Tweet
Tweet

Slide 1

Slide 1 text

TCM 2.0 Wei Wang (@onevcat) 2017-02-03 JP20028 [email protected]

Slide 2

Slide 2 text

Something about Dark

Slide 3

Slide 3 text

Dark Matter?

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

It seems that "Dark" is not so good... • Fear • Despair • Unpresentable • Negative

Slide 7

Slide 7 text

But, is that always true?

Slide 8

Slide 8 text

No content

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

No content

Slide 11

Slide 11 text

No content

Slide 12

Slide 12 text

So what?

Slide 13

Slide 13 text

iOS Dev

Slide 14

Slide 14 text

iOS Dev - Bright Side

Slide 15

Slide 15 text

iOS Dev - Dark Side

Slide 16

Slide 16 text

iOS Dev - Dark Side

Slide 17

Slide 17 text

Sandbox

Slide 18

Slide 18 text

iOS Sandbox • Apps live in a sandbox. • No interacting with the system.

Slide 19

Slide 19 text

iOS Sandbox • Apps live in a sandbox. • No interacting with the system. • You can only USE your phone as Apple wanted you to. • But never OWN your phone (if you are a geek).

Slide 20

Slide 20 text

Jail for Code

Slide 21

Slide 21 text

Jailbreak

Slide 22

Slide 22 text

Jailbreak • Root access of iOS file system. • Install apps/software unavailable through App Store.

Slide 23

Slide 23 text

Cydia Package manager for jailbroken iOS

Slide 24

Slide 24 text

Demo 1 Cydia, SSH

Slide 25

Slide 25 text

cycript Explore and modify running applications on either iOS or Mac OS X

Slide 26

Slide 26 text

bash> cycript -p LineLive cy> var app = [UIApplication sharedApplication] # @"" cy> app.delegate # @"" cy> var appDelegate = new Instance(0x165384d0) # @"" cy> [appDelegate someMethod]; ...

Slide 27

Slide 27 text

cycript? script?

Slide 28

Slide 28 text

cycript JavaScript + Objective-C syntax

Slide 29

Slide 29 text

Demo 2 cycript

Slide 30

Slide 30 text

Demo 2 cycript • Basic commands • Change lock screen slide text • Bypass passcode

Slide 31

Slide 31 text

cycript Explore and modify running applications

Slide 32

Slide 32 text

The applications are not running now?

Slide 33

Slide 33 text

Cydia Substrate Code modification framework behind Cydia

Slide 34

Slide 34 text

Cydia Substrate And most JB apps & tweaks

Slide 35

Slide 35 text

Tweak?

Slide 36

Slide 36 text

The applications are not running now

Slide 37

Slide 37 text

Hook & Load

Slide 38

Slide 38 text

Theos A Makefile system for jailbroken iOS

Slide 39

Slide 39 text

Theos - Tweak Hook applications and methods

Slide 40

Slide 40 text

Theos - Tweak And monkey patch (swizzle)

Slide 41

Slide 41 text

Demo 3 Theos

Slide 42

Slide 42 text

Demo 3 Theos • Creating a basic tweak. • Makefile and modification source. • A real life example of tweak.

Slide 43

Slide 43 text

cycript v.s. Tweak

Slide 44

Slide 44 text

cycript • One time. Javascript & Objective-C syntax. • Explore & Modify by script on fly. Tweak • Hook & replace. Use the power of Cydia Substrate. • Dynamic framework and ldid (Link Identity Editor) signed.

Slide 45

Slide 45 text

No content

Slide 46

Slide 46 text

Demo 4 Reveal with 3rd party app

Slide 47

Slide 47 text

And more Reverse Code Injection Remote LLDB etc.

Slide 48

Slide 48 text

FAQ

Slide 49

Slide 49 text

Is jailbreaking legal?

Slide 50

Slide 50 text

Is jailbreaking legal? • In 2010, 2012, and 2015, the U.S. Copyright Office approved. • Not forbidden or threatened by any government or Apple. • Two jailbreakers have been given positions at Apple. • Apple is "stealing" ideas from JB community. And it helps to improve iOS security.

Slide 51

Slide 51 text

Is jailbreaking legal? But...It's the dark side. • Against EULA. • Lose warranty if being jailbroken. (But you can always restore it back into jail.) • So, consider the risk. (or use an old, warranty- exipred device.)

Slide 52

Slide 52 text

Is it safe to use a jailbroken device?

Slide 53

Slide 53 text

Is it safe to use a jailbroken device? • No, unless you use it properly. • Change root password. Do not install anything untrusted. • Jailbreak a clean device. Do not bind Apple ID or store sensitive information. • Do not connect it to company network. • Do no evil. Just use it for study and research.

Slide 54

Slide 54 text

Why should I know the dark side of iOS?

Slide 55

Slide 55 text

Why should I know the dark side of iOS? • Do you think your app is perfectly safe? • You could use the skills in normal app development. • It's fun!

Slide 56

Slide 56 text

I am terrified. How could I defend my app from dark developers?

Slide 57

Slide 57 text

I am terrified. How could I defend my app from dark developers? • Good question as a bright guy! • Learn them and consider your app safety as you are a dark side dev. • And more... (Another story)

Slide 58

Slide 58 text

Thank you Questions?