• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Breaking iOS Apps using Cycript
 

Breaking iOS Apps using Cycript

on

  • 2,445 views

null Hyderabad Chapter - June 2013 Meet

null Hyderabad Chapter - June 2013 Meet

Statistics

Views

Total Views
2,445
Views on SlideShare
2,102
Embed Views
343

Actions

Likes
2
Downloads
29
Comments
0

2 Embeds 343

http://null.co.in 342
http://anant 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Breaking iOS Apps using Cycript Breaking iOS Apps using Cycript Presentation Transcript

    • BREAKING IOS APPS WITH CYCRIPT Satish Bommisetty
    • Agenda ¨  Objective  C  Basics   ¨  iOS  App  Architecture   ¨  Decrypting  iOS  Apps   ¨  Breaking  apps  with  Cycript  
    • Native iOS Applications ¨  Objective  C  code   ¨  Developed  in  Xcode  
    • Objective C Basics ¨  Objective  C  lies  on  top  of  the  C  language   ¨  Interface  @ile  (.h)   @interface  Car  :  NSObject  {       @loat  @illLevel;    }       -­‐  (void)addGas;       @end       ¨  Implementation  @ile  (.m)   @implementation  Car       -­‐(void)  addGas  {    }       @end      
    • Objective C Basics ¨  Methods  –  pass  messages   ¨  C++   ¤  Object-­‐>Method(param1,param2)   ¨  Objective-­‐C   ¤  [Object  method:param1  param2name:param2]  
    • iOS App Architecture ¨  iOS  App  
    • iOS App Architecture ¨  Mach-­‐O  format   ¤  Header   n  Target  Architecture   ¤  Load  commands   n  Location  of  symbol  table   n  Shared  Libraries   ¤  Data   n  Organized  in  Segments  
    • iOS App Architecture ¨  Header  can  be  viewed  using  otool   ¤  Otool  –h  Binary   ¤  Cpu  type  12/6  =  ARM  6   ¤  Cpu  type  12/9  =  ARM  7  
    • iOS App Architecture ¨  Load  can  be  viewed  using  otool   ¤  Otool  –l  Binary  
    • Decrypting iOS Apps ¨  AppStore  binaries  are  encrypted   ¤  Protects  from  piracy   ¤  Similar  to  Fairplay  DRM  used  on  iTunes  music   ¨  Self  distributed  Apps  are  not  encrypted   ¨  Loader  decrypts  the  apps  when  loaded  into  memory   ¨  Debugger  can  be  used  to  dump  the  decrypted  app  from  memory   ¨  Tools  are  available:  Craculous,  Clutch,  Installous  
    • Cycript ¨  Combination  of  JavaScript  and  Objective-­‐C  interpreter   ¨  App  runtime  can  be  easily  modi@ied  using  Cycript     ¨  Can  be  hooked  to  a  running  process     ¨  Gives  access  to  all  classes  and  instance  variables  within  the  app   ¨  Used  for  runtime  analysis   ¤  Bypass  security  locks   ¤  Access  sensitive  information  from  memory   ¤  Authentication  Bypass  attacks   ¤  Accessing  restricted  areas  of  the  applications  
    • Class-dump-z ¨  Use  class-­‐dump-­‐z  on  decrypted  binary  and  map  the  application   ¨  Retrieve  class  declarations   ¨  Analyze  the  class  dump  output  and  identify  the  interesting  class  
    • iOS App Execution Flow ¨  iOS  app  centralized  point  of  control  (MVC)  –  UIApplication  class  
    • Breaking iOS Apps ¨  Create  object  for  the  class  and  directly  access  the  instance   variables    and  invoke  methods   ¨  Existing  methods  can  be  overwritten  easily