SlideShare une entreprise Scribd logo

iOS Dynamic Library Code Injection - 23 Nov 2016

Kenneth Poon
Kenneth Poon

How to perform iOS Code Injection on your favourite iOS App. The slides will show you the tools you need to mod iOS .ipa files. This presentation was featured on https://www.meetup.com/Singapore-iOS-Dev-Scout-Meetup/events/235120178/ Check out the presentation video to view the steps we took to mod the PokemonGo App. Demo Codes are found here https://github.com/depoon/iOSDylibInjectionDemo

Logiciels
1  sur  15
Télécharger pour lire hors ligne
Image from http://dyci.github.io/ iOS Dynamic Library Injection - Kenneth Poon
•Technical Lead iOS Engineer @ PropertyGuru •Agile, Xtreme Programming, Tests •XCUITest+Gherkin (July 2016)
Agenda • Short story of me engaging in PokemonGo
 • Game plan for creating iOS Mod Apps
 • Demo of Code Injection
Trying to beat the game 6 Aug 2016 - 9 am Discovered PokemonGo is live
 - 12 pm Started Location Spoofing A Week Later - Built my own location spoof Mac App
 - Integration Go Radar Api
 - Requires Direct XCode-Device Wired Connection
Trying to beat the game
How to install this PokemonGo Mod? http://pokemongohacks.me/
How to install this PokemonGo Mod? 
 
 Mod Ipa 
 
 Cydia Impactor • Cydia Impactor is a tool that resigns and install apps onto devices
 • Works with non-jailbroken devices
 • Downloadable at http://www.cydiaimpactor.com/ Apple Dev Account 
 
 Non-JB
How to install this PokemonGo Mod? DEMO
Hmmm Whats That?
Concepts - Code Injection Investigative To Introduce Behaviour Change • Code Injection Attacks Examples
 - SQL Injection / XML Injection
 - HTML Script / Command Injection
Concepts - Dynamic Library / Binary • XCode compiles Apps statically • Highlights Compilation Errors for codes in project that cannot be statically linked • During Build Phase, Xcode links project with external binaries and perform necessary checks. • However at packaging phase, Xcode does not guarantee all dependencies will be available during run time dyld: Library not loaded: @rpath/libswift_stdlib_core.dylib
Concepts - Dynamic Library / Binary
Concepts - Dynamic Library / Binary • Static Library - a unit of code linked at compile time. [Cant use this]
 • Dynamic library - a unit of code and/or assets linked at runtime that may change
 [We can use this]
 • Load Dylib command needs to be executed on the .ipa package before the final package/signing of the app

 
 Non-JB Game plan for creating iOS Mod Apps 
 
 Cydia Impactor Apple Dev Account 
 
 Original Ipa 
 
 
 Custom Dylib 
 
 Patched Ipa 
 
 Patched Ipa + Patching You may need to download cracked from 3rd Party content providers like www.iphonecake.com
Dynamic Library Injection DEMO https://github.com/depoon/iOSDylibInjectionDemo

Recommandé

iOS Automation: XCUITest + Gherkin
iOS Automation: XCUITest + GherkiniOS Automation: XCUITest + Gherkin
iOS Automation: XCUITest + GherkinKenneth Poon
 
PropertyGuru is Hiring. iOS / Android Engineer (Bangkok, Thailand)
PropertyGuru is Hiring. iOS / Android Engineer (Bangkok, Thailand)PropertyGuru is Hiring. iOS / Android Engineer (Bangkok, Thailand)
PropertyGuru is Hiring. iOS / Android Engineer (Bangkok, Thailand)Kenneth Poon
 
iOS UI Testing in Xcode
iOS UI Testing in XcodeiOS UI Testing in Xcode
iOS UI Testing in XcodeJz Chang
 
Page Object in XCUITest
Page Object in XCUITestPage Object in XCUITest
Page Object in XCUITestJz Chang
 
Getting Started with XCTest and XCUITest for iOS App Testing
Getting Started with XCTest and XCUITest for iOS App TestingGetting Started with XCTest and XCUITest for iOS App Testing
Getting Started with XCTest and XCUITest for iOS App TestingBitbar
 
Code injectiontool
Code injectiontoolCode injectiontool
Code injectiontoolShunsuke Araki
 
How to Build a Compelling Apple Watch App/Complication
How to Build a Compelling Apple Watch App/ComplicationHow to Build a Compelling Apple Watch App/Complication
How to Build a Compelling Apple Watch App/ComplicationKristina Fox
 
Advanced Project 1: Heart Bleed
Advanced Project 1: Heart BleedAdvanced Project 1: Heart Bleed
Advanced Project 1: Heart BleedKenneth Poon
 

Recommandé

iOS Automation: XCUITest + Gherkin
iOS Automation: XCUITest + GherkiniOS Automation: XCUITest + Gherkin
iOS Automation: XCUITest + GherkinKenneth Poon
 
PropertyGuru is Hiring. iOS / Android Engineer (Bangkok, Thailand)
PropertyGuru is Hiring. iOS / Android Engineer (Bangkok, Thailand)PropertyGuru is Hiring. iOS / Android Engineer (Bangkok, Thailand)
PropertyGuru is Hiring. iOS / Android Engineer (Bangkok, Thailand)Kenneth Poon
 
iOS UI Testing in Xcode
iOS UI Testing in XcodeiOS UI Testing in Xcode
iOS UI Testing in XcodeJz Chang
 
Page Object in XCUITest
Page Object in XCUITestPage Object in XCUITest
Page Object in XCUITestJz Chang
 
Getting Started with XCTest and XCUITest for iOS App Testing
Getting Started with XCTest and XCUITest for iOS App TestingGetting Started with XCTest and XCUITest for iOS App Testing
Getting Started with XCTest and XCUITest for iOS App TestingBitbar
 
Code injectiontool
Code injectiontoolCode injectiontool
Code injectiontoolShunsuke Araki
 
How to Build a Compelling Apple Watch App/Complication
How to Build a Compelling Apple Watch App/ComplicationHow to Build a Compelling Apple Watch App/Complication
How to Build a Compelling Apple Watch App/ComplicationKristina Fox
 
Advanced Project 1: Heart Bleed
Advanced Project 1: Heart BleedAdvanced Project 1: Heart Bleed
Advanced Project 1: Heart BleedKenneth Poon
 
CNY Distribution of Oranges, Uplifting the spirit [@TPCTMC]
CNY Distribution of Oranges, Uplifting the spirit [@TPCTMC]CNY Distribution of Oranges, Uplifting the spirit [@TPCTMC]
CNY Distribution of Oranges, Uplifting the spirit [@TPCTMC]Kenneth Poon
 
Sunrise pc support heart bleed scam alert
Sunrise pc support heart bleed scam alertSunrise pc support heart bleed scam alert
Sunrise pc support heart bleed scam alertjimforner
 
iOS UIAutomation
iOS UIAutomation iOS UIAutomation
iOS UIAutomation Jz Chang
 
Automated Xcode 7 UI Testing
Automated Xcode 7 UI TestingAutomated Xcode 7 UI Testing
Automated Xcode 7 UI TestingJouni Miettunen
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Subhransu Behera
 
iOS Test-Driven Development
iOS Test-Driven DevelopmentiOS Test-Driven Development
iOS Test-Driven DevelopmentPablo Villar
 
Apple iOS
Apple iOSApple iOS
Apple iOSChetan Gowda
 
CrikeyCon 2015 - iOS Runtime Hacking Crash Course
CrikeyCon 2015 - iOS Runtime Hacking Crash CourseCrikeyCon 2015 - iOS Runtime Hacking Crash Course
CrikeyCon 2015 - iOS Runtime Hacking Crash Courseeightbit
 
BuzzFeed Pitch Deck
BuzzFeed Pitch DeckBuzzFeed Pitch Deck
BuzzFeed Pitch DeckTech in Asia ID
 
Contently Pitch Deck
Contently Pitch DeckContently Pitch Deck
Contently Pitch DeckRyan Gum
 
Pendo Series B Investor Deck External
Pendo Series B Investor Deck ExternalPendo Series B Investor Deck External
Pendo Series B Investor Deck ExternalTodd Olson
 
Tinder Pitch Deck
Tinder Pitch DeckTinder Pitch Deck
Tinder Pitch DeckRyan Gum
 
Airbnb Pitch Deck From 2008
Airbnb Pitch Deck From 2008Airbnb Pitch Deck From 2008
Airbnb Pitch Deck From 2008Ryan Gum
 
Intercom's first pitch deck!
Intercom's first pitch deck!Intercom's first pitch deck!
Intercom's first pitch deck!Eoghan McCabe
 
Front series A deck
Front series A deckFront series A deck
Front series A deckMathilde Collin
 
Mattermark 2nd (Final) Series A Deck
Mattermark 2nd (Final) Series A DeckMattermark 2nd (Final) Series A Deck
Mattermark 2nd (Final) Series A DeckDanielle Morrill
 
The investor presentation we used to raise 2 million dollars
The investor presentation we used to raise 2 million dollarsThe investor presentation we used to raise 2 million dollars
The investor presentation we used to raise 2 million dollarsMikael Cho
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveCall Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 

Contenu connexe

En vedette

CNY Distribution of Oranges, Uplifting the spirit [@TPCTMC]
CNY Distribution of Oranges, Uplifting the spirit [@TPCTMC]CNY Distribution of Oranges, Uplifting the spirit [@TPCTMC]
CNY Distribution of Oranges, Uplifting the spirit [@TPCTMC]Kenneth Poon
 
Sunrise pc support heart bleed scam alert
Sunrise pc support heart bleed scam alertSunrise pc support heart bleed scam alert
Sunrise pc support heart bleed scam alertjimforner
 
iOS UIAutomation
iOS UIAutomation iOS UIAutomation
iOS UIAutomation Jz Chang
 
Automated Xcode 7 UI Testing
Automated Xcode 7 UI TestingAutomated Xcode 7 UI Testing
Automated Xcode 7 UI TestingJouni Miettunen
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Subhransu Behera
 
iOS Test-Driven Development
iOS Test-Driven DevelopmentiOS Test-Driven Development
iOS Test-Driven DevelopmentPablo Villar
 
CrikeyCon 2015 - iOS Runtime Hacking Crash Course
CrikeyCon 2015 - iOS Runtime Hacking Crash CourseCrikeyCon 2015 - iOS Runtime Hacking Crash Course
CrikeyCon 2015 - iOS Runtime Hacking Crash Courseeightbit
 
Contently Pitch Deck
Contently Pitch DeckContently Pitch Deck
Contently Pitch DeckRyan Gum
 
Pendo Series B Investor Deck External
Pendo Series B Investor Deck ExternalPendo Series B Investor Deck External
Pendo Series B Investor Deck ExternalTodd Olson
 
Tinder Pitch Deck
Tinder Pitch DeckTinder Pitch Deck
Tinder Pitch DeckRyan Gum
 
Airbnb Pitch Deck From 2008
Airbnb Pitch Deck From 2008Airbnb Pitch Deck From 2008
Airbnb Pitch Deck From 2008Ryan Gum
 
Intercom's first pitch deck!
Intercom's first pitch deck!Intercom's first pitch deck!
Intercom's first pitch deck!Eoghan McCabe
 
Mattermark 2nd (Final) Series A Deck
Mattermark 2nd (Final) Series A DeckMattermark 2nd (Final) Series A Deck
Mattermark 2nd (Final) Series A DeckDanielle Morrill
 
The investor presentation we used to raise 2 million dollars
The investor presentation we used to raise 2 million dollarsThe investor presentation we used to raise 2 million dollars
The investor presentation we used to raise 2 million dollarsMikael Cho
 

En vedette (17)

CNY Distribution of Oranges, Uplifting the spirit [@TPCTMC]
CNY Distribution of Oranges, Uplifting the spirit [@TPCTMC]CNY Distribution of Oranges, Uplifting the spirit [@TPCTMC]
CNY Distribution of Oranges, Uplifting the spirit [@TPCTMC]
 
Sunrise pc support heart bleed scam alert
Sunrise pc support heart bleed scam alertSunrise pc support heart bleed scam alert
Sunrise pc support heart bleed scam alert
 
iOS UIAutomation
iOS UIAutomation iOS UIAutomation
iOS UIAutomation
 
Automated Xcode 7 UI Testing
Automated Xcode 7 UI TestingAutomated Xcode 7 UI Testing
Automated Xcode 7 UI Testing
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1
 
iOS Test-Driven Development
iOS Test-Driven DevelopmentiOS Test-Driven Development
iOS Test-Driven Development
 
Apple iOS
Apple iOSApple iOS
Apple iOS
 
CrikeyCon 2015 - iOS Runtime Hacking Crash Course
CrikeyCon 2015 - iOS Runtime Hacking Crash CourseCrikeyCon 2015 - iOS Runtime Hacking Crash Course
CrikeyCon 2015 - iOS Runtime Hacking Crash Course
 
BuzzFeed Pitch Deck
BuzzFeed Pitch DeckBuzzFeed Pitch Deck
BuzzFeed Pitch Deck
 
Contently Pitch Deck
Contently Pitch DeckContently Pitch Deck
Contently Pitch Deck
 
Pendo Series B Investor Deck External
Pendo Series B Investor Deck ExternalPendo Series B Investor Deck External
Pendo Series B Investor Deck External
 
Tinder Pitch Deck
Tinder Pitch DeckTinder Pitch Deck
Tinder Pitch Deck
 
Airbnb Pitch Deck From 2008
Airbnb Pitch Deck From 2008Airbnb Pitch Deck From 2008
Airbnb Pitch Deck From 2008
 
Intercom's first pitch deck!
Intercom's first pitch deck!Intercom's first pitch deck!
Intercom's first pitch deck!
 
Front series A deck
Front series A deckFront series A deck
Front series A deck
 
Mattermark 2nd (Final) Series A Deck
Mattermark 2nd (Final) Series A DeckMattermark 2nd (Final) Series A Deck
Mattermark 2nd (Final) Series A Deck
 
The investor presentation we used to raise 2 million dollars
The investor presentation we used to raise 2 million dollarsThe investor presentation we used to raise 2 million dollars
The investor presentation we used to raise 2 million dollars
 

Dernier

Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 

Dernier (20)

Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 

iOS Dynamic Library Code Injection - 23 Nov 2016

  • 1. Image from http://dyci.github.io/ iOS Dynamic Library Injection - Kenneth Poon
  • 2. •Technical Lead iOS Engineer @ PropertyGuru •Agile, Xtreme Programming, Tests •XCUITest+Gherkin (July 2016)
  • 3. Agenda • Short story of me engaging in PokemonGo
 • Game plan for creating iOS Mod Apps
 • Demo of Code Injection
  • 4. Trying to beat the game 6 Aug 2016 - 9 am Discovered PokemonGo is live
 - 12 pm Started Location Spoofing A Week Later - Built my own location spoof Mac App
 - Integration Go Radar Api
 - Requires Direct XCode-Device Wired Connection
  • 5. Trying to beat the game
  • 6. How to install this PokemonGo Mod? http://pokemongohacks.me/
  • 7. How to install this PokemonGo Mod? 
 
 Mod Ipa 
 
 Cydia Impactor • Cydia Impactor is a tool that resigns and install apps onto devices
 • Works with non-jailbroken devices
 • Downloadable at http://www.cydiaimpactor.com/ Apple Dev Account 
 
 Non-JB
  • 8. How to install this PokemonGo Mod? DEMO
  • 10. Concepts - Code Injection Investigative To Introduce Behaviour Change • Code Injection Attacks Examples
 - SQL Injection / XML Injection
 - HTML Script / Command Injection
  • 11. Concepts - Dynamic Library / Binary • XCode compiles Apps statically • Highlights Compilation Errors for codes in project that cannot be statically linked • During Build Phase, Xcode links project with external binaries and perform necessary checks. • However at packaging phase, Xcode does not guarantee all dependencies will be available during run time dyld: Library not loaded: @rpath/libswift_stdlib_core.dylib
  • 12. Concepts - Dynamic Library / Binary
  • 13. Concepts - Dynamic Library / Binary • Static Library - a unit of code linked at compile time. [Cant use this]
 • Dynamic library - a unit of code and/or assets linked at runtime that may change
 [We can use this]
 • Load Dylib command needs to be executed on the .ipa package before the final package/signing of the app
  • 14. 
 
 Non-JB Game plan for creating iOS Mod Apps 
 
 Cydia Impactor Apple Dev Account 
 
 Original Ipa 
 
 
 Custom Dylib 
 
 Patched Ipa 
 
 Patched Ipa + Patching You may need to download cracked from 3rd Party content providers like www.iphonecake.com