SlideShare a Scribd company logo
1 of 15
Download to read offline
BREAKING IOS APPS WITH
CYCRIPT
Satish Bommisetty
Agenda
¨  Objective	
  C	
  Basics	
  
¨  iOS	
  App	
  Architecture	
  
¨  Decrypting	
  iOS	
  Apps	
  
¨  Breaking	
  apps	
  with	
  Cycript	
  
Native iOS Applications
¨  Objective	
  C	
  code	
  
¨  Developed	
  in	
  Xcode	
  
Objective C Basics
¨  Objective	
  C	
  lies	
  on	
  top	
  of	
  the	
  C	
  language	
  
¨  Interface	
  @ile	
  (.h)	
  
@interface	
  Car	
  :	
  NSObject	
  {	
  	
  	
  
@loat	
  @illLevel;	
  	
  }	
  	
  	
  
-­‐	
  (void)addGas;	
  	
  	
  
@end	
  	
  	
  
¨  Implementation	
  @ile	
  (.m)	
  
@implementation	
  Car	
  	
  	
  
-­‐(void)	
  addGas	
  {	
  	
  }	
  	
  	
  
@end	
  	
  	
  
Objective C Basics
¨  Methods	
  –	
  pass	
  messages	
  
¨  C++	
  
¤  Object-­‐>Method(param1,param2)	
  
¨  Objective-­‐C	
  
¤  [Object	
  method:param1	
  param2name:param2]	
  
iOS App Architecture
¨  iOS	
  App	
  
iOS App Architecture
¨  Mach-­‐O	
  format	
  
¤  Header	
  
n  Target	
  Architecture	
  
¤  Load	
  commands	
  
n  Location	
  of	
  symbol	
  table	
  
n  Shared	
  Libraries	
  
¤  Data	
  
n  Organized	
  in	
  Segments	
  
iOS App Architecture
¨  Header	
  can	
  be	
  viewed	
  using	
  otool	
  
¤  Otool	
  –h	
  Binary	
  
¤  Cpu	
  type	
  12/6	
  =	
  ARM	
  6	
  
¤  Cpu	
  type	
  12/9	
  =	
  ARM	
  7	
  
iOS App Architecture
¨  Load	
  can	
  be	
  viewed	
  using	
  otool	
  
¤  Otool	
  –l	
  Binary	
  
Decrypting iOS Apps
¨  AppStore	
  binaries	
  are	
  encrypted	
  
¤  Protects	
  from	
  piracy	
  
¤  Similar	
  to	
  Fairplay	
  DRM	
  used	
  on	
  iTunes	
  music	
  
¨  Self	
  distributed	
  Apps	
  are	
  not	
  encrypted	
  
¨  Loader	
  decrypts	
  the	
  apps	
  when	
  loaded	
  into	
  memory	
  
¨  Debugger	
  can	
  be	
  used	
  to	
  dump	
  the	
  decrypted	
  app	
  from	
  memory	
  
¨  Tools	
  are	
  available:	
  Craculous,	
  Clutch,	
  Installous	
  
Cycript
¨  Combination	
  of	
  JavaScript	
  and	
  Objective-­‐C	
  interpreter	
  
¨  App	
  runtime	
  can	
  be	
  easily	
  modi@ied	
  using	
  Cycript	
  	
  
¨  Can	
  be	
  hooked	
  to	
  a	
  running	
  process	
  	
  
¨  Gives	
  access	
  to	
  all	
  classes	
  and	
  instance	
  variables	
  within	
  the	
  app	
  
¨  Used	
  for	
  runtime	
  analysis	
  
¤  Bypass	
  security	
  locks	
  
¤  Access	
  sensitive	
  information	
  from	
  memory	
  
¤  Authentication	
  Bypass	
  attacks	
  
¤  Accessing	
  restricted	
  areas	
  of	
  the	
  applications	
  
Class-dump-z
¨  Use	
  class-­‐dump-­‐z	
  on	
  decrypted	
  binary	
  and	
  map	
  the	
  application	
  
¨  Retrieve	
  class	
  declarations	
  
¨  Analyze	
  the	
  class	
  dump	
  output	
  and	
  identify	
  the	
  interesting	
  class	
  
iOS App Execution Flow
¨  iOS	
  app	
  centralized	
  point	
  of	
  control	
  (MVC)	
  –	
  UIApplication	
  class	
  
Breaking iOS Apps
¨  Create	
  object	
  for	
  the	
  class	
  and	
  directly	
  access	
  the	
  instance	
  
variables	
  	
  and	
  invoke	
  methods	
  
¨  Existing	
  methods	
  can	
  be	
  overwritten	
  easily	
  	
  
Breaking iOS Apps using Cycript

More Related Content

What's hot

OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesMarco Morana
 
Introdução ao Deep Learning com o TensorFlow
Introdução ao Deep Learning com o TensorFlowIntrodução ao Deep Learning com o TensorFlow
Introdução ao Deep Learning com o TensorFlowpichiliani
 
Django app deployment in Azure By Saurabh Agarwal
Django app deployment in Azure By Saurabh AgarwalDjango app deployment in Azure By Saurabh Agarwal
Django app deployment in Azure By Saurabh Agarwalratneshsinghparihar
 
Les menaces applicatives
Les menaces applicativesLes menaces applicatives
Les menaces applicativesBee_Ware
 
Cross Site Request Forgery (CSRF) Scripting Explained
Cross Site Request Forgery (CSRF) Scripting ExplainedCross Site Request Forgery (CSRF) Scripting Explained
Cross Site Request Forgery (CSRF) Scripting ExplainedValency Networks
 
Creating a windowed program
Creating a windowed programCreating a windowed program
Creating a windowed programmyrajendra
 
Advanced Client Side Exploitation Using BeEF
Advanced Client Side Exploitation Using BeEFAdvanced Client Side Exploitation Using BeEF
Advanced Client Side Exploitation Using BeEF1N3
 
DIY Education in Cyber Security
DIY Education in Cyber SecurityDIY Education in Cyber Security
DIY Education in Cyber SecurityKelly Shortridge
 
Intro to react native
Intro to react nativeIntro to react native
Intro to react nativeModusJesus
 
Programação Desktop: Uma abordagem com Java
Programação Desktop: Uma abordagem com JavaProgramação Desktop: Uma abordagem com Java
Programação Desktop: Uma abordagem com JavaRosicleia Frasson
 
はじめてのWi-Fiクラック
はじめてのWi-FiクラックはじめてのWi-Fiクラック
はじめてのWi-Fiクラックzaki4649
 
Flutter 是什麼?用 Flutter 會省到時間嗎? @ GDG Devfest2020
Flutter 是什麼?用 Flutter 會省到時間嗎? @ GDG Devfest2020Flutter 是什麼?用 Flutter 會省到時間嗎? @ GDG Devfest2020
Flutter 是什麼?用 Flutter 會省到時間嗎? @ GDG Devfest2020Johnny Sung
 
Testing Spring Boot Applications
Testing Spring Boot ApplicationsTesting Spring Boot Applications
Testing Spring Boot ApplicationsVMware Tanzu
 

What's hot (20)

Xss attack
Xss attackXss attack
Xss attack
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root Causes
 
Zed Attack Proxy (ZAP)
Zed Attack Proxy (ZAP)Zed Attack Proxy (ZAP)
Zed Attack Proxy (ZAP)
 
React Native na globo.com
React Native na globo.comReact Native na globo.com
React Native na globo.com
 
Introdução ao Deep Learning com o TensorFlow
Introdução ao Deep Learning com o TensorFlowIntrodução ao Deep Learning com o TensorFlow
Introdução ao Deep Learning com o TensorFlow
 
Django app deployment in Azure By Saurabh Agarwal
Django app deployment in Azure By Saurabh AgarwalDjango app deployment in Azure By Saurabh Agarwal
Django app deployment in Azure By Saurabh Agarwal
 
Firewall
FirewallFirewall
Firewall
 
Applet in java
Applet in javaApplet in java
Applet in java
 
Les menaces applicatives
Les menaces applicativesLes menaces applicatives
Les menaces applicatives
 
Cross Site Request Forgery (CSRF) Scripting Explained
Cross Site Request Forgery (CSRF) Scripting ExplainedCross Site Request Forgery (CSRF) Scripting Explained
Cross Site Request Forgery (CSRF) Scripting Explained
 
Creating a windowed program
Creating a windowed programCreating a windowed program
Creating a windowed program
 
Advanced Client Side Exploitation Using BeEF
Advanced Client Side Exploitation Using BeEFAdvanced Client Side Exploitation Using BeEF
Advanced Client Side Exploitation Using BeEF
 
DIY Education in Cyber Security
DIY Education in Cyber SecurityDIY Education in Cyber Security
DIY Education in Cyber Security
 
Swift vs Objective-C
Swift vs Objective-CSwift vs Objective-C
Swift vs Objective-C
 
Intro to react native
Intro to react nativeIntro to react native
Intro to react native
 
Programação Desktop: Uma abordagem com Java
Programação Desktop: Uma abordagem com JavaProgramação Desktop: Uma abordagem com Java
Programação Desktop: Uma abordagem com Java
 
はじめてのWi-Fiクラック
はじめてのWi-FiクラックはじめてのWi-Fiクラック
はじめてのWi-Fiクラック
 
Flutter 是什麼?用 Flutter 會省到時間嗎? @ GDG Devfest2020
Flutter 是什麼?用 Flutter 會省到時間嗎? @ GDG Devfest2020Flutter 是什麼?用 Flutter 會省到時間嗎? @ GDG Devfest2020
Flutter 是什麼?用 Flutter 會省到時間嗎? @ GDG Devfest2020
 
Builder design pattern
Builder design patternBuilder design pattern
Builder design pattern
 
Testing Spring Boot Applications
Testing Spring Boot ApplicationsTesting Spring Boot Applications
Testing Spring Boot Applications
 

Viewers also liked

Reverse Engineering iOS apps
Reverse Engineering iOS appsReverse Engineering iOS apps
Reverse Engineering iOS appsMax Bazaliy
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applicationsjasonhaddix
 
逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCamp
逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCamp逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCamp
逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCampimShining @DevCamp
 
如何创建更加灵活的App | 大众点评 屠毅敏
如何创建更加灵活的App | 大众点评 屠毅敏如何创建更加灵活的App | 大众点评 屠毅敏
如何创建更加灵活的App | 大众点评 屠毅敏imShining @DevCamp
 
iOS app security
iOS app security  iOS app security
iOS app security Hokila Jan
 
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014viaForensics
 
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...Hackito Ergo Sum
 
WebView security on iOS (EN)
WebView security on iOS (EN)WebView security on iOS (EN)
WebView security on iOS (EN)lpilorz
 
iOS App Reverse Engineering
iOS App Reverse EngineeringiOS App Reverse Engineering
iOS App Reverse EngineeringZishe Sha
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation TestJongWon Kim
 
A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”
A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”
A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”Edmund Chattoe-Brown
 
CDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopCDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopPrathan Phongthiproek
 

Viewers also liked (13)

Reverse Engineering iOS apps
Reverse Engineering iOS appsReverse Engineering iOS apps
Reverse Engineering iOS apps
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applications
 
逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCamp
逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCamp逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCamp
逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCamp
 
如何创建更加灵活的App | 大众点评 屠毅敏
如何创建更加灵活的App | 大众点评 屠毅敏如何创建更加灵活的App | 大众点评 屠毅敏
如何创建更加灵活的App | 大众点评 屠毅敏
 
iOS app security
iOS app security  iOS app security
iOS app security
 
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
 
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
 
WebView security on iOS (EN)
WebView security on iOS (EN)WebView security on iOS (EN)
WebView security on iOS (EN)
 
iOS App Reverse Engineering
iOS App Reverse EngineeringiOS App Reverse Engineering
iOS App Reverse Engineering
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation Test
 
A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”
A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”
A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”
 
Ios vs android
Ios vs androidIos vs android
Ios vs android
 
CDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopCDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest Workshop
 

Similar to Breaking iOS Apps using Cycript

iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application SecurityEgor Tolstoy
 
Hacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh MishraHacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh MishraOWASP Delhi
 
[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...
[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...
[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...PROIDEA
 
FRIDA 101 Android
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 AndroidTony Thomas
 
Android Bootcamp
Android   BootcampAndroid   Bootcamp
Android Bootcampahkjsdcsadc
 
Part 2 android application development 101
Part 2 android application development 101Part 2 android application development 101
Part 2 android application development 101Michael Angelo Rivera
 
MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsRon Munitz
 
Xamarin.Mac Introduction
Xamarin.Mac IntroductionXamarin.Mac Introduction
Xamarin.Mac IntroductionMiguel de Icaza
 
Introduction phonegap
Introduction phonegapIntroduction phonegap
Introduction phonegapRakesh Jha
 
Advanced programing in phonegap
Advanced programing in phonegapAdvanced programing in phonegap
Advanced programing in phonegapRakesh Jha
 
Bootstrapping iPhone Development
Bootstrapping iPhone DevelopmentBootstrapping iPhone Development
Bootstrapping iPhone DevelopmentThoughtWorks
 
iOS Client Side Analysis
iOS Client Side AnalysisiOS Client Side Analysis
iOS Client Side AnalysisAadarsh N
 
Ignite your app development with Angular, NativeScript and Firebase
Ignite your app development with Angular, NativeScript and FirebaseIgnite your app development with Angular, NativeScript and Firebase
Ignite your app development with Angular, NativeScript and FirebaseJen Looper
 
What Makes Objective C Dynamic?
What Makes Objective C Dynamic?What Makes Objective C Dynamic?
What Makes Objective C Dynamic?Kyle Oba
 
NCC Group 44Con Workshop: How to assess and secure ios apps
NCC Group 44Con Workshop: How to assess and secure ios appsNCC Group 44Con Workshop: How to assess and secure ios apps
NCC Group 44Con Workshop: How to assess and secure ios appsNCC Group
 

Similar to Breaking iOS Apps using Cycript (20)

iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application Security
 
Hacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh MishraHacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh Mishra
 
[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...
[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...
[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...
 
FRIDA 101 Android
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 Android
 
Android Bootcamp
Android   BootcampAndroid   Bootcamp
Android Bootcamp
 
Part 2 android application development 101
Part 2 android application development 101Part 2 android application development 101
Part 2 android application development 101
 
MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android Apps
 
Xamarin.Mac Introduction
Xamarin.Mac IntroductionXamarin.Mac Introduction
Xamarin.Mac Introduction
 
Introduction phonegap
Introduction phonegapIntroduction phonegap
Introduction phonegap
 
Advanced programing in phonegap
Advanced programing in phonegapAdvanced programing in phonegap
Advanced programing in phonegap
 
Bootstrapping iPhone Development
Bootstrapping iPhone DevelopmentBootstrapping iPhone Development
Bootstrapping iPhone Development
 
Android basics
Android basicsAndroid basics
Android basics
 
iOS Client Side Analysis
iOS Client Side AnalysisiOS Client Side Analysis
iOS Client Side Analysis
 
Intro to appcelerator
Intro to appceleratorIntro to appcelerator
Intro to appcelerator
 
Ignite your app development with Angular, NativeScript and Firebase
Ignite your app development with Angular, NativeScript and FirebaseIgnite your app development with Angular, NativeScript and Firebase
Ignite your app development with Angular, NativeScript and Firebase
 
Typescript++1
Typescript++1Typescript++1
Typescript++1
 
What Makes Objective C Dynamic?
What Makes Objective C Dynamic?What Makes Objective C Dynamic?
What Makes Objective C Dynamic?
 
C Language
C LanguageC Language
C Language
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
 
NCC Group 44Con Workshop: How to assess and secure ios apps
NCC Group 44Con Workshop: How to assess and secure ios appsNCC Group 44Con Workshop: How to assess and secure ios apps
NCC Group 44Con Workshop: How to assess and secure ios apps
 

More from n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Recently uploaded

VIT336 – Recommender System - Unit 3.pdf
VIT336 – Recommender System - Unit 3.pdfVIT336 – Recommender System - Unit 3.pdf
VIT336 – Recommender System - Unit 3.pdfArthyR3
 
3.12.24 The Social Construction of Gender.pptx
3.12.24 The Social Construction of Gender.pptx3.12.24 The Social Construction of Gender.pptx
3.12.24 The Social Construction of Gender.pptxmary850239
 
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in Pharmacy
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in PharmacyASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in Pharmacy
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in PharmacySumit Tiwari
 
PHARMACOGNOSY CHAPTER NO 5 CARMINATIVES AND G.pdf
PHARMACOGNOSY CHAPTER NO 5 CARMINATIVES AND G.pdfPHARMACOGNOSY CHAPTER NO 5 CARMINATIVES AND G.pdf
PHARMACOGNOSY CHAPTER NO 5 CARMINATIVES AND G.pdfSumit Tiwari
 
3.12.24 Freedom Summer in Mississippi.pptx
3.12.24 Freedom Summer in Mississippi.pptx3.12.24 Freedom Summer in Mississippi.pptx
3.12.24 Freedom Summer in Mississippi.pptxmary850239
 
EDD8524 The Future of Educational Leader
EDD8524 The Future of Educational LeaderEDD8524 The Future of Educational Leader
EDD8524 The Future of Educational LeaderDr. Bruce A. Johnson
 
3.14.24 Gender Discrimination and Gender Inequity.pptx
3.14.24 Gender Discrimination and Gender Inequity.pptx3.14.24 Gender Discrimination and Gender Inequity.pptx
3.14.24 Gender Discrimination and Gender Inequity.pptxmary850239
 
ICS2208 Lecture4 Intelligent Interface Agents.pdf
ICS2208 Lecture4 Intelligent Interface Agents.pdfICS2208 Lecture4 Intelligent Interface Agents.pdf
ICS2208 Lecture4 Intelligent Interface Agents.pdfVanessa Camilleri
 
Quantitative research methodology and survey design
Quantitative research methodology and survey designQuantitative research methodology and survey design
Quantitative research methodology and survey designBalelaBoru
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...Nguyen Thanh Tu Collection
 
LEAD6001 - Introduction to Advanced Stud
LEAD6001 - Introduction to Advanced StudLEAD6001 - Introduction to Advanced Stud
LEAD6001 - Introduction to Advanced StudDr. Bruce A. Johnson
 
Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...
Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...
Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...gdgsurrey
 
Pharmacology chapter No 7 full notes.pdf
Pharmacology chapter No 7 full notes.pdfPharmacology chapter No 7 full notes.pdf
Pharmacology chapter No 7 full notes.pdfSumit Tiwari
 
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.docdieu18
 
Dhavni Theory by Anandvardhana Indian Poetics
Dhavni Theory by Anandvardhana Indian PoeticsDhavni Theory by Anandvardhana Indian Poetics
Dhavni Theory by Anandvardhana Indian PoeticsDhatriParmar
 
Plant Tissue culture., Plasticity, Totipotency, pptx
Plant Tissue culture., Plasticity, Totipotency, pptxPlant Tissue culture., Plasticity, Totipotency, pptx
Plant Tissue culture., Plasticity, Totipotency, pptxHimansu10
 
Metabolism of lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptx
Metabolism of  lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptxMetabolism of  lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptx
Metabolism of lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptxDr. Santhosh Kumar. N
 

Recently uploaded (20)

VIT336 – Recommender System - Unit 3.pdf
VIT336 – Recommender System - Unit 3.pdfVIT336 – Recommender System - Unit 3.pdf
VIT336 – Recommender System - Unit 3.pdf
 
3.12.24 The Social Construction of Gender.pptx
3.12.24 The Social Construction of Gender.pptx3.12.24 The Social Construction of Gender.pptx
3.12.24 The Social Construction of Gender.pptx
 
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in Pharmacy
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in PharmacyASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in Pharmacy
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in Pharmacy
 
t-test Parametric test Biostatics and Research Methodology
t-test Parametric test Biostatics and Research Methodologyt-test Parametric test Biostatics and Research Methodology
t-test Parametric test Biostatics and Research Methodology
 
PHARMACOGNOSY CHAPTER NO 5 CARMINATIVES AND G.pdf
PHARMACOGNOSY CHAPTER NO 5 CARMINATIVES AND G.pdfPHARMACOGNOSY CHAPTER NO 5 CARMINATIVES AND G.pdf
PHARMACOGNOSY CHAPTER NO 5 CARMINATIVES AND G.pdf
 
3.12.24 Freedom Summer in Mississippi.pptx
3.12.24 Freedom Summer in Mississippi.pptx3.12.24 Freedom Summer in Mississippi.pptx
3.12.24 Freedom Summer in Mississippi.pptx
 
EDD8524 The Future of Educational Leader
EDD8524 The Future of Educational LeaderEDD8524 The Future of Educational Leader
EDD8524 The Future of Educational Leader
 
3.14.24 Gender Discrimination and Gender Inequity.pptx
3.14.24 Gender Discrimination and Gender Inequity.pptx3.14.24 Gender Discrimination and Gender Inequity.pptx
3.14.24 Gender Discrimination and Gender Inequity.pptx
 
ICS2208 Lecture4 Intelligent Interface Agents.pdf
ICS2208 Lecture4 Intelligent Interface Agents.pdfICS2208 Lecture4 Intelligent Interface Agents.pdf
ICS2208 Lecture4 Intelligent Interface Agents.pdf
 
Quantitative research methodology and survey design
Quantitative research methodology and survey designQuantitative research methodology and survey design
Quantitative research methodology and survey design
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
 
LEAD6001 - Introduction to Advanced Stud
LEAD6001 - Introduction to Advanced StudLEAD6001 - Introduction to Advanced Stud
LEAD6001 - Introduction to Advanced Stud
 
Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...
Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...
Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...
 
Pharmacology chapter No 7 full notes.pdf
Pharmacology chapter No 7 full notes.pdfPharmacology chapter No 7 full notes.pdf
Pharmacology chapter No 7 full notes.pdf
 
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc
 
Dhavni Theory by Anandvardhana Indian Poetics
Dhavni Theory by Anandvardhana Indian PoeticsDhavni Theory by Anandvardhana Indian Poetics
Dhavni Theory by Anandvardhana Indian Poetics
 
ANOVA Parametric test: Biostatics and Research Methodology
ANOVA Parametric test: Biostatics and Research MethodologyANOVA Parametric test: Biostatics and Research Methodology
ANOVA Parametric test: Biostatics and Research Methodology
 
Plant Tissue culture., Plasticity, Totipotency, pptx
Plant Tissue culture., Plasticity, Totipotency, pptxPlant Tissue culture., Plasticity, Totipotency, pptx
Plant Tissue culture., Plasticity, Totipotency, pptx
 
Problems on Mean,Mode,Median Standard Deviation
Problems on Mean,Mode,Median Standard DeviationProblems on Mean,Mode,Median Standard Deviation
Problems on Mean,Mode,Median Standard Deviation
 
Metabolism of lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptx
Metabolism of  lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptxMetabolism of  lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptx
Metabolism of lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptx
 

Breaking iOS Apps using Cycript

  • 1. BREAKING IOS APPS WITH CYCRIPT Satish Bommisetty
  • 2. Agenda ¨  Objective  C  Basics   ¨  iOS  App  Architecture   ¨  Decrypting  iOS  Apps   ¨  Breaking  apps  with  Cycript  
  • 3. Native iOS Applications ¨  Objective  C  code   ¨  Developed  in  Xcode  
  • 4. Objective C Basics ¨  Objective  C  lies  on  top  of  the  C  language   ¨  Interface  @ile  (.h)   @interface  Car  :  NSObject  {       @loat  @illLevel;    }       -­‐  (void)addGas;       @end       ¨  Implementation  @ile  (.m)   @implementation  Car       -­‐(void)  addGas  {    }       @end      
  • 5. Objective C Basics ¨  Methods  –  pass  messages   ¨  C++   ¤  Object-­‐>Method(param1,param2)   ¨  Objective-­‐C   ¤  [Object  method:param1  param2name:param2]  
  • 7. iOS App Architecture ¨  Mach-­‐O  format   ¤  Header   n  Target  Architecture   ¤  Load  commands   n  Location  of  symbol  table   n  Shared  Libraries   ¤  Data   n  Organized  in  Segments  
  • 8. iOS App Architecture ¨  Header  can  be  viewed  using  otool   ¤  Otool  –h  Binary   ¤  Cpu  type  12/6  =  ARM  6   ¤  Cpu  type  12/9  =  ARM  7  
  • 9. iOS App Architecture ¨  Load  can  be  viewed  using  otool   ¤  Otool  –l  Binary  
  • 10. Decrypting iOS Apps ¨  AppStore  binaries  are  encrypted   ¤  Protects  from  piracy   ¤  Similar  to  Fairplay  DRM  used  on  iTunes  music   ¨  Self  distributed  Apps  are  not  encrypted   ¨  Loader  decrypts  the  apps  when  loaded  into  memory   ¨  Debugger  can  be  used  to  dump  the  decrypted  app  from  memory   ¨  Tools  are  available:  Craculous,  Clutch,  Installous  
  • 11. Cycript ¨  Combination  of  JavaScript  and  Objective-­‐C  interpreter   ¨  App  runtime  can  be  easily  modi@ied  using  Cycript     ¨  Can  be  hooked  to  a  running  process     ¨  Gives  access  to  all  classes  and  instance  variables  within  the  app   ¨  Used  for  runtime  analysis   ¤  Bypass  security  locks   ¤  Access  sensitive  information  from  memory   ¤  Authentication  Bypass  attacks   ¤  Accessing  restricted  areas  of  the  applications  
  • 12. Class-dump-z ¨  Use  class-­‐dump-­‐z  on  decrypted  binary  and  map  the  application   ¨  Retrieve  class  declarations   ¨  Analyze  the  class  dump  output  and  identify  the  interesting  class  
  • 13. iOS App Execution Flow ¨  iOS  app  centralized  point  of  control  (MVC)  –  UIApplication  class  
  • 14. Breaking iOS Apps ¨  Create  object  for  the  class  and  directly  access  the  instance   variables    and  invoke  methods   ¨  Existing  methods  can  be  overwritten  easily