Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Needle - Black Hat Arsenal USA 2017

Needle - Black Hat Arsenal USA 2017

I delivered a talk based on this presentation at Black Hat Arsenal USA 2017 (https://www.blackhat.com/us-17/arsenal/schedule/index.html#needle-7897) in Las Vegas (July 27th, 2017).

Marco Lancini

July 27, 2017
Tweet

More Decks by Marco Lancini

Other Decks in Technology

Transcript

  1. ++
    Black Hat Arsenal USA
    Marco Lancini
    27th July 2017
    Needle

    View Slide

  2. What is Needle?
    Black Hat Arsenal USA
    A tool for
    auditing iOS
    Application
    Security
    An open source,
    modular
    framework
    •streamline the entire
    process
    •acts as a central hub
    Not a vuln
    scanner
    •knowledge (and
    intuition) of the
    tester is still
    required

    View Slide

  3. Motivation
    Beginners: easy to use
    Professionals: save time during assessments
    Developers: quickly test their products
    Black Hat Arsenal USA

    View Slide

  4. The Architecture

    View Slide

  5. New Native Agent
    Black Hat Arsenal USA

    View Slide

  6. How it works (briefly…)
    Black Hat Arsenal USA

    View Slide

  7. UI
    Black Hat Arsenal USA

    View Slide

  8. + The framework core exposes
    APIs to interact with the local
    and remote OS
    + These wraps common functionalities
    • file and data access
    • command execution
    • networking
    + Speed-up creation of new modules
    API
    Black Hat Arsenal USA

    View Slide

  9. API
    Black Hat Arsenal USA

    View Slide

  10. API - Agent
    Black Hat Arsenal USA

    View Slide

  11. Currently Supported Modules
    Black Hat Arsenal USA
    Binary Storage
    Dynamic
    Analysis
    Hooking /
    Instrumentation
    Network
    Communications
    Static Analysis

    View Slide

  12. Other additions

    View Slide

  13. Automatic Issue Detection
    Black Hat Arsenal USA

    View Slide

  14. + python needle-cli.py -g APP=mwr.ios.dvia
    -m binary/info/metadata
    -m device/agent_client#COMMAND=OS_VERSION
    Non Interactive Mode
    Black Hat Arsenal USA

    View Slide

  15. Support for System Apps
    Black Hat Arsenal USA

    View Slide

  16. Roadmap

    View Slide

  17. Roadmap
    Black Hat Arsenal USA
    •Replace all the dependencies
    Agent to deploy on device
    Support for non-jailbroken devices
    •Substrate integration
    •WebView scanner
    •Hook Swift methods
    •URI handlers fuzzer
    •Obfuscation detection
    New modules
    … community based

    View Slide

  18. Want to know more?
    Black Hat Arsenal USA
    mwr.to/needle
    @mwrneedle

    View Slide