Reviewing 2024

Transcript

1. REVIEWING 2024 OWASP SAITAMA MTG #23, TALK #1 Image by

   Secret_Cinema on flickr, CC-BY 2.0

2. TEXT SESSION FLAGS ▸ ࿥ըɾ࿥Իɾެ։: OK Image by Nico Kaiser

   on flickr, CC-BY 2.0

3. TEXT WHO I AM ▸ Takahiro Yoshimura (@alterakey) https://keybase.io/alterakey ▸

   Monolith Works Inc. Co-founder, CTO Security researcher ▸ ໌࣏େֶαΠόʔηΩϡϦςΟݚڀॴ ٬һݚڀһ

4. TEXT WHAT I DO ▸ Security research and development ▸

   iOS/Android Apps →Financial, Games, IoT related, etc. (>200) →trueseeing: Non-decompiling Android Application Vulnerability Scanner [2017] ▸ Windows/Mac/Web/HTML5 Apps →POS, RAD tools etc. ▸ Network/Web penetration testing →PCI-DSS etc. ▸ Search engine reconnaissance (aka. Google Hacking) ▸ Whitebox testing ▸ Forensic analysis

5. TEXT WHAT I DO ▸ CTF ▸ Enemy10, Sutegoma2 ▸

   METI CTFCJ 2012 Qual.: Won ▸ METI CTFCJ 2012: 3rd ▸ DEF CON 21 CTF: 6th ▸ DEF CON 22 OpenCTF: 4th ▸ ൃදɾߨԋͳͲ DEF CON 25 Demo Labs (2017) DEF CON 27 AI Village (2019) CODE BLUE (2017, 2019) CYDEF (2020) etc. Image by Wiyre Media on flickr, CC-BY 2.0

6. 2024... Image by Marc Barrot on flickr, CC-BY-NC-ND 2.0

7. FEBURARY Image by osseous on flickr, CC-BY 2.0

8. TEXT FEBURARY ▸ 2024೥࠷ॳͷ։࠵ ▸ य़೔෦ࢢ;Ε͍͋Ωϡʔϒ4F ձٞࣨ2 ▸ ڧ෩ͱפ͞… →Ϧʔμʔ2໊ͷΈͷࢀՃ

   →࠲ஊձʹͳͬͯ͠·ͬͨ Image by Jeff Sullivan on flickr, CC-BY-NC-ND 2.0

9. SHADOW RUNNERS FRONT Image by Neil Moralee on flickr, CC-BY-NC-ND

   2.0

10. TEXT FRONT: SHADOW RUNNERS ▸ iOSΞϓϦ ϦϦʔε࣌ΞϓϦϨϏϡʔͰ඼࣭୲อ ▸ ಈతϩʔυͳͲ͸ʁ →App

    Review Guidelines, 2.5.2ʹΑΓېࢭ ▸ ͳͥʁ →ϨϏϡʔͷҙຯ͕ͳ͘ͳΔͨΊ ▸ ࣮ࡍͲ͏ͳͷʁˠݕূͩʂ Image by Neil Moralee on flickr, CC-BY-NC-ND 2.0

11. TEXT CASE STUDY #1. FACEBOOK ▸ facebook ▸ ಈతίʔυϩʔυ ▸

    Stack-based VM ▸ ϑΟʔυͷཏྻ ▸ ͞Βʹ: Ad͔Βϩʔυ͢ΔΑ͏ͳࣔࠦ

12. TEXT CASE STUDY #2. LINE -- BUSTED ▸ ҧ൓ͷՄೳੑ͕ߴ͍ ▸

    ߇͑Ίʹݴͬͯ΋ؾ࣋ͪѱ͍ ▸ syscall, fork ▸ MbedελοΫʹΑΔ҉߸ܥ࣮૷Λྲྀ༻ →ͱͯ΋҆શͱ͸͍͑ͳ͍࣮૷ Image by Cloudtail the Snow Leopard on flickr, CC-BY-NC-ND 2.0

13. TEXT CASE STUDY #3. GMAIL -- QUESTIONABLE ▸ JVM +

    j2objcͷՄೳੑ ▸ 2.5.2͸͜Ε͚ͩͰ͸ҧ൓Ͱ͸ͳͦ͞͏͕ͩ: 2.3.1 (no hidden feature) ͔Β͸Ͳ͏ͳͷ͔ ▸ Ұൠͷ։ൃऀ͕΍ͬͨΒଟ෼reject͞ΕΔͩΖ͏ ͍ͣͿΜҟ࣭ͳߏ଄ Image by Bricknave on flickr, CC-BY-NC-ND 2.0

14. TEXT FRONT: SHADOW RUNNERS ▸ ͍ͩͿܗ֚Խ…Ͳ͜Ζ͔ →AdʹΑΔಈతίʔυ࣮ߦ →γεςϜίʔϧ௚࣮ߦ →VM࣮૷ͷൃݟ ▸

    ਓྗʹΑΔϨϏϡʔͱ͸ →዁౓ͷ͔ͨ·Γ →୯ͳΔfalse sense of security… ▸ ݕূͳ͖҆શͳͲͳ͍͜ͱΛݟͨճ Image by Gunnar Ries zwo on flickr, CC-BY-SA 2.0

15. APRIL Image by Ron Masters on flickr, CC-BY-NC 2.0

16. TEXT APRIL ▸ ͍ͨ͞·ࢢ։࠵ճ ▸ RaiBoC ूձࣨ ▸ ༐໠Ռ׶ͳ։࠵ ࠂ஌΋஗͚Ε͹GWͷͲ·Μͳ͔…

    →ϦʔμʔؚΊ3໊ͷࢀՃ Image by Pedro Ribeiro Simões on flickr, CC-BY 2.0

17. SHADOW RUNNERS 2 FRONT Image by Neil Moralee on flickr,

    CC-BY-NC-ND 2.0

18. TEXT FRONT: SHADOW RUNNERS 2 ▸ iOSͷܧଓత؍ଌʹଓ͍ͯ… ▸ Android: σετϥοϓʹΑΔ҆શੑ୲อ

    ▸ ಈతϩʔυͳͲ΋໰୊ͳ͠ ▸ ո͍͠ڍಈͷ΋ͷ͸ͳ͍͸ͣ →ݕূͩʂ Image by Neil Moralee on flickr, CC-BY-NC-ND 2.0

19. CASE 1: IOS Image by Janitors on flickr, CC-BY 2.0

20. TEXT CASE STUDY #4. GOOGLE MAPS ▸ Google Maps ▸

    େྔͷre fl ection → ಈ࡞ͷൿಗͱ΋औΕΔ

21. TEXT CASE STUDY #4. GOOGLE MAPS -- QUESTIONABLE ▸ ੩తղੳճආͷՄೳੑ

    ▸ গʑͳΒre fl ection͸ී௨ʹग़ͯ͘Δ; ͭ·Γ: Ұൠͷ։ൃऀ͕͜ΕΛͯ͠΋ଟ෼reject͞Εͳ͍ → API࢖༻ύλʔϯΛ͋Δఔ౓ૢ࡞Ͱ͖Δࣔࠦ ▸ 2.3.1 (no hidden feature) ͔Β͸Ͳ͏ͳͷ͔ →ਓྗͰશͯݟൈ͘͜ͱ͸Ͱ͖ͳ͍ Image by Portraying Life, LLC on flickr, CC-BY-NC-ND 2.0

22. TEXT FRONT: SHADOW RUNNERS 2 ▸ iOS: ϦϦʔε࣌ΞϓϦϨϏϡʔͰ඼࣭୲อ ▸ ಈతίʔυϩʔυɾVMͳͲʹՃ͑

    େྔͷRe fl ectionʹΑΔ੩తղੳճආ΋ →͜ΕʹΑΓAPI࢖༻ύλʔϯ͕ૢ࡞Մೳʹ ▸ ਓྗϨϏϡʔ͸҆શੑʹد༩͠ͳ͍… Apple͸API࢖༻ύλʔϯ͚ͩͰͳ͘ίʔϧස౓ ΋ߟྀ͢΂͖ Image by Brandon Grasley on flickr, CC-BY 2.0

23. CASE 2: ANDROID Image by etnyk on flickr, CC-BY-NC-ND 2.0

24. TEXT FINDINGS ▸ ੩తղੳ ▸ ಈతdexϩʔυʢ೉ಡԽΫϥε͔Βʣ ▸ Wi-Fi BSSIDऔಘ͓Αͼ৴߸ڧ౓ܭࢉ ▸

    OkhttpܥΛܦ༝͢ΔτϥϑΟοΫʹ͓͚Δ ಠࣗDNSαʔϏεͷ࢖༻ (httpϕʔε; ॺ໊෇͖) ▸ ֤ݕ஌: σόοά/rooted/VPN/ϓϩΩγ ▸ σόοάݕ஌ϑϥάͷड͚౉͠

25. TEXT CASE STUDY #5 SHEIN -- BUSTED ▸ ेೋ෼ʹݏΒ͍͠… ▸

    ϓϥΠόγʔͱ͍͏֓೦͸ͳ͍ͷ͔ ಛʹTrustDefender: ୺຤ݻ༗৘ใ, Wi-Fi .. →कΒΕ͍ͯΔͷ͸ύϒϦογϟʔ ▸ ଟ෼ΫϨʔϜ্͕͕͍ͬͯͳ͍ͷͰ์ஔʁ ▸ ͜Ε΋͜ΕͰ͋Γ͕ͩ໰୊ͳӡ༻ ▸ Ұൠʹ͸EULAʹΑΓ෼ੳͰ͖ͳ͍ͨΊ Image by Mark Freeth on flickr, CC-BY 2.0

26. TEXT FRONT: SHADOW RUNNERS 2 ▸ Android: มͳ͜ͱΛ͢Ε͹ίϩε ▸ ͕࣮ͩଶ͸:

    ͪ͜Β΋ܗ֚Խ͕ஶ͍͠ →ύϒϦογϟʔͷ΍Γ͍ͨ์୊, EULAͱ͸ ▸ େྔͷ৘ใऩूɺࣥ፠ͳ୺຤؀ڥݕ஌ɺDNSͷ ૡ͍જΓɺRe fl ectionʹΑΔ੩తղੳճආ… (ClipboardΞΫηεɺτϥϑΟοΫͷ౪ௌվ ᜵ɺະॺ໊֎෦ίʔυͷϩʔυͳͲ; SDKܦ༝Ͱ ԣߦ) Image by daveoratox on flickr, CC-BY 2.0

27. TEXT FRONT: SHADOW RUNNERS 2 ▸ Ϟϥϧͷ௿͞Λ࠶֬ೝͨ͠ճ Image by Petri

    Damstén on flickr, CC-BY-NC-ND 2.0

28. JUNE Image by Joe Penniston on flickr, CC-BY-NC-ND 2.0

29. TEXT JUNE ▸ य़೔෦ࢢ։࠵ճ ▸ य़೔෦ࢢ;Ε͍͋Ωϡʔϒ 4F ձٞࣨ2 ▸ ॵ͔͕֮ͬͨ͑…

    Image by Zaqqy on flickr, CC-BY 2.0

30. CHAOTIC CHANNEL FRONT Image by Denkrahm on flickr, CC-BY-ND 2.0

31. TEXT FRONT: CHAOTIC CHANNEL ▸ What is Wi-Fi? ▸ ...

    Wi-Fiͷ҆શੑʹ͍ͭͯऔΓѻͬͨճ ▸ ͪͳΈʹWi-Fi = Wireless Fidelity…Ͱ͸ͳ͍ ʢWi͸ͱ΋͔͘ɺFi͸ແҙຯͳޠʣ Image by Denkrahm on flickr, CC-BY-ND 2.0

32. TEXT SNIFFING ▸ ৴߸๣डʹΑΔ௨৴๣ड ▸ WEP: ҉߸Խ (RC4/CRC32)

33. TEXT WEAK CRYPTOGRAPHY ▸ ҉߸ܥͷڧ౓ෆ଍ʹΑΔ౪ௌվ᜵ ▸ WEP: ൵ࢂͳ΄Ͳͷແཧղ RC4 ..

    伴௚઀ࢦఆ, IVෆ଍, ༌ग़ن੍etc. CRC32 .. ࿦֎; Compensation attack (sshnuke..!) ▸ WPA: 伴؅ཧڧԽʴೝূ͕ೖ͕ͬͨ… RC4 .. PBKDF2-MD5, statistical bias Michael .. invertible (※), related-keys, birthday ※C = Michael(K, M)ʹ͓͍ͯC,M͔ΒKΛܾఆՄೳ ▸ WPA2: ೝূ҉߸Խ (AES-CCMP) બ୒Մ Image by Steve Bowbrick on flickr, CC-BY 2.0

34. TEXT WIFI PROTECTED SETUP ▸ PINͷਪଌ →Personal Identi fi cation

    Number…ͩͱʁ →ͨͬͨ7ܻͷ਺஋͔ͭΦϑϥΠϯ߈ܸՄೳʂ ▸ Pixie dust attack (Bongard 2014) ▸ WPS: PBCͷΈͷӡ༻ Image by alvinchanphotography on flickr, CC-BY 2.0

35. TEXT DOWNGRADE ATTACKS ▸ KRACK attacks (Vanhoef, 2017) ▸ 4-way

    handshakeΛҰ෦վ᜵ɾϦϓϨΠ͠… ɾnonceΛ࠶ར༻ͤ͞Δ Image by Archetype Fotografie on flickr, CC-BY-SA 2.0

36. TEXT DENIAL OF SERVICE 1 ▸ ͍ΘΏΔdeauth߈ܸ ؅ཧϑϨʔϜͷૹ෇ʹΑΔDoS ▸ ؅ཧϑϨʔϜ͕ೝূΛཁٻ͠ͳ͍͜ͱ͕ݪҼ

    ▸ WPA3: Protected Management Frames (802.11w) Image by jyri on flickr, CC-BY 2.0

37. TEXT DENIAL OF SERVICE 2 ▸ Dragonblood (Vanhoef, 2019) ͷҰͭ

    ▸ ϥϯμϜͳMACΞυϨε͔ΒSAE Commitϑ ϨʔϜΛେྔʹૹ෇͠ɺDragonFlyॲཧίετΛ ૿෯ →ପԁۂઢܥͷ఺Λ൓෮తʢHunting-and- PeckingʣʹٻΊ͍ͯΔ͜ͱͳͲ͕ݪҼ →΋ͱ΋ͱ͸λΠϛϯά߈ܸରࡦ͕ͩ… Image by jyri on flickr, CC-BY 2.0

38. TEXT INTER-FRAME INTEGRITY FAILURE ▸ FragAttack (Vanhoef, 2021) ▸ ϑϨʔϜؒͷೝূ͕؁͍໰୊

    ɾis aggregatedϑϥά͕ະೝূ ɾPairwise session keyߋ৽ΛڬΜͰϑϨʔϜ͕ assemble͞ΕΔ ɾΫϥΠΞϯτ੾அ࣌ʹ΋fragment cache͕Ϋ ϦΞ͞Εͳ͍ ɾTKIPʹ͓͍ͯfragmentsͷMICΛݕূ͠ͳ͍ ɾetc .. Image by James Marvin Phelps on flickr, CC-BY-NC 2.0

39. TEXT OFFLINE CRACKING ▸ 4-way handshakeͷMIC͔ΒύεϫʔυΛਪଌ (802.11i-2004) ▸ ύεϫʔυ͔ΒPMKΛPBKDF2Ͱ೿ੜ͢Δ ▸

    PMK͔ΒPTKΛɺ·ͨPTK͔ΒMICΛٻΊΔ ▸ ͭ·Γ: ύεϫʔυ͔ΒMIC͕Ұҙʹܾ·Δ →ΦϑϥΠϯ߈ܸՄೳʂGPU΋࢖༻Մೳʂ Image by massdistraction on flickr, CC-BY-NC-ND 2.0

40. TEXT EVIL TWIN ▸ ෆਖ਼ͳAP΁઀ଓͤ͞Δ߈ܸ ▸ ߈ܸऀ͕APΛ༻ҙ SSID/BSSIDΛিಥͤͯ͞઀ଓΛୣऔ Image by

    surfzone™ on flickr, CC-BY-NC-ND 2.0

41. TEXT TAKEAWAYS ▸ ௕Β͘ΨλΨλͩͬͨ… ͕WPA3Ͱରࡦ͞Ε͖ͯͨ ▸ SAE͸ͳ͔ͳ͔ͷΫηϞϊΒ͍͠ ▸ Evil twinରࡦʹ͸ҎԼΛ༗ޮʹ

    ▸ SAE-PK ▸ SAE-H2Eʢ˞Wi-Fi 7/6GHzͰ͸ඞਢʣ ▸ WPA3-Enterpriseͷ৔߹͸ରࡦࠔ೉ →ଓใΛ଴ͯ Image by letmebeyourswearword on flickr, CC-BY 2.0

42. TEXT FRONT: CHAOTIC CHANNEL ▸ ޓ׵ੑͱ҆શੑͷؒͰ܁Γ޿͛ΒΕ͖ܹͯͨಆͷྺ࢙ →WPA3Ͱ͍ͩͿ҆શʹ ▸ ҉߸ܥ΁ͷແཧղ͕… →e.g.

    WEP/WPA: RC4ͱͦͷ࢖༻๏ →e.g. WPS (PIN): 7ܻͷ਺஋͸ͦ΋ͦ΋ →e.g. WPA/WPA2: MIC͕࿙ΕΔͱյ໓త →e.g. WPA3: ECCͳͷʹͳͥ൓෮తʹ (DoS) ▸ ଓใΛ଴ͯͷ݅ →…·ͩ଴ͯɻ௚͍ͬͯͳ͍ɻ Image by Stephen Permezel on flickr, CC-NC 2.0

43. IN THE MIDDLE OF CHATTER BACK Image by Quinn Dombrowski

    on flickr, CC-BY-SA 2.0

44. TEXT BACK: IN THE MIDDLE OF CHATTER ▸ LLM΁ͷνϟοτΞϓϦ ʢChatGPT,

    GPT-4o, Claude .. ʣ ▸ ͜ΕΒͷڍಈ͸…Ͳ͏ͳ͍ͬͯΔͷͩΖ͏͔ ▸ Claude iOS൛Λର৅ ▸ …ओʹख๏Λѻͬͨճ Image by Quinn Dombrowski on flickr, CC-BY-SA 2.0

45. TEXT DEFEATING DRM ▸ App Store͕഑෍ʹ͋ͨΓ҉߸Խ+ॺ໊ ▸ ҉߸Խ͞Ε͍ͯΔͱ౰વಡΊͳ͍ ▸ ҉߸ͷ࢖͍ํʹ͸͞΄Ͳେ͖ͳ໰୊͸ͳ͍

    →ਖ਼߈๏Ͱ͸೉͍͠ ▸ ࣮୺຤ʹղಡͤ͞Δͷ͕ྑ͍ɺ͕ ▸ ղಡπʔϧ͕App Storeʹ͋Δ…Θ͚ͳ͍ ▸ ղಡʹ͸jailbreak͕ඞਢ Image by lantzilla on flickr, CC-BY-NC-ND 2.0

46. TEXT NOW UNLEASHED, WHERE TO GO? ▸ ର৅ͷΞϓϦΛղಡ͍ͨ͠ ▸ frida-ios-dump

    →ϝϞϦμϯϓ͠ΞϓϦΛ࠶ߏ੒ →frida͕ඞཁ ▸ frida: dynamic instrumentation framework! ▸ frida-serverΛattach ▸ APIݺͼग़͠ͷI/OͳͲࡉ෦͔Β੍ޚՄೳʹ Image by Mr. Littlehand on flickr, CC-BY-ND 2.0

47. TEXT REVERSING ▸ Ghidra: Multi-arch disassembler (NSA) radare2: Binary analysis

    framework (pancake et al.) ▸ ؆୯ͷͨΊʹghidraΛ࢖༻ Image by Simon Rankin on flickr, CC-BY-NC-ND 2.0

48. TEXT REVERSING TAKEAWAYS ▸ ղੳ analyzeHeadless ~/works/claude/t claude -preScript analysisopts_ios.py

    -import Payload/ Claude.app/Claude ▸ औΓग़͠ analyzeHeadless ~/works/claude/t claude -postScript out.py -process Claude -noanalysis → out.asm(※) ͕ੜ੒͞ΕΔͷͰrename ▸ ※out.asm͸out.py͕উखʹܾΊ͍ͯΔϑΝΠϧ໊ Image by Thomas_H_foto on flickr, CC-BY-ND 2.0

49. TEXT BACK: IN THE MIDDLE OF CHATTER ▸ iOS୺຤ͷjailbreak ▸

    όΠφϦͷൈ͖ग़͠ʙղੳ·Ͱ ▸ ࣌ؒͱσΟεΫྖҬ͕… ▸ ͯ͞ɺ͋ͱ͸࣮ࡍͷղੳͩɻޤ͏͝ظ଴ɻ Image by Malcolm Murdochon flickr, CC-BY-SA 2.0

50. AUGUST Image by Miguel Virkkunen Carvalho on flickr, CC-BY 2.0

51. TEXT AUGUST ▸ ୆෩ͷӨڹʹΑΔߥఱ༧૝Ͱதࢭ ▸ ݁ہߥఱʹ͸ͳΒͳ͔ͬͨ… Image by Lisa Zins

    on flickr, CC-BY 2.0

52. OCTOBER

53. TEXT OCTOBER ▸ य़೔෦ࢢ։࠵ճ ▸ य़೔෦ࢢ;Ε͍͋Ωϡʔϒ 4F ձٞࣨ2 ▸ ϋΠϒϦου։࠵࠶։

    ▸ ࠂ஌͕஗͘ͳͬͨΓ࣮ͯ͠஍ࢀՃ͠ʹ͍͘ ▸ ৔ॴ͕ԕ͍ͱ͍͏ࢦఠ ▸ ΑΓaccessibleʹ͓ͯ͜͠͏ͱ… Image by Janne Räkköläinen on flickr, CC-BY-SA 2.0

54. IN THE MIDDLE OF CHATTER 2 FRONT Image by Quinn

    Dombrowski on flickr, CC-BY-SA 2.0

55. TEXT FRONT: IN THE MIDDLE OF CHATTER 2 ▸ લճͷଓ͖

    ▸ ࣮ࡍͷղੳͱ͸… Image by Quinn Dombrowski on flickr, CC-BY-SA 2.0

56. Image by John Perivolaris on flickr, CC-BY-NC-ND 2.0 TEXT ANATOMY

    OF IOS APP ▸ iOSΞϓϦͷߏ଄ ▸ Info.plist: ϝλ৘ใ (_CodeSignature: ॺ໊) ▸ assets.car: Ϧιʔεྨ ▸ Frameworks: ϥΠϒϥϦྨ˞ ▸ (ΞϓϦ໊): Mach-O࣮ߦϑΝΠϧ˞

57. Image by eliudrosales on flickr, CC-BY-NC 2.0 TEXT TS2-IOS: AUTOMATE

    THE ANALYSIS ▸ iOSΞϓϦղੳΛߦͳ͏trueseeing extension ▸ 2.2.5Ͱmain΁Ϛʔδͨ͠: ipa͕ղੳՄೳʹʂ ▸ API call, URL, dynamic code loading, syscall, re fl ection, jailbreak detection, debug probe, privacy concerns, obfuscations, assertions, logging, library imports, motion sensor, url scheme, ATS, permission, device requirements, device info probes, entitilements, copyright info, XOR ciphers, statically linked libraries ..

58. Image by Alan Levine on flickr, CC-BY 2.0 TEXT TS2-SWIFT-DEMANGLE

    ▸ ໊લ͕ͻͲ͍… ▸ swiftॲཧܥdemanglerΛAPIԽ →swiftॲཧܥͷىಈ͕஗͗͢ΔͨΊ… ▸ ts2ͱϦϯΫ͢Δ͚ͩ (--link ts2-swift-demangle)

59. Image by JamesInOregon on flickr, CC-BY 2.0 TEXT TS2-DISASM-GHIDRA ▸

    ipa/apkΛ౉͢ͱghidraͰdisasm͢Δcontainer ▸ docker run --rm -v $(pwd):/out ts2-disasm- ghidra target.ipa → ͜Ε͚ͩͰdisasm.tar.gzΛ௚઀ੜ੒ ▸ streamingੜ੒: σΟεΫʹ༏͍͠ ▸ ͨͩແ஡ۤ஡࣌ؒ͸͔͔Δ

60. Image by Thomas_H_foto on flickr, CC-BY-ND 2.0 TEXT TAKEAWAYS ▸

    iOSΞϓϦ෼ੳʹ͓͍ͯݟΔ΂͖Օॴ ▸ Info.plist: ϝλ৘ใ Frameworks: ϥΠϒϥϦྨ˞ (ΞϓϦ໊): Mach-O࣮ߦϑΝΠϧ˞ ▸ ObjC৭͕·ͩ·ͩڧ͍: call͕จࣈྻఆ਺Ͱग़ݱ ▸ Swift͸C++ʹ͍ۙҹ৅: demangling͕༗༻ ▸ ࠷৽։ൃಈ޲ͱϥΠϒϥϦͷ஌͕ࣝେࣄ

61. TEXT FRONT: IN THE MIDDLE OF CHATTER 2 ▸ disasm:

    ࣌ؒ͸͔͔Δ͕ࣗಈԽͰ͖ͨ ▸ API call ղੳࣗମ΋͞΄Ͳ೉͘͠ͳ͍ →໰୊ͳͷ͸jailbreak୺຤͔Βͷఠग़ ▸ Claudeʹ͸͞΄Ͳେ͖ͳ໰୊͸ͳ͔ͬͨ →͍͍ͩͨଥ౰ͳൣғ ▸ trueseeingͱghidraͷ໠Җ →2.2.5ͰiOS΁ਖ਼ࣜରԠ… ଴ͨͤͨͳɻ Image by G Menon on flickr, CC-BY-NC-ND 2.0

62. JSONPͷةݥੑ·ͱΊ BACK

63. TEXT BACK: JSONPͷةݥੑ·ͱΊ ▸ jetbee͞ΜʹΑΔߨԋ ▸ ʮJSONPͰAPIΛఏڙ͢ΔͱԿ͕ةͳ͍ͷ͔ʁ Α͘Θ͔Βͳ͔ͬͨͷͰɺ·ͱΊͯΈ·ͨ͠ɻ WEBηΩϡϦςΟͷॳาతͳ಺༰Ͱ͢ɻʯ

64. None

65. TEXT BACK: JSONPͷةݥੑ·ͱΊ ▸ ॳาతͱ͸……ɹ࣮ྫΛަ࣮͑ͨફతͳ͓࿩ ▸ JSONP͸ա౉తͳٕज़ͳͷ͕ͩɺ·ͩ࢖ΘΕͯ ͍Δέʔε͕͋Γ… ▸ Web։ൃʹ͓͚ΔҰͭͷਂ෵ͱͦͷҋͷڪාΛ

    ֞ؒݟͨճ →jetbee͞Μ: ͋Γ͕ͱ͏͍͟͝·ͨ͠

66. DECEMBER Image by JLS Photography - Alaska on flickr, CC-BY-NC-ND

    2.0

67. TEXT DECEMBER ▸ ͍ͨ͞·ࢢ։࠵ճ: 6ϲ݄ͿΓ ▸ RaiBoC ूձࣨ2: ͜͜ʂ Image

    by Nikos Koutoulas on flickr, CC-BY 2.0

68. TEXT TAKEAWAYS: REVIEWING 2024 ▸ Keep ▸ ϋΠϒϦου։࠵ɾࣸਅೖΓ։࠵ใࠂ ▸ Problem

    ▸ ࠂ஌͕ࡶ ▸ Try ▸ ΋ͬͱଘࡏײΛग़ͤΔΑ͏ʹ͕Μ͹Δ ▸ ࣗ༝ͳݚڀ͕Ͱ͖Δ؀ڥҡ࣋ʹ޲͚͕Μ͹Δ Image by Michael Mueller on flickr, CC-BY 2.0

69. STAY TUNED! Image by KaCey97078 on flickr, CC-BY-NC 2.0

70. FIN. 10.12.2024 TAKAHIRO YOSHIMURA (@ALTERAKEY) Image by Geoff Henson on

    flickr, CC-BY-ND 2.0