Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

RDSDataSource: iOS Reverse Engineering for inexperienced

363 views

Published on

Валерий Попов рассказывает о том, как организован процесс реверс-инжиниринга iOS приложений.

RDSDataSource - внутренние пятничные митапы iOS-команды RAMBLER&Co.

Published in: Technology
  • Be the first to comment

RDSDataSource: iOS Reverse Engineering for inexperienced

  1. 1. Reverse engineering for inexperienced
  2. 2. –Helmut Jahn “A good engineer thinks in reverse and asks himself about the stylistic consequences of the components and systems he proposes.”
  3. 3. Reverse System level Code level
  4. 4. Reveal
  5. 5. Charles
  6. 6. idb iNalyzer Introspy Snoop-it
  7. 7. iOS filesystem • / • /bin • /boot • /dev • /sbin • /etc • /lib • /mnt • /private • /tmp • /usr • /var • /Applications
  8. 8. App directory
  9. 9. App directory • Binary • Interface files • Images • plist files • momd files
  10. 10. momd
  11. 11. Binary
  12. 12. Mach-O executable *.c/*.m *.out • Tokenization • Macro / #include expansion • AST producing • LLVM IR generating • Assembly • Object file • Executable
  13. 13. Mach-O executable Mach-O Header Load Commands Data
  14. 14. Mach-O executable Mach-O Header Load Commands Data Fat Header Mach-O Header Load Commands Data
  15. 15. class-dump Mach-O files *.h
 *.h … *.h
  16. 16. class-dump class-dump -S -s -H MyApp -o /path/to/headers/
  17. 17. class-dump
  18. 18. class-dump (No jailbreak)
  19. 19. Jailbreak Device start exploit Bootrom LLB iBoot Kernel System Software Apps signature verify
  20. 20. Jailbreak types • untethered • tethered • semi-tethered
  21. 21. Jailbreak • File system access rights • broken sandbox • unsigned apps
  22. 22. cycript cycript allows developers to explore and modify running applications on either iOS or Mac OS using a hybrid of Objective- C++ and Javascript syntax
  23. 23. cycript
  24. 24. cycript
  25. 25. cycript
  26. 26. Disassemblers / Decompilers • IDA Pro • Hopper • otool
  27. 27. Hopper
  28. 28. Hopper
  29. 29. Hopper
  30. 30. Tweak 1.Locate executable 2.class-dump headers 3.Find target view(controller) using Cycript 4.Find target method for monitoring 5.Trace method for hooking using disassembler 6.Write Tweak (using Theos)
  31. 31. Think first 1.No credentials in plists 2.No NSLog in release 3.Use Keychain 4.Be careful with view snapshots 5.No Objective-C in security code 6.Use SSL pinning
  32. 32. SSL Pinning
  33. 33. Jailbreak detection 1.Verify Root 2.File access 3.Cydia/OpenSSH detect 4.Process fork
  34. 34. Make disassembling harder 1.Use C functions 2.Use #define 3.inline methods 4.string obfuscation 5.decoding tables 6.deny attach 7.integrity checks 8.ASLR
  35. 35. PT_DENY_ATTACH
  36. 36. Reverse Swift Apps
  37. 37. Thank you ! @complexityclass

×