SlideShare une entreprise Scribd logo
1  sur  15
Télécharger pour lire hors ligne
BREAKING IOS APPS WITH
CYCRIPT
Satish Bommisetty
Agenda
¨  Objective	
  C	
  Basics	
  
¨  iOS	
  App	
  Architecture	
  
¨  Decrypting	
  iOS	
  Apps	
  
¨  Breaking	
  apps	
  with	
  Cycript	
  
Native iOS Applications
¨  Objective	
  C	
  code	
  
¨  Developed	
  in	
  Xcode	
  
Objective C Basics
¨  Objective	
  C	
  lies	
  on	
  top	
  of	
  the	
  C	
  language	
  
¨  Interface	
  @ile	
  (.h)	
  
@interface	
  Car	
  :	
  NSObject	
  {	
  	
  	
  
@loat	
  @illLevel;	
  	
  }	
  	
  	
  
-­‐	
  (void)addGas;	
  	
  	
  
@end	
  	
  	
  
¨  Implementation	
  @ile	
  (.m)	
  
@implementation	
  Car	
  	
  	
  
-­‐(void)	
  addGas	
  {	
  	
  }	
  	
  	
  
@end	
  	
  	
  
Objective C Basics
¨  Methods	
  –	
  pass	
  messages	
  
¨  C++	
  
¤  Object-­‐>Method(param1,param2)	
  
¨  Objective-­‐C	
  
¤  [Object	
  method:param1	
  param2name:param2]	
  
iOS App Architecture
¨  iOS	
  App	
  
iOS App Architecture
¨  Mach-­‐O	
  format	
  
¤  Header	
  
n  Target	
  Architecture	
  
¤  Load	
  commands	
  
n  Location	
  of	
  symbol	
  table	
  
n  Shared	
  Libraries	
  
¤  Data	
  
n  Organized	
  in	
  Segments	
  
iOS App Architecture
¨  Header	
  can	
  be	
  viewed	
  using	
  otool	
  
¤  Otool	
  –h	
  Binary	
  
¤  Cpu	
  type	
  12/6	
  =	
  ARM	
  6	
  
¤  Cpu	
  type	
  12/9	
  =	
  ARM	
  7	
  
iOS App Architecture
¨  Load	
  can	
  be	
  viewed	
  using	
  otool	
  
¤  Otool	
  –l	
  Binary	
  
Decrypting iOS Apps
¨  AppStore	
  binaries	
  are	
  encrypted	
  
¤  Protects	
  from	
  piracy	
  
¤  Similar	
  to	
  Fairplay	
  DRM	
  used	
  on	
  iTunes	
  music	
  
¨  Self	
  distributed	
  Apps	
  are	
  not	
  encrypted	
  
¨  Loader	
  decrypts	
  the	
  apps	
  when	
  loaded	
  into	
  memory	
  
¨  Debugger	
  can	
  be	
  used	
  to	
  dump	
  the	
  decrypted	
  app	
  from	
  memory	
  
¨  Tools	
  are	
  available:	
  Craculous,	
  Clutch,	
  Installous	
  
Cycript
¨  Combination	
  of	
  JavaScript	
  and	
  Objective-­‐C	
  interpreter	
  
¨  App	
  runtime	
  can	
  be	
  easily	
  modi@ied	
  using	
  Cycript	
  	
  
¨  Can	
  be	
  hooked	
  to	
  a	
  running	
  process	
  	
  
¨  Gives	
  access	
  to	
  all	
  classes	
  and	
  instance	
  variables	
  within	
  the	
  app	
  
¨  Used	
  for	
  runtime	
  analysis	
  
¤  Bypass	
  security	
  locks	
  
¤  Access	
  sensitive	
  information	
  from	
  memory	
  
¤  Authentication	
  Bypass	
  attacks	
  
¤  Accessing	
  restricted	
  areas	
  of	
  the	
  applications	
  
Class-dump-z
¨  Use	
  class-­‐dump-­‐z	
  on	
  decrypted	
  binary	
  and	
  map	
  the	
  application	
  
¨  Retrieve	
  class	
  declarations	
  
¨  Analyze	
  the	
  class	
  dump	
  output	
  and	
  identify	
  the	
  interesting	
  class	
  
iOS App Execution Flow
¨  iOS	
  app	
  centralized	
  point	
  of	
  control	
  (MVC)	
  –	
  UIApplication	
  class	
  
Breaking iOS Apps
¨  Create	
  object	
  for	
  the	
  class	
  and	
  directly	
  access	
  the	
  instance	
  
variables	
  	
  and	
  invoke	
  methods	
  
¨  Existing	
  methods	
  can	
  be	
  overwritten	
  easily	
  	
  
Breaking iOS Apps using Cycript

Contenu connexe

Tendances

The innerHTML Apocalypse
The innerHTML ApocalypseThe innerHTML Apocalypse
The innerHTML ApocalypseMario Heiderich
 
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.Mikhail Egorov
 
Cross Origin Resource Sharing
Cross Origin Resource SharingCross Origin Resource Sharing
Cross Origin Resource SharingLuke Weerasooriya
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxAnurag Srivastava
 
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedDerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedWill Schroeder
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsJon Todd
 
Windows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahWindows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahOWASP Delhi
 
Angular tutorial
Angular tutorialAngular tutorial
Angular tutorialRohit Gupta
 
Attacking thru HTTP Host header
Attacking thru HTTP Host headerAttacking thru HTTP Host header
Attacking thru HTTP Host headerSergey Belov
 
PHP unserialization vulnerabilities: What are we missing?
PHP unserialization vulnerabilities: What are we missing?PHP unserialization vulnerabilities: What are we missing?
PHP unserialization vulnerabilities: What are we missing?Sam Thomas
 
Derbycon - Passing the Torch
Derbycon - Passing the TorchDerbycon - Passing the Torch
Derbycon - Passing the TorchWill Schroeder
 
Level Up! - Practical Windows Privilege Escalation
Level Up! - Practical Windows Privilege EscalationLevel Up! - Practical Windows Privilege Escalation
Level Up! - Practical Windows Privilege Escalationjakx_
 
Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]RootedCON
 
System Hardening Recommendations_FINAL
System Hardening Recommendations_FINALSystem Hardening Recommendations_FINAL
System Hardening Recommendations_FINALMartin Evans
 
Unrestricted file upload
Unrestricted file uploadUnrestricted file upload
Unrestricted file uploadvikram vashisth
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueWill Schroeder
 

Tendances (20)

Secure coding in C#
Secure coding in C#Secure coding in C#
Secure coding in C#
 
The innerHTML Apocalypse
The innerHTML ApocalypseThe innerHTML Apocalypse
The innerHTML Apocalypse
 
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.
 
Cross Origin Resource Sharing
Cross Origin Resource SharingCross Origin Resource Sharing
Cross Origin Resource Sharing
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptx
 
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedDerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting Revisited
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
 
Windows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahWindows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv Shah
 
Angular tutorial
Angular tutorialAngular tutorial
Angular tutorial
 
Attacking thru HTTP Host header
Attacking thru HTTP Host headerAttacking thru HTTP Host header
Attacking thru HTTP Host header
 
Frans Rosén Keynote at BSides Ahmedabad
Frans Rosén Keynote at BSides AhmedabadFrans Rosén Keynote at BSides Ahmedabad
Frans Rosén Keynote at BSides Ahmedabad
 
Json Web Token - JWT
Json Web Token - JWTJson Web Token - JWT
Json Web Token - JWT
 
PHP unserialization vulnerabilities: What are we missing?
PHP unserialization vulnerabilities: What are we missing?PHP unserialization vulnerabilities: What are we missing?
PHP unserialization vulnerabilities: What are we missing?
 
Derbycon - Passing the Torch
Derbycon - Passing the TorchDerbycon - Passing the Torch
Derbycon - Passing the Torch
 
Level Up! - Practical Windows Privilege Escalation
Level Up! - Practical Windows Privilege EscalationLevel Up! - Practical Windows Privilege Escalation
Level Up! - Practical Windows Privilege Escalation
 
Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]
 
System Hardening Recommendations_FINAL
System Hardening Recommendations_FINALSystem Hardening Recommendations_FINAL
System Hardening Recommendations_FINAL
 
Unrestricted file upload
Unrestricted file uploadUnrestricted file upload
Unrestricted file upload
 
Clean code
Clean codeClean code
Clean code
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs Blue
 

En vedette

Reverse Engineering iOS apps
Reverse Engineering iOS appsReverse Engineering iOS apps
Reverse Engineering iOS appsMax Bazaliy
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applicationsjasonhaddix
 
逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCamp
逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCamp逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCamp
逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCampimShining @DevCamp
 
如何创建更加灵活的App | 大众点评 屠毅敏
如何创建更加灵活的App | 大众点评 屠毅敏如何创建更加灵活的App | 大众点评 屠毅敏
如何创建更加灵活的App | 大众点评 屠毅敏imShining @DevCamp
 
iOS app security
iOS app security  iOS app security
iOS app security Hokila Jan
 
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014viaForensics
 
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...Hackito Ergo Sum
 
WebView security on iOS (EN)
WebView security on iOS (EN)WebView security on iOS (EN)
WebView security on iOS (EN)lpilorz
 
iOS App Reverse Engineering
iOS App Reverse EngineeringiOS App Reverse Engineering
iOS App Reverse EngineeringZishe Sha
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation TestJongWon Kim
 
A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”
A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”
A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”Edmund Chattoe-Brown
 
CDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopCDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopPrathan Phongthiproek
 

En vedette (13)

Reverse Engineering iOS apps
Reverse Engineering iOS appsReverse Engineering iOS apps
Reverse Engineering iOS apps
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applications
 
逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCamp
逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCamp逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCamp
逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCamp
 
如何创建更加灵活的App | 大众点评 屠毅敏
如何创建更加灵活的App | 大众点评 屠毅敏如何创建更加灵活的App | 大众点评 屠毅敏
如何创建更加灵活的App | 大众点评 屠毅敏
 
iOS app security
iOS app security  iOS app security
iOS app security
 
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
 
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
 
WebView security on iOS (EN)
WebView security on iOS (EN)WebView security on iOS (EN)
WebView security on iOS (EN)
 
iOS App Reverse Engineering
iOS App Reverse EngineeringiOS App Reverse Engineering
iOS App Reverse Engineering
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation Test
 
A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”
A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”
A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”
 
Ios vs android
Ios vs androidIos vs android
Ios vs android
 
CDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopCDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest Workshop
 

Similaire à Breaking iOS Apps using Cycript

iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersRyanISI
 
iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application SecurityEgor Tolstoy
 
Hacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh MishraHacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh MishraOWASP Delhi
 
[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...
[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...
[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...PROIDEA
 
FRIDA 101 Android
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 AndroidTony Thomas
 
Android Bootcamp
Android   BootcampAndroid   Bootcamp
Android Bootcampahkjsdcsadc
 
Part 2 android application development 101
Part 2 android application development 101Part 2 android application development 101
Part 2 android application development 101Michael Angelo Rivera
 
MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsRon Munitz
 
Xamarin.Mac Introduction
Xamarin.Mac IntroductionXamarin.Mac Introduction
Xamarin.Mac IntroductionMiguel de Icaza
 
Introduction phonegap
Introduction phonegapIntroduction phonegap
Introduction phonegapRakesh Jha
 
Advanced programing in phonegap
Advanced programing in phonegapAdvanced programing in phonegap
Advanced programing in phonegapRakesh Jha
 
Bootstrapping iPhone Development
Bootstrapping iPhone DevelopmentBootstrapping iPhone Development
Bootstrapping iPhone DevelopmentThoughtWorks
 
iOS Client Side Analysis
iOS Client Side AnalysisiOS Client Side Analysis
iOS Client Side AnalysisAadarsh N
 
Ignite your app development with Angular, NativeScript and Firebase
Ignite your app development with Angular, NativeScript and FirebaseIgnite your app development with Angular, NativeScript and Firebase
Ignite your app development with Angular, NativeScript and FirebaseJen Looper
 
What Makes Objective C Dynamic?
What Makes Objective C Dynamic?What Makes Objective C Dynamic?
What Makes Objective C Dynamic?Kyle Oba
 

Similaire à Breaking iOS Apps using Cycript (20)

iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for Beginners
 
iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application Security
 
Hacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh MishraHacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh Mishra
 
iOS Application Exploitation
iOS Application ExploitationiOS Application Exploitation
iOS Application Exploitation
 
[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...
[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...
[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...
 
FRIDA 101 Android
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 Android
 
Android Bootcamp
Android   BootcampAndroid   Bootcamp
Android Bootcamp
 
Part 2 android application development 101
Part 2 android application development 101Part 2 android application development 101
Part 2 android application development 101
 
MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android Apps
 
Xamarin.Mac Introduction
Xamarin.Mac IntroductionXamarin.Mac Introduction
Xamarin.Mac Introduction
 
Introduction phonegap
Introduction phonegapIntroduction phonegap
Introduction phonegap
 
Advanced programing in phonegap
Advanced programing in phonegapAdvanced programing in phonegap
Advanced programing in phonegap
 
Bootstrapping iPhone Development
Bootstrapping iPhone DevelopmentBootstrapping iPhone Development
Bootstrapping iPhone Development
 
Android basics
Android basicsAndroid basics
Android basics
 
iOS Client Side Analysis
iOS Client Side AnalysisiOS Client Side Analysis
iOS Client Side Analysis
 
Intro to appcelerator
Intro to appceleratorIntro to appcelerator
Intro to appcelerator
 
Ignite your app development with Angular, NativeScript and Firebase
Ignite your app development with Angular, NativeScript and FirebaseIgnite your app development with Angular, NativeScript and Firebase
Ignite your app development with Angular, NativeScript and Firebase
 
Typescript++1
Typescript++1Typescript++1
Typescript++1
 
What Makes Objective C Dynamic?
What Makes Objective C Dynamic?What Makes Objective C Dynamic?
What Makes Objective C Dynamic?
 
C Language
C LanguageC Language
C Language
 

Plus de n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Plus de n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Dernier

Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...Dr. Asif Anas
 
Diploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfDiploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfMohonDas
 
A gentle introduction to Artificial Intelligence
A gentle introduction to Artificial IntelligenceA gentle introduction to Artificial Intelligence
A gentle introduction to Artificial IntelligenceApostolos Syropoulos
 
Education and training program in the hospital APR.pptx
Education and training program in the hospital APR.pptxEducation and training program in the hospital APR.pptx
Education and training program in the hospital APR.pptxraviapr7
 
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfMohonDas
 
Quality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICEQuality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICESayali Powar
 
10 Topics For MBA Project Report [HR].pdf
10 Topics For MBA Project Report [HR].pdf10 Topics For MBA Project Report [HR].pdf
10 Topics For MBA Project Report [HR].pdfJayanti Pande
 
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptxAUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptxiammrhaywood
 
Department of Health Compounder Question ‍Solution 2022.pdf
Department of Health Compounder Question ‍Solution 2022.pdfDepartment of Health Compounder Question ‍Solution 2022.pdf
Department of Health Compounder Question ‍Solution 2022.pdfMohonDas
 
How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17Celine George
 
Vani Magazine - Quarterly Magazine of Seshadripuram Educational Trust
Vani Magazine - Quarterly Magazine of Seshadripuram Educational TrustVani Magazine - Quarterly Magazine of Seshadripuram Educational Trust
Vani Magazine - Quarterly Magazine of Seshadripuram Educational TrustSavipriya Raghavendra
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...Nguyen Thanh Tu Collection
 
In - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxIn - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxAditiChauhan701637
 
3.21.24 The Origins of Black Power.pptx
3.21.24  The Origins of Black Power.pptx3.21.24  The Origins of Black Power.pptx
3.21.24 The Origins of Black Power.pptxmary850239
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?TechSoup
 
Work Experience for psp3 portfolio sasha
Work Experience for psp3 portfolio sashaWork Experience for psp3 portfolio sasha
Work Experience for psp3 portfolio sashasashalaycock03
 
Riddhi Kevadiya. WILLIAM SHAKESPEARE....
Riddhi Kevadiya. WILLIAM SHAKESPEARE....Riddhi Kevadiya. WILLIAM SHAKESPEARE....
Riddhi Kevadiya. WILLIAM SHAKESPEARE....Riddhi Kevadiya
 
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINTARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINTDR. SNEHA NAIR
 
Slides CapTechTalks Webinar March 2024 Joshua Sinai.pptx
Slides CapTechTalks Webinar March 2024 Joshua Sinai.pptxSlides CapTechTalks Webinar March 2024 Joshua Sinai.pptx
Slides CapTechTalks Webinar March 2024 Joshua Sinai.pptxCapitolTechU
 
How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesCeline George
 

Dernier (20)

Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
 
Diploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfDiploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdf
 
A gentle introduction to Artificial Intelligence
A gentle introduction to Artificial IntelligenceA gentle introduction to Artificial Intelligence
A gentle introduction to Artificial Intelligence
 
Education and training program in the hospital APR.pptx
Education and training program in the hospital APR.pptxEducation and training program in the hospital APR.pptx
Education and training program in the hospital APR.pptx
 
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdf
 
Quality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICEQuality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICE
 
10 Topics For MBA Project Report [HR].pdf
10 Topics For MBA Project Report [HR].pdf10 Topics For MBA Project Report [HR].pdf
10 Topics For MBA Project Report [HR].pdf
 
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptxAUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
 
Department of Health Compounder Question ‍Solution 2022.pdf
Department of Health Compounder Question ‍Solution 2022.pdfDepartment of Health Compounder Question ‍Solution 2022.pdf
Department of Health Compounder Question ‍Solution 2022.pdf
 
How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17
 
Vani Magazine - Quarterly Magazine of Seshadripuram Educational Trust
Vani Magazine - Quarterly Magazine of Seshadripuram Educational TrustVani Magazine - Quarterly Magazine of Seshadripuram Educational Trust
Vani Magazine - Quarterly Magazine of Seshadripuram Educational Trust
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
 
In - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxIn - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptx
 
3.21.24 The Origins of Black Power.pptx
3.21.24  The Origins of Black Power.pptx3.21.24  The Origins of Black Power.pptx
3.21.24 The Origins of Black Power.pptx
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?
 
Work Experience for psp3 portfolio sasha
Work Experience for psp3 portfolio sashaWork Experience for psp3 portfolio sasha
Work Experience for psp3 portfolio sasha
 
Riddhi Kevadiya. WILLIAM SHAKESPEARE....
Riddhi Kevadiya. WILLIAM SHAKESPEARE....Riddhi Kevadiya. WILLIAM SHAKESPEARE....
Riddhi Kevadiya. WILLIAM SHAKESPEARE....
 
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINTARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
 
Slides CapTechTalks Webinar March 2024 Joshua Sinai.pptx
Slides CapTechTalks Webinar March 2024 Joshua Sinai.pptxSlides CapTechTalks Webinar March 2024 Joshua Sinai.pptx
Slides CapTechTalks Webinar March 2024 Joshua Sinai.pptx
 
How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 Sales
 

Breaking iOS Apps using Cycript

  • 1. BREAKING IOS APPS WITH CYCRIPT Satish Bommisetty
  • 2. Agenda ¨  Objective  C  Basics   ¨  iOS  App  Architecture   ¨  Decrypting  iOS  Apps   ¨  Breaking  apps  with  Cycript  
  • 3. Native iOS Applications ¨  Objective  C  code   ¨  Developed  in  Xcode  
  • 4. Objective C Basics ¨  Objective  C  lies  on  top  of  the  C  language   ¨  Interface  @ile  (.h)   @interface  Car  :  NSObject  {       @loat  @illLevel;    }       -­‐  (void)addGas;       @end       ¨  Implementation  @ile  (.m)   @implementation  Car       -­‐(void)  addGas  {    }       @end      
  • 5. Objective C Basics ¨  Methods  –  pass  messages   ¨  C++   ¤  Object-­‐>Method(param1,param2)   ¨  Objective-­‐C   ¤  [Object  method:param1  param2name:param2]  
  • 7. iOS App Architecture ¨  Mach-­‐O  format   ¤  Header   n  Target  Architecture   ¤  Load  commands   n  Location  of  symbol  table   n  Shared  Libraries   ¤  Data   n  Organized  in  Segments  
  • 8. iOS App Architecture ¨  Header  can  be  viewed  using  otool   ¤  Otool  –h  Binary   ¤  Cpu  type  12/6  =  ARM  6   ¤  Cpu  type  12/9  =  ARM  7  
  • 9. iOS App Architecture ¨  Load  can  be  viewed  using  otool   ¤  Otool  –l  Binary  
  • 10. Decrypting iOS Apps ¨  AppStore  binaries  are  encrypted   ¤  Protects  from  piracy   ¤  Similar  to  Fairplay  DRM  used  on  iTunes  music   ¨  Self  distributed  Apps  are  not  encrypted   ¨  Loader  decrypts  the  apps  when  loaded  into  memory   ¨  Debugger  can  be  used  to  dump  the  decrypted  app  from  memory   ¨  Tools  are  available:  Craculous,  Clutch,  Installous  
  • 11. Cycript ¨  Combination  of  JavaScript  and  Objective-­‐C  interpreter   ¨  App  runtime  can  be  easily  modi@ied  using  Cycript     ¨  Can  be  hooked  to  a  running  process     ¨  Gives  access  to  all  classes  and  instance  variables  within  the  app   ¨  Used  for  runtime  analysis   ¤  Bypass  security  locks   ¤  Access  sensitive  information  from  memory   ¤  Authentication  Bypass  attacks   ¤  Accessing  restricted  areas  of  the  applications  
  • 12. Class-dump-z ¨  Use  class-­‐dump-­‐z  on  decrypted  binary  and  map  the  application   ¨  Retrieve  class  declarations   ¨  Analyze  the  class  dump  output  and  identify  the  interesting  class  
  • 13. iOS App Execution Flow ¨  iOS  app  centralized  point  of  control  (MVC)  –  UIApplication  class  
  • 14. Breaking iOS Apps ¨  Create  object  for  the  class  and  directly  access  the  instance   variables    and  invoke  methods   ¨  Existing  methods  can  be  overwritten  easily