Your SlideShare is downloading. ×
ZaCon2 - iPhone Hackery - Ross Simpson
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

ZaCon2 - iPhone Hackery - Ross Simpson

1,499
views

Published on

Talk given at ZaCon2 on "iPhone Hackery" by Ross Simpson …

Talk given at ZaCon2 on "iPhone Hackery" by Ross Simpson

Date: 9 October 2010
Location: Johannesburg , South Africa

Link to video: http://www.youtube.com/watch?v=Arr2Xs7w4HM

Published in: Technology

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,499
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
11
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. The iPhone Jailbreak
  • 2. The iPhone Jailbreak What? breaking out of the sandbox (Apple's restrictions)
  • 3. The iPhone Jailbreak Why? * 3rd party apps (Cydia) * full access to filesystem (r00t access) * 3G tethering * change default behaviour of system software
  • 4. The iPhone Jailbreak How? * download an application, for your OS version * use http://www.JailbreakMe.com (PDF exploit)
  • 5. The iPhone Jailbreak r00t! passwords for “root” and “mobile” user accounts are “alpine”... Change them! (mobile terminal)
  • 6. iPhone and WiFi
  • 7. iPhone and WiFi eWiFi * free (in Cydia) * displays encryption methods on home screen
  • 8. iPhone and WiFi eWiFi * free (in Cydia) * displays encryption methods on home screen * easy “auto scan” (time/shake)
  • 9. iPhone and WiFi WiFiFoFum * free (in Cydia) * no encryption methods on home screen :(
  • 10. iPhone and WiFi WiFiFoFum * free (in Cydia) * no encryption methods on home screen :( * displays community-contributed (public) APs
  • 11. iPhone and WiFi WiFiFoFum * free (in Cydia) * no encryption methods on home screen :( * displays community-contributed (public) APs * radar to display locations of APs
  • 12. iPhone and WiFi WiFiFoFum * free (in Cydia) * no encryption methods on home screen :( * displays community-contributed (public) APs * radar to display locations of APs
  • 13. Packet Capturing
  • 14. Packet Capturing tcpdump * free (in Cydia) * packet analyzer * http://www.tcpdump.org
  • 15. Packet Capturing Pirni * free (in Cydia) * iPhone network sniffer * console based
  • 16. Packet Capturing Pirni Pro * $1.99 (in Cydia) * GUI based * auto detects gateway
  • 17. Packet Capturing Pirni Pro * free (in Cydia) * GUI based * auto detects gateway * RegEX searching
  • 18. Man In The Middle Attacks
  • 19. Man-in-the-Middle attacks * easily scriptable * awk+sed+grep = cookies Pirni + bash
  • 20. Man-in-the-Middle attacks * easily scriptable * awk+sed+grep = cookies * inject into mobile Safari * easily scriptable * awk+sed+grep = cookies * inject into mobile Safari Pirni + bash
  • 21. Packet Capturing * easily scriptable * awk+sed+grep = cookies * inject into mobile Safari * Profit! Pirni + bash
  • 22. Packet Capturing pirni-derv * http://code.google.com/p/pirni-derv/ * console based * sniffs for, and auto-injects, cookies
  • 23. Packet Capturing pirni-derv * http://code.google.com/p/pirni-derv/ * console based * sniffs for, and auto-injects, cookies * displays and logs rawtext passwords
  • 24. Penetration Testing
  • 25. Penetration Testing nmap * free (in Cydia) * network scanner
  • 26. Penetration Testing metasploit * free (in Cydia) * requires Ruby 1.8.6 (Cydia installs 1.9)
  • 27. Penetration Testing S.E.T * install APT 0.7 Strict (Cydia) * manually install python * manually install subversion * svn check out SET * agree to install “soup”
  • 28. Penetration Testing nikto * manually install perl (http://coredev.nl) * manually install nikto (http://cirt.net/nikto2)
  • 29. Penetration Testing aircrack-ng * download + unzip binaries * lots of broken links/zips * broken version in Cydia * no packet capturing * only cracking
  • 30. Penetration Testing PenTBox * free (in Cydia) * http://www.pentbox.net/
  • 31. Penetration Testing THC-Hydra * free (in Cydia) * network login hacker
  • 32. Other l33t stuff
  • 33. Other l33t stuff TV Out * free (in Cydia) * lets you connect your iPhone to a TV * works with un-official TV Out cables * multiple output modes / controls (eg: size)
  • 34. Other l33t stuff Veency * free (in Cydia) * VNC server for iPhone
  • 35. Other l33t stuff MyWi * costs $19.99 (in Cydia) * create an Access Point, sharing 3G (wifi/usb) * transmit power settings (saves battery / security) * bypass service provider fees
  • 36. Other l33t stuff Fake location * free (in Cydia) * fakes your location in selected apps * choose your location on a map
  • 37. Other l33t stuff Fake location * free (in Cydia) * fakes your location in selected apps * choose your location on a map * steal Foursquare mayorships ;) * social engineering (Twitter / Facebook Places)