This document provides an overview of analyzing iOS apps, including jailbreaking mobile devices. It discusses iOS security features like code signing and sandboxing. It explains how to set up a test environment for analyzing apps by jailbreaking a device and using Unix tools. Key files like property lists and databases that can be explored are also outlined.
For a college class: Hacking Mobile Devices at CCSF
Based on "The Mobile Application Hacker's Handbook 1st Edition", by Dominic Chell
Instructor: Sam Bowne
More info: https://samsclass.info/128/128_S19.shtml
Pentesting iPhone Applications - It mainly focuses on the techniques and the tools that will help security testers while assessing the security of iPhone applications.
Fore more info visit - http://www.securitylearn.net
Attacking and Defending Apple iOS DevicesTom Eston
IT loves to use Apple iPhones and iPads, but hates supporting them. For most environments, they represent the exception, and are not subject to standard corporate controls. The reason the exception is allowed is usually the fact that the CEO bought an iPhone and iPad the day they were released, and then quickly filled them with sensitive corporate data. With their portability and popularity, it is only a matter of time before one of these devices ends up missing. How worried should you be? This presentation will cover the latest real-world attack techniques for compromising Apple’s iOS devices, introduce a new assessment methodology that can be used by penetration testers, and discuss the latest defensive techniques for securely deploying iOS devices within your enterprise.
For a college class: Hacking Mobile Devices at CCSF
Based on "The Mobile Application Hacker's Handbook 1st Edition", by Dominic Chell
Instructor: Sam Bowne
More info: https://samsclass.info/128/128_S19.shtml
Pentesting iPhone Applications - It mainly focuses on the techniques and the tools that will help security testers while assessing the security of iPhone applications.
Fore more info visit - http://www.securitylearn.net
Attacking and Defending Apple iOS DevicesTom Eston
IT loves to use Apple iPhones and iPads, but hates supporting them. For most environments, they represent the exception, and are not subject to standard corporate controls. The reason the exception is allowed is usually the fact that the CEO bought an iPhone and iPad the day they were released, and then quickly filled them with sensitive corporate data. With their portability and popularity, it is only a matter of time before one of these devices ends up missing. How worried should you be? This presentation will cover the latest real-world attack techniques for compromising Apple’s iOS devices, introduce a new assessment methodology that can be used by penetration testers, and discuss the latest defensive techniques for securely deploying iOS devices within your enterprise.
This slide briefs about various tools & techniques used to extract unprotected data from iOS apps. You can extract resource files, database files, get data in runtime using various methods. In my next slides I will brief about the ways to secure your iOS apps.
For a college class: Hacking Mobile Devices at CCSF
Based on "The Mobile Application Hacker's Handbook 1st Edition", by Dominic Chell
Instructor: Sam Bowne
More info: https://samsclass.info/128/128_S19.shtml
How iOS and Android Handle Security WebinarDenim Group
This webinar takes a technical look at mobile security in iOS and Android and how each of the platforms handle security differently. During the webinar, Dan will cover numerous mobile security topics including mobile secure development, defeating platform environment restrictions and their respective permission models and how to protect network communications.
The 60-minute webinar will provide actionable information to help build a more secure mobile application development program with time for questions.
For a college class: Hacking Mobile Devices at CCSF
Based on "The Mobile Application Hacker's Handbook 1st Edition", by Dominic Chell
Instructor: Sam Bowne
More info: https://samsclass.info/128/128_S19.shtml
Beyond the 'cript practical i os reverse engineering lasconNino Ho
The aim of this talk is to build a bridge between the mundane methodologies and vulnerabilities that everyone can find (and that are now being defended against), and a new approach that finds additional bugs that require assembly knowledge to discover.
The talk looks at the fundamentals of reversing, a primer on iOS architecture, binary patching, reversing MACH-0 binaries, and ends with some real-world examples involving bypassing jailbreak detection.
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
This slide briefs about various tools & techniques used to extract unprotected data from iOS apps. You can extract resource files, database files, get data in runtime using various methods. In my next slides I will brief about the ways to secure your iOS apps.
For a college class: Hacking Mobile Devices at CCSF
Based on "The Mobile Application Hacker's Handbook 1st Edition", by Dominic Chell
Instructor: Sam Bowne
More info: https://samsclass.info/128/128_S19.shtml
How iOS and Android Handle Security WebinarDenim Group
This webinar takes a technical look at mobile security in iOS and Android and how each of the platforms handle security differently. During the webinar, Dan will cover numerous mobile security topics including mobile secure development, defeating platform environment restrictions and their respective permission models and how to protect network communications.
The 60-minute webinar will provide actionable information to help build a more secure mobile application development program with time for questions.
For a college class: Hacking Mobile Devices at CCSF
Based on "The Mobile Application Hacker's Handbook 1st Edition", by Dominic Chell
Instructor: Sam Bowne
More info: https://samsclass.info/128/128_S19.shtml
Beyond the 'cript practical i os reverse engineering lasconNino Ho
The aim of this talk is to build a bridge between the mundane methodologies and vulnerabilities that everyone can find (and that are now being defended against), and a new approach that finds additional bugs that require assembly knowledge to discover.
The talk looks at the fundamentals of reversing, a primer on iOS architecture, binary patching, reversing MACH-0 binaries, and ends with some real-world examples involving bypassing jailbreak detection.
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
We all have good and bad thoughts from time to time and situation to situation. We are bombarded daily with spiraling thoughts(both negative and positive) creating all-consuming feel , making us difficult to manage with associated suffering. Good thoughts are like our Mob Signal (Positive thought) amidst noise(negative thought) in the atmosphere. Negative thoughts like noise outweigh positive thoughts. These thoughts often create unwanted confusion, trouble, stress and frustration in our mind as well as chaos in our physical world. Negative thoughts are also known as “distorted thinking”.
6. Initializing iOS with
Secure Boot Chain
• Initializing and loading
fi
rmware
• Each step is cryptographically signed and
veri
fi
ed
7. Secure Boot Chain
• Boot ROM
• Read-only portion of the processor
• Contains public key for Apple's CA
• Used to verify next step: the LLB
8. Secure Boot Chain
• LLB (Low-Level Bootloader)
• Finds the iBoot image (second stage boot loader)
in
fl
ash memory
• Veri
fi
es its signature
• If signature check fails, boots into recovery mode
9. Secure Boot Chain
• iBoot
• Veri
fi
es and loads the iOS kernel
• iOS Kernel
• Loads usermode environment and OS
10. Secure Enclave
• Secure coprocessor shipped with all
modern iPhones and iPads
• Since iPhone 5s
• Handles cryptography on device
• Key management for
• Data Protection API
• Touch ID
fi
ngerprint data
11. Secure Enclave
• A customized version of ARM TrustZone
• Partitions itself from main processor
• Provides data integrity even if kernel is
compromised
• Even if device is jailbroken
• Secrets cannot be extracted
• Such as
fi
ngerprint data
12. Cachegrab
• Released in Dec. 2017
• Kernel code can deduce some information
about contents of the Secure Enclave
• Because it shares cache memory with
kernel processes
• Link Ch 2a
13. Restricting Application
Processes with Code Signing
• Validates signatures each time an app is
executed
• Only code signed with a trusted signature
can run
• Developers can install trusted certi
fi
cates
• In a provisioning pro
fi
le signed by Apple
14. App Store
• Production apps must be signed by Apple
• After submitting them to the App Store
• Apple bans risky activities
• Private APIs
• Apps that download and install executable
code
• To prevent apps from upgrading themselves
15. Isolating Apps with
Process-Level Sandboxing
• All third-party apps run in a sandbox
• Isolated from one another and from OS
• All apps run as the same mobile system user
• Each app is contained in its unique
directory
• Separation maintained by the XNU
Sandbox kernel extension
17. Permissions
• Since iOS 7, app needs permission from
user to access
• Media
• Microphone
• Address book
18. Protecting Information with
Data-at-Rest Encryption
• All
fi
le system data encrypted with AES
• Filesystem key generated on
fi
rst boot
• Stored on block 1 of NAND
fl
ash storage
• Device decrypts
fi
lesystem on bootup
• Filesystem is only encrypted at rest
• Remote wipe erases the key
19. Data Protection API
• Can encrypt individual
fi
les and keychain
items
• Key derived from passcode
• Encrypted items are inaccessible when
device is locked
21. Write or Execute (W^X)
• Memory pages cannot be both writable and
executable at the same time
• Implemented with ARM's Execute Never
(XN) feature
• Pages marked as writable cannot be later
reverted to executable
• Similar to Data Execution Protection (DEP)
in Windows, Linux, and Mac OS X
23. ASLR
• Address Space Layout Randomization
• Code location randomized
• Attacker cannot
fi
nd the injected code to
run it
• Makes ROP chains more di
ffi
cult to use
24. ASLR Weaknesses
• Before iOS 5, dynamic linker was not relocated
• Memory disclosure bugs
• Can be used to improve exploits
• Apps compiled with PIE (Position Independent
Execution) can use full ASLR
• All memory regions randomized
• Other apps put base binary and dynamic linker
at a
fi
xed address
25. Stack Smashing
• Uses stack canaries
• Pseudorandom values on stack
• Bu
ff
er over
fl
ow attacks overwrite the
canary values
• And terminate the app
27. Three Groups of Apps
• Standard native apps
• Browser-based apps
• Hybrid apps
28. Standard Native Apps
• Most common type
• Written in Objective-C or Swift
• Compiled to native code
• Linked against iOS SDK and Cocoa Touch
frameworks
29. Browser-Based Apps
• Render in iOS web views
• Loaded via mobileSafari
• Use HTML, JavaScript, and CSS
• Secure them like Web apps
30. Hybrid Apps
• Deployed with a native wrapper
• Used to display browser-based apps
• Mobile Enterprise App Platform deployment
31. Distribution of iOS Apps
• App Store
• Need an Apple Developer account
• Apps signed with a developer certi
fi
cate
can run on up to 100 iOS devices for
testing
• App store approval has manual and
automated tests
• Blocks malicious apps
32. Distribution of iOS Apps
• Enterprise Distribution
• Organizations can develop and distribute
custom apps in-house
• Apps signed with enterprise developer
certi
fi
cate can run on any number of devices
• Apple screens developers entering this
program
• Must have a legitimate business and a Dun
and Bradsheet number
33. Abuse of Certi
fi
cates
• An expired enterprise developer certi
fi
cate
was used
• By changing system date back to the past
• To run a Game Boy advanced emulator
• For Pangu jailbreak
34. App Structure
• IPA archive is a Zip archive containing
• Payload
• Payload/Application.app
• Data, compiled code, and resources
• iTunesArtwork
• Icon
• iTunesMetadata.plist
• Developer's name, copyright info
35. App Permissions
• Before iOS 6, every app in the App Store
had access to
• Contact, photos, other sensitive data
36. Data Classes in iOS 6
• Location services
• Contacts
• Calendar
• Photos
• Reminders
• Microphone access
• Motion activity
• Bluetooth access
• Social media data
39. iOS 8 Location Information
• Three possible values: app is
• Never allowed access to location
information
• Allowed access only while the app is in
the foreground and in use
• Always allowed access to location
information
41. Reasons for Jailbreaking
• Get apps from unauthorized marketplaces
like Cydia
• Piracy
• Access to restricted functions like tethering
42. Risks
• Weakens security of OS
• Allow unsigned code to run
• Most iOS malware only runs on jailbroken
phones
• iKee -
fi
rst iPhone worm, rickrolled
phones using default password
• iKee.B - Botted phones, phished Dutch
users
43. • Chinese origin
• Only on jailbroken
phones
• Hooked functions to steal
AppleID and password
44. Types of Jailbreaks
• Untethered - persists across reboots
• Tethered - requires a computer to start the
phone; otherwise you get Recovery Mode
• Semi-tethered - requires a computer to
start into jailbroken state, booting without
the computer ends up in non-jailbroken
state
45. Jailbreakme v3 Saffron
• Simply visit a Web site hosting a PDF
fi
le
• Works for iOS before 4.3.4
• Uses:
• Integer signedness issue to gain code
execution
• ROP payload
• Type confusion vulnerability
46. evasi0n Jailbreak
• Worked for iOS 6.0 - 6.1.2
• No memory corruption
• Used bypasses and logic bugs
• Lockdownd service allowed
fi
le
permissions to be changed
• USB driver allowed arbitrary functions to
be called
48. Accessing the Phone
• After jailbreaking
• Install OpenSSH in Cydia
• Connect via Wi-Fi or USB
• Default credentials are
• mobile / alpine
• root / alpine
49. Toolkit
• Cydia -- open app store
• BigBoss Recommended Tools
• Command-line UNIX tools
• Including apt
50. Apple's CC Tools
• Tools to parse, assemble, and link Mach-O
binaries
• File format for iOS and OSX apps
• Part of the iOS and OS X development
toolchain
• Run on OS X or Linux
51. • otool
• Object
fi
le-displaying tool
• All-purpose tool for Mach-O binary analysis
• Reveals class and method names
• Lists libraries, symbols
• Shows header information and load
commands
Apple's CC Tools
52. • nm
• Displays symbol table of a binary or
object
fi
le
• lipo
• Can combine or remove architecture
types from an app
Apple's CC Tools
53. Debuggers
• gdb
• Cydia's version doesn't work well on
modern iOS versions
• Radare's version is better
54. Code Signing
• codesign
• Apple's binary-signing tool
• Can also display signatures
• ldid
• Saurik's code-signer
55. Installipa
• Normal app installation uses installd
service
• Veri
fi
es code signature
• ipainstaller
• Can install unsigned apps on jailbroken
devices
56. Exploring the Filesystem
• Jailbroken devices allow full access
• Unjailbroken devices allow access to
portions of the
fi
lesystem, including
• Sandboxed area where apps are installed
• Must pair to a computer over USB
fi
rst
• Use apps like iExplorer or iFunBox