iOS Dev - The Dark Side

Transcript

1. TCM 2.0 Wei Wang (@onevcat) 2017-02-03 JP20028 [email protected]

2. Something about Dark

3. Dark Matter?

4. None
5. None

6. It seems that "Dark" is not so good... • Fear

   • Despair • Unpresentable • Negative

7. But, is that always true?

8. None
9. None
10. None
11. None

12. So what?

13. iOS Dev

14. iOS Dev - Bright Side

15. iOS Dev - Dark Side

16. iOS Dev - Dark Side

17. Sandbox

18. iOS Sandbox • Apps live in a sandbox. • No

    interacting with the system.

19. iOS Sandbox • Apps live in a sandbox. • No

    interacting with the system. • You can only USE your phone as Apple wanted you to. • But never OWN your phone (if you are a geek).

20. Jail for Code

21. Jailbreak

22. Jailbreak • Root access of iOS file system. • Install

    apps/software unavailable through App Store.

23. Cydia Package manager for jailbroken iOS

24. Demo 1 Cydia, SSH

25. cycript Explore and modify running applications on either iOS or

    Mac OS X

26. bash> cycript -p LineLive cy> var app = [UIApplication sharedApplication]

    # @"<UIApplication: 0x16530640>" cy> app.delegate # @"<AppDelegate: 0x165384d0>" cy> var appDelegate = new Instance(0x165384d0) # @"<AppDelegate: 0x165384d0>" cy> [appDelegate someMethod]; ...

27. cycript? script?

28. cycript JavaScript + Objective-C syntax

29. Demo 2 cycript

30. Demo 2 cycript • Basic commands • Change lock screen

    slide text • Bypass passcode

31. cycript Explore and modify running applications

32. The applications are not running now?

33. Cydia Substrate Code modification framework behind Cydia

34. Cydia Substrate And most JB apps & tweaks

35. Tweak?

36. The applications are not running now

37. Hook & Load

38. Theos A Makefile system for jailbroken iOS

39. Theos - Tweak Hook applications and methods

40. Theos - Tweak And monkey patch (swizzle)

41. Demo 3 Theos

42. Demo 3 Theos • Creating a basic tweak. • Makefile

    and modification source. • A real life example of tweak.

43. cycript v.s. Tweak

44. cycript • One time. Javascript & Objective-C syntax. • Explore

    & Modify by script on fly. Tweak • Hook & replace. Use the power of Cydia Substrate. • Dynamic framework and ldid (Link Identity Editor) signed.
45. None

46. Demo 4 Reveal with 3rd party app

47. And more Reverse Code Injection Remote LLDB etc.

48. FAQ

49. Is jailbreaking legal?

50. Is jailbreaking legal? • In 2010, 2012, and 2015, the

    U.S. Copyright Office approved. • Not forbidden or threatened by any government or Apple. • Two jailbreakers have been given positions at Apple. • Apple is "stealing" ideas from JB community. And it helps to improve iOS security.

51. Is jailbreaking legal? But...It's the dark side. • Against EULA.

    • Lose warranty if being jailbroken. (But you can always restore it back into jail.) • So, consider the risk. (or use an old, warranty- exipred device.)

52. Is it safe to use a jailbroken device?

53. Is it safe to use a jailbroken device? • No,

    unless you use it properly. • Change root password. Do not install anything untrusted. • Jailbreak a clean device. Do not bind Apple ID or store sensitive information. • Do not connect it to company network. • Do no evil. Just use it for study and research.

54. Why should I know the dark side of iOS?

55. Why should I know the dark side of iOS? •

    Do you think your app is perfectly safe? • You could use the skills in normal app development. • It's fun!

56. I am terrified. How could I defend my app from

    dark developers?

57. I am terrified. How could I defend my app from

    dark developers? • Good question as a bright guy! • Learn them and consider your app safety as you are a dark side dev. • And more... (Another story)

58. Thank you Questions?