than Unflod.dylib!” But: original download link for the IPA was not working anymore :( Solution: start from the beginning, aka find original blog post linked with the case
copy [OSX]/usr/local/machook/sfbase.dylib [iOS]Library/MobileSubstrate/DynamicLibraries/sfbase.dylib download signed IPA and push it as well using com.apple.mobile.installation_proxy URL stored in SQLite DB: foundation Enterprise cert means that first execution will bring validation pop-up code not encrypted as not from AppStore globalupdate : loop to check for updates
Maybe I don’t have the latest version also, dead code to query URL and hide it retrieve some files SMS.db AddressBook.sqlitedb UDID post to saveinfo.php
at the signed binary for the moment possibilities too limited except if privileges escalation is possible… hooking methods but does not use it targeted at Chinese market but logs in english still some nice functionalities update functionality OSX —> iOS, but already seen in the wild
milkmix
ohbarye
coconala_engineer
bkuhlmann
meihei3
databricksjapan
kkamegawa
takakiyo
yasumuusan
yajihum
furu8
colopl
kazuya_araki_tokyo
aki_iinuma
62gerente
maggiecrowley
chriscoyier
geeforr
matthewcrist
lara
michaelherold
stephaniewalter
lynnandtonic
philhawksworth
morganepeng
![iOS | sfbase.dylib not signed MobileSubstrate to hook [UIWindow sendEvent]](https://files.speakerdeck.com/presentations/4ad2fa1058370132ec0f5a0b4b0d10f1/slide_11.jpg){kind=link}
