Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

iOS Internals Part -2

689 views

Published on

Using Cycript for runtime hooking , bypassing locks , making changes to SpringBoard and security analysis

Published in: Engineering
  • Login to see the comments

  • Be the first to like this

iOS Internals Part -2

  1. 1. iOS INTERNALS Part -2
  2. 2. @whoami ● Anto Joseph ● Works @ Citrix ● Does Security Research on Mobile / iOT and anything Interesting ● Speaker / Trainer @ HITB , HIP , NullCon, g0s, c0c0n, x0rconf etc ● Loves Music ( in my other life , i have been a DJ ) / Food / Bikes etc
  3. 3. iOS 101 ● Objective C runtime ● Can be written in Objective C / Swift / Native Code ● CodeSigning is important ● Apps are zip file containers containing resources( images / plits) and the binary ● Binary if coming from apple has to be decrypted - use cluth / dump decrypted ● Use class-dump to find out the classes/ methods ● Use cycript to call those methods
  4. 4. Dynamic Analysis ● URl Schemes - Ios way of doing IPC ● Clipboard - - Ios way of doing IPC ● Network - SSL Trust Killer 2 ● Binary Analysis - Hopper / IDa
  5. 5. Enter Cycript Cycript allows developers to explore and modify running applications on either iOS or Mac OS X using a hybrid of Objective-C++ and JavaScript syntax through an interactive console that features syntax highlighting and tab completion.
  6. 6. cy# - commands ● Find all classes ○ cy# ObjectiveC.classes ● Get Instance of a class ○ cy# var blah = new Instance(0x123456) ● Call Methods ○ cy# [classname method_name: arguments] ● Find a class in memory ○ cy# choose(ClassName)
  7. 7. Demo Time ● Bypassing A Lock ● Making Changes to the SpringBoard
  8. 8. Thanks

×