-the-cript-pracIcal-ios-reverse- engineering
is possible • Common jailbreak detec4on – does root par44on have read/write permissions ? • How can we make this green? • Mul4ple op4ons available • Binary patching • But first some recon
and break from the norm is required for in depth assessments • Assembly knowledge a MUST for Reversing Engineering – Low level assembly allows you to bypass many security protec4ons, discover hidden gems and then some • Knowledge of iOS architecture will not only improve your assessments but also provide a launching pad for other research • Disassemblers are your friends (IDA, Hopper, Jtool …..) • Add the reverse engineering skillset to your arsenal !!!