SlideShare uma empresa Scribd logo

Breaking iOS Apps using Cycript

n|u - The Open Security Community
n|u - The Open Security Community

null Hyderabad Chapter - June 2013 Meet

EducaçãoTecnologia
1 de 15
Baixar para ler offline
BREAKING IOS APPS WITH CYCRIPT Satish Bommisetty
Agenda ¨  Objective  C  Basics   ¨  iOS  App  Architecture   ¨  Decrypting  iOS  Apps   ¨  Breaking  apps  with  Cycript  
Native iOS Applications ¨  Objective  C  code   ¨  Developed  in  Xcode  
Objective C Basics ¨  Objective  C  lies  on  top  of  the  C  language   ¨  Interface  @ile  (.h)   @interface  Car  :  NSObject  {       @loat  @illLevel;    }       -­‐  (void)addGas;       @end       ¨  Implementation  @ile  (.m)   @implementation  Car       -­‐(void)  addGas  {    }       @end      
Objective C Basics ¨  Methods  –  pass  messages   ¨  C++   ¤  Object-­‐>Method(param1,param2)   ¨  Objective-­‐C   ¤  [Object  method:param1  param2name:param2]  
iOS App Architecture ¨  iOS  App  
iOS App Architecture ¨  Mach-­‐O  format   ¤  Header   n  Target  Architecture   ¤  Load  commands   n  Location  of  symbol  table   n  Shared  Libraries   ¤  Data   n  Organized  in  Segments  
iOS App Architecture ¨  Header  can  be  viewed  using  otool   ¤  Otool  –h  Binary   ¤  Cpu  type  12/6  =  ARM  6   ¤  Cpu  type  12/9  =  ARM  7  
iOS App Architecture ¨  Load  can  be  viewed  using  otool   ¤  Otool  –l  Binary  
Decrypting iOS Apps ¨  AppStore  binaries  are  encrypted   ¤  Protects  from  piracy   ¤  Similar  to  Fairplay  DRM  used  on  iTunes  music   ¨  Self  distributed  Apps  are  not  encrypted   ¨  Loader  decrypts  the  apps  when  loaded  into  memory   ¨  Debugger  can  be  used  to  dump  the  decrypted  app  from  memory   ¨  Tools  are  available:  Craculous,  Clutch,  Installous  
Cycript ¨  Combination  of  JavaScript  and  Objective-­‐C  interpreter   ¨  App  runtime  can  be  easily  modi@ied  using  Cycript     ¨  Can  be  hooked  to  a  running  process     ¨  Gives  access  to  all  classes  and  instance  variables  within  the  app   ¨  Used  for  runtime  analysis   ¤  Bypass  security  locks   ¤  Access  sensitive  information  from  memory   ¤  Authentication  Bypass  attacks   ¤  Accessing  restricted  areas  of  the  applications  
Class-dump-z ¨  Use  class-­‐dump-­‐z  on  decrypted  binary  and  map  the  application   ¨  Retrieve  class  declarations   ¨  Analyze  the  class  dump  output  and  identify  the  interesting  class  
iOS App Execution Flow ¨  iOS  app  centralized  point  of  control  (MVC)  –  UIApplication  class  
Breaking iOS Apps ¨  Create  object  for  the  class  and  directly  access  the  instance   variables    and  invoke  methods   ¨  Existing  methods  can  be  overwritten  easily    
Breaking iOS Apps using Cycript

Recomendados

Thick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfThick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfSouvikRoy114738
 
iOS Application Exploitation
iOS Application ExploitationiOS Application Exploitation
iOS Application ExploitationPositive Hack Days
 
Programming in Java
Programming in JavaProgramming in Java
Programming in JavaAbhilash Nair
 
iOS recon with Radare2
iOS recon with Radare2iOS recon with Radare2
iOS recon with Radare2NowSecure
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentestingMinali Arora
 
Maven
MavenMaven
MavenVineela Madarapu
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersRyanISI
 

Recomendados

Thick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfThick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfSouvikRoy114738
 
iOS Application Exploitation
iOS Application ExploitationiOS Application Exploitation
iOS Application ExploitationPositive Hack Days
 
Programming in Java
Programming in JavaProgramming in Java
Programming in JavaAbhilash Nair
 
iOS recon with Radare2
iOS recon with Radare2iOS recon with Radare2
iOS recon with Radare2NowSecure
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentestingMinali Arora
 
Maven
MavenMaven
MavenVineela Madarapu
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersRyanISI
 
Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)Chandrapal Badshah
 
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...Mario Heiderich
 
Troopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can YouTroopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can YouDouglas Bienstock
 
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat Security Conference
 
ORM: Object-relational mapping
ORM: Object-relational mappingORM: Object-relational mapping
ORM: Object-relational mappingAbhilash M A
 
Unsecuring SSH
Unsecuring SSHUnsecuring SSH
Unsecuring SSHJeremy Brown
 
Reverse proxies & Inconsistency
Reverse proxies & InconsistencyReverse proxies & Inconsistency
Reverse proxies & InconsistencyGreenD0g
 
Threat Hunting Web Shells Using Splunk
Threat Hunting Web Shells Using SplunkThreat Hunting Web Shells Using Splunk
Threat Hunting Web Shells Using Splunkjamesmbower
 
Web Cache Poisoning
Web Cache PoisoningWeb Cache Poisoning
Web Cache PoisoningKuldeepPandya5
 
REST APIs with Spring
REST APIs with SpringREST APIs with Spring
REST APIs with SpringJoshua Long
 
OWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling PicklesOWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling PicklesChristopher Frohoff
 
Lecture - 1 introduction to java
Lecture - 1 introduction to javaLecture - 1 introduction to java
Lecture - 1 introduction to javamanish kumar
 
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023Steve Pember
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
Android Security
Android SecurityAndroid Security
Android SecurityLars Jacobs
 
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...Alex Cachia
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentTeymur Kheirkhabarov
 
Gradle,the new build system for android
Gradle,the new build system for androidGradle,the new build system for android
Gradle,the new build system for androidzhang ghui
 
BloodHound 1.3 - The ACL Attack Path Update - Paranoia17, Oslo
BloodHound 1.3 - The ACL Attack Path Update - Paranoia17, OsloBloodHound 1.3 - The ACL Attack Path Update - Paranoia17, Oslo
BloodHound 1.3 - The ACL Attack Path Update - Paranoia17, OsloAndy Robbins
 
Building an Empire with PowerShell
Building an Empire with PowerShellBuilding an Empire with PowerShell
Building an Empire with PowerShellWill Schroeder
 
Reverse Engineering iOS apps
Reverse Engineering iOS appsReverse Engineering iOS apps
Reverse Engineering iOS appsMax Bazaliy
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applicationsjasonhaddix
 

Mais conteúdo relacionado

Mais procurados

Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)Chandrapal Badshah
 
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...Mario Heiderich
 
Troopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can YouTroopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can YouDouglas Bienstock
 
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat Security Conference
 
ORM: Object-relational mapping
ORM: Object-relational mappingORM: Object-relational mapping
ORM: Object-relational mappingAbhilash M A
 
Reverse proxies & Inconsistency
Reverse proxies & InconsistencyReverse proxies & Inconsistency
Reverse proxies & InconsistencyGreenD0g
 
Threat Hunting Web Shells Using Splunk
Threat Hunting Web Shells Using SplunkThreat Hunting Web Shells Using Splunk
Threat Hunting Web Shells Using Splunkjamesmbower
 
REST APIs with Spring
REST APIs with SpringREST APIs with Spring
REST APIs with SpringJoshua Long
 
OWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling PicklesOWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling PicklesChristopher Frohoff
 
Lecture - 1 introduction to java
Lecture - 1 introduction to javaLecture - 1 introduction to java
Lecture - 1 introduction to javamanish kumar
 
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023Steve Pember
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
Android Security
Android SecurityAndroid Security
Android SecurityLars Jacobs
 
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...Alex Cachia
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentTeymur Kheirkhabarov
 
Gradle,the new build system for android
Gradle,the new build system for androidGradle,the new build system for android
Gradle,the new build system for androidzhang ghui
 
BloodHound 1.3 - The ACL Attack Path Update - Paranoia17, Oslo
BloodHound 1.3 - The ACL Attack Path Update - Paranoia17, OsloBloodHound 1.3 - The ACL Attack Path Update - Paranoia17, Oslo
BloodHound 1.3 - The ACL Attack Path Update - Paranoia17, OsloAndy Robbins
 
Building an Empire with PowerShell
Building an Empire with PowerShellBuilding an Empire with PowerShell
Building an Empire with PowerShellWill Schroeder
 

Mais procurados (20)

Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)
 
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
 
Troopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can YouTroopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can You
 
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
 
ORM: Object-relational mapping
ORM: Object-relational mappingORM: Object-relational mapping
ORM: Object-relational mapping
 
Unsecuring SSH
Unsecuring SSHUnsecuring SSH
Unsecuring SSH
 
Reverse proxies & Inconsistency
Reverse proxies & InconsistencyReverse proxies & Inconsistency
Reverse proxies & Inconsistency
 
Threat Hunting Web Shells Using Splunk
Threat Hunting Web Shells Using SplunkThreat Hunting Web Shells Using Splunk
Threat Hunting Web Shells Using Splunk
 
Web Cache Poisoning
Web Cache PoisoningWeb Cache Poisoning
Web Cache Poisoning
 
REST APIs with Spring
REST APIs with SpringREST APIs with Spring
REST APIs with Spring
 
OWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling PicklesOWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling Pickles
 
Lecture - 1 introduction to java
Lecture - 1 introduction to javaLecture - 1 introduction to java
Lecture - 1 introduction to java
 
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023
Anatomy of a Spring Boot App with Clean Architecture - Spring I/O 2023
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active Directory
 
Android Security
Android SecurityAndroid Security
Android Security
 
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows Environment
 
Gradle,the new build system for android
Gradle,the new build system for androidGradle,the new build system for android
Gradle,the new build system for android
 
BloodHound 1.3 - The ACL Attack Path Update - Paranoia17, Oslo
BloodHound 1.3 - The ACL Attack Path Update - Paranoia17, OsloBloodHound 1.3 - The ACL Attack Path Update - Paranoia17, Oslo
BloodHound 1.3 - The ACL Attack Path Update - Paranoia17, Oslo
 
Building an Empire with PowerShell
Building an Empire with PowerShellBuilding an Empire with PowerShell
Building an Empire with PowerShell
 

Destaque

Reverse Engineering iOS apps
Reverse Engineering iOS appsReverse Engineering iOS apps
Reverse Engineering iOS appsMax Bazaliy
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applicationsjasonhaddix
 
逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCamp
逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCamp逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCamp
逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCampimShining @DevCamp
 
如何创建更加灵活的App | 大众点评 屠毅敏
如何创建更加灵活的App | 大众点评 屠毅敏如何创建更加灵活的App | 大众点评 屠毅敏
如何创建更加灵活的App | 大众点评 屠毅敏imShining @DevCamp
 
iOS app security
iOS app security iOS app security
iOS app security Hokila Jan
 
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014viaForensics
 
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...Hackito Ergo Sum
 
WebView security on iOS (EN)
WebView security on iOS (EN)WebView security on iOS (EN)
WebView security on iOS (EN)lpilorz
 
iOS App Reverse Engineering
iOS App Reverse EngineeringiOS App Reverse Engineering
iOS App Reverse EngineeringZishe Sha
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation TestJongWon Kim
 
A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”
A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”
A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”Edmund Chattoe-Brown
 
CDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopCDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopPrathan Phongthiproek
 

Destaque (13)

Reverse Engineering iOS apps
Reverse Engineering iOS appsReverse Engineering iOS apps
Reverse Engineering iOS apps
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applications
 
逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCamp
逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCamp逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCamp
逆向工程技术详解:解开IPA文件的灰沙 -- 通过静态分析工具了解IPA实现 | 友盟 张超 | iOS DevCamp
 
如何创建更加灵活的App | 大众点评 屠毅敏
如何创建更加灵活的App | 大众点评 屠毅敏如何创建更加灵活的App | 大众点评 屠毅敏
如何创建更加灵活的App | 大众点评 屠毅敏
 
iOS app security
iOS app security iOS app security
iOS app security
 
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
 
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
 
WebView security on iOS (EN)
WebView security on iOS (EN)WebView security on iOS (EN)
WebView security on iOS (EN)
 
iOS App Reverse Engineering
iOS App Reverse EngineeringiOS App Reverse Engineering
iOS App Reverse Engineering
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation Test
 
A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”
A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”
A New Approach to Social Mobility Models: Simulation as “Reverse Engineering”
 
Ios vs android
Ios vs androidIos vs android
Ios vs android
 
CDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopCDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest Workshop
 

Semelhante a Breaking iOS Apps using Cycript

iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application SecurityEgor Tolstoy
 
Hacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh MishraHacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh MishraOWASP Delhi
 
[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...
[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...
[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...PROIDEA
 
FRIDA 101 Android
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 AndroidTony Thomas
 
Android Bootcamp
Android BootcampAndroid Bootcamp
Android Bootcampahkjsdcsadc
 
Part 2 android application development 101
Part 2 android application development 101Part 2 android application development 101
Part 2 android application development 101Michael Angelo Rivera
 
MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsRon Munitz
 
Xamarin.Mac Introduction
Xamarin.Mac IntroductionXamarin.Mac Introduction
Xamarin.Mac IntroductionMiguel de Icaza
 
Introduction phonegap
Introduction phonegapIntroduction phonegap
Introduction phonegapRakesh Jha
 
Advanced programing in phonegap
Advanced programing in phonegapAdvanced programing in phonegap
Advanced programing in phonegapRakesh Jha
 
Bootstrapping iPhone Development
Bootstrapping iPhone DevelopmentBootstrapping iPhone Development
Bootstrapping iPhone DevelopmentThoughtWorks
 
iOS Client Side Analysis
iOS Client Side AnalysisiOS Client Side Analysis
iOS Client Side AnalysisAadarsh N
 
Ignite your app development with Angular, NativeScript and Firebase
Ignite your app development with Angular, NativeScript and FirebaseIgnite your app development with Angular, NativeScript and Firebase
Ignite your app development with Angular, NativeScript and FirebaseJen Looper
 
What Makes Objective C Dynamic?
What Makes Objective C Dynamic?What Makes Objective C Dynamic?
What Makes Objective C Dynamic?Kyle Oba
 
NCC Group 44Con Workshop: How to assess and secure ios apps
NCC Group 44Con Workshop: How to assess and secure ios appsNCC Group 44Con Workshop: How to assess and secure ios apps
NCC Group 44Con Workshop: How to assess and secure ios appsNCC Group
 

Semelhante a Breaking iOS Apps using Cycript (20)

iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application Security
 
Hacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh MishraHacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh Mishra
 
[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...
[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...
[CONFidence 2016] Sławomir Kosowski - Introduction to iOS Application Securit...
 
FRIDA 101 Android
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 Android
 
Android Bootcamp
Android BootcampAndroid Bootcamp
Android Bootcamp
 
Part 2 android application development 101
Part 2 android application development 101Part 2 android application development 101
Part 2 android application development 101
 
MobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android AppsMobSecCon 2015 - Dynamic Analysis of Android Apps
MobSecCon 2015 - Dynamic Analysis of Android Apps
 
Xamarin.Mac Introduction
Xamarin.Mac IntroductionXamarin.Mac Introduction
Xamarin.Mac Introduction
 
Introduction phonegap
Introduction phonegapIntroduction phonegap
Introduction phonegap
 
Advanced programing in phonegap
Advanced programing in phonegapAdvanced programing in phonegap
Advanced programing in phonegap
 
Bootstrapping iPhone Development
Bootstrapping iPhone DevelopmentBootstrapping iPhone Development
Bootstrapping iPhone Development
 
Android basics
Android basicsAndroid basics
Android basics
 
iOS Client Side Analysis
iOS Client Side AnalysisiOS Client Side Analysis
iOS Client Side Analysis
 
Intro to appcelerator
Intro to appceleratorIntro to appcelerator
Intro to appcelerator
 
Ignite your app development with Angular, NativeScript and Firebase
Ignite your app development with Angular, NativeScript and FirebaseIgnite your app development with Angular, NativeScript and Firebase
Ignite your app development with Angular, NativeScript and Firebase
 
Typescript++1
Typescript++1Typescript++1
Typescript++1
 
What Makes Objective C Dynamic?
What Makes Objective C Dynamic?What Makes Objective C Dynamic?
What Makes Objective C Dynamic?
 
C Language
C LanguageC Language
C Language
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
 
NCC Group 44Con Workshop: How to assess and secure ios apps
NCC Group 44Con Workshop: How to assess and secure ios appsNCC Group 44Con Workshop: How to assess and secure ios apps
NCC Group 44Con Workshop: How to assess and secure ios apps
 

Mais de n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Mais de n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Último

Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17Celine George
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxPooja Bhuva
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...Nguyen Thanh Tu Collection
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxannathomasp01
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxPooja Bhuva
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...Amil baba
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 

Último (20)

Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 

Breaking iOS Apps using Cycript

  • 1. BREAKING IOS APPS WITH CYCRIPT Satish Bommisetty
  • 2. Agenda ¨  Objective  C  Basics   ¨  iOS  App  Architecture   ¨  Decrypting  iOS  Apps   ¨  Breaking  apps  with  Cycript  
  • 3. Native iOS Applications ¨  Objective  C  code   ¨  Developed  in  Xcode  
  • 4. Objective C Basics ¨  Objective  C  lies  on  top  of  the  C  language   ¨  Interface  @ile  (.h)   @interface  Car  :  NSObject  {       @loat  @illLevel;    }       -­‐  (void)addGas;       @end       ¨  Implementation  @ile  (.m)   @implementation  Car       -­‐(void)  addGas  {    }       @end      
  • 5. Objective C Basics ¨  Methods  –  pass  messages   ¨  C++   ¤  Object-­‐>Method(param1,param2)   ¨  Objective-­‐C   ¤  [Object  method:param1  param2name:param2]  
  • 7. iOS App Architecture ¨  Mach-­‐O  format   ¤  Header   n  Target  Architecture   ¤  Load  commands   n  Location  of  symbol  table   n  Shared  Libraries   ¤  Data   n  Organized  in  Segments  
  • 8. iOS App Architecture ¨  Header  can  be  viewed  using  otool   ¤  Otool  –h  Binary   ¤  Cpu  type  12/6  =  ARM  6   ¤  Cpu  type  12/9  =  ARM  7  
  • 9. iOS App Architecture ¨  Load  can  be  viewed  using  otool   ¤  Otool  –l  Binary  
  • 10. Decrypting iOS Apps ¨  AppStore  binaries  are  encrypted   ¤  Protects  from  piracy   ¤  Similar  to  Fairplay  DRM  used  on  iTunes  music   ¨  Self  distributed  Apps  are  not  encrypted   ¨  Loader  decrypts  the  apps  when  loaded  into  memory   ¨  Debugger  can  be  used  to  dump  the  decrypted  app  from  memory   ¨  Tools  are  available:  Craculous,  Clutch,  Installous  
  • 11. Cycript ¨  Combination  of  JavaScript  and  Objective-­‐C  interpreter   ¨  App  runtime  can  be  easily  modi@ied  using  Cycript     ¨  Can  be  hooked  to  a  running  process     ¨  Gives  access  to  all  classes  and  instance  variables  within  the  app   ¨  Used  for  runtime  analysis   ¤  Bypass  security  locks   ¤  Access  sensitive  information  from  memory   ¤  Authentication  Bypass  attacks   ¤  Accessing  restricted  areas  of  the  applications  
  • 12. Class-dump-z ¨  Use  class-­‐dump-­‐z  on  decrypted  binary  and  map  the  application   ¨  Retrieve  class  declarations   ¨  Analyze  the  class  dump  output  and  identify  the  interesting  class  
  • 13. iOS App Execution Flow ¨  iOS  app  centralized  point  of  control  (MVC)  –  UIApplication  class  
  • 14. Breaking iOS Apps ¨  Create  object  for  the  class  and  directly  access  the  instance   variables    and  invoke  methods   ¨  Existing  methods  can  be  overwritten  easily