Hacking & Securing of iOS Apps by Saurabh Mishra
Transcript of Hacking & Securing of iOS Apps by Saurabh Mishra
![Page 1: Hacking & Securing of iOS Apps by Saurabh Mishra](https://reader036.fdocuments.us/reader036/viewer/2022062823/587198881a28ab044e8b52bf/html5/thumbnails/1.jpg)
HACKING & SECURING OF iOS APPS
-Saurabh Mishra
![Page 2: Hacking & Securing of iOS Apps by Saurabh Mishra](https://reader036.fdocuments.us/reader036/viewer/2022062823/587198881a28ab044e8b52bf/html5/thumbnails/2.jpg)
NSLog (@”About me !”); iOS developer >2 yr Web api developer iOS app pentester Security Enthusiast
![Page 3: Hacking & Securing of iOS Apps by Saurabh Mishra](https://reader036.fdocuments.us/reader036/viewer/2022062823/587198881a28ab044e8b52bf/html5/thumbnails/3.jpg)
Rough Agenda (we will digress) Introduction to iOS Introduction to iOS apps Objective C Environment & tool setup Static Analysis Dynamic Analysis Secure Coding & Best practices
![Page 4: Hacking & Securing of iOS Apps by Saurabh Mishra](https://reader036.fdocuments.us/reader036/viewer/2022062823/587198881a28ab044e8b52bf/html5/thumbnails/4.jpg)
iOS Mobile OS by Apple Inc. (i Operating
System , 2007) History Architecture of iOS
![Page 5: Hacking & Securing of iOS Apps by Saurabh Mishra](https://reader036.fdocuments.us/reader036/viewer/2022062823/587198881a28ab044e8b52bf/html5/thumbnails/5.jpg)
iOS architecture of Non Jailbroken device
OS & preinstalled Apps
Path/Application
Root user
Mobile user
App 1
App 2
Sandbox for app1contains all the files created or required by appApps from appstorePath/var/mobile/container/bundle/application*The permission architecture
*Sandboxing of iOS apps
![Page 6: Hacking & Securing of iOS Apps by Saurabh Mishra](https://reader036.fdocuments.us/reader036/viewer/2022062823/587198881a28ab044e8b52bf/html5/thumbnails/6.jpg)
Types of iOS Applications Web Applications:
HTML + CSS + JavaScript Run inside Safari/Webkit
Native Applications: Written in Objective-C (+ C/C++) Compiled into ARM for actual devices, x86
for iOS Simulator
![Page 7: Hacking & Securing of iOS Apps by Saurabh Mishra](https://reader036.fdocuments.us/reader036/viewer/2022062823/587198881a28ab044e8b52bf/html5/thumbnails/7.jpg)
What does an iOS Application Look Like?
iOS Applications: In Development with Apple SDK Xcode:
Distributed as XCode Project Folders Compiled and deployed through the app store:
Compiled as ARM Distributed as “.ipa” files zip files containing app resources and ARM executable
Deployed as “.app” directories Executable code is:
encrypted with FairPlay DRM (AES) signed with Apple’s signature
![Page 8: Hacking & Securing of iOS Apps by Saurabh Mishra](https://reader036.fdocuments.us/reader036/viewer/2022062823/587198881a28ab044e8b52bf/html5/thumbnails/8.jpg)
Objective CObjective-C is a superset of C, this means all C code still applies.
[self doSomethingWithVar:var1];
![Page 9: Hacking & Securing of iOS Apps by Saurabh Mishra](https://reader036.fdocuments.us/reader036/viewer/2022062823/587198881a28ab044e8b52bf/html5/thumbnails/9.jpg)
Environment Setup/Tools required Tool List:
Your Phone: Jailbreak GDB Command Line Knowledge Crackulous/appcrack/Clutch Class-dump-z Cycript
Your PC: Burp SQLite Manager IDA/Hopper
![Page 10: Hacking & Securing of iOS Apps by Saurabh Mishra](https://reader036.fdocuments.us/reader036/viewer/2022062823/587198881a28ab044e8b52bf/html5/thumbnails/10.jpg)
How do we Test?
Analysis of iOS apps
Static Analysis Dynamic Analysis
Binary Analysi
s Class dump
Local Storag
eMethod
SwizzlingNetwork Analysis
![Page 11: Hacking & Securing of iOS Apps by Saurabh Mishra](https://reader036.fdocuments.us/reader036/viewer/2022062823/587198881a28ab044e8b52bf/html5/thumbnails/11.jpg)
Static Analysis Hopper disassembler Class-dump-z
![Page 12: Hacking & Securing of iOS Apps by Saurabh Mishra](https://reader036.fdocuments.us/reader036/viewer/2022062823/587198881a28ab044e8b52bf/html5/thumbnails/12.jpg)
Demo
![Page 13: Hacking & Securing of iOS Apps by Saurabh Mishra](https://reader036.fdocuments.us/reader036/viewer/2022062823/587198881a28ab044e8b52bf/html5/thumbnails/13.jpg)
Dynamic Analysis GDB Method sizzling using “Cycript”
![Page 14: Hacking & Securing of iOS Apps by Saurabh Mishra](https://reader036.fdocuments.us/reader036/viewer/2022062823/587198881a28ab044e8b52bf/html5/thumbnails/14.jpg)
Cycript Cycript is an implementation of JavaScript
that can interact with Objective-C classes and objects. One of the most useful functions of Cycript is its ability to attach directly to a process, much like gdb, and alter the state of the running application. With Cycript, you can manipulate existing objects already in your application’s memory, or instantiate new objects, such as new view controller classes or windows.
![Page 15: Hacking & Securing of iOS Apps by Saurabh Mishra](https://reader036.fdocuments.us/reader036/viewer/2022062823/587198881a28ab044e8b52bf/html5/thumbnails/15.jpg)
Demo
![Page 16: Hacking & Securing of iOS Apps by Saurabh Mishra](https://reader036.fdocuments.us/reader036/viewer/2022062823/587198881a28ab044e8b52bf/html5/thumbnails/16.jpg)
Network Analysis Proxy setup
![Page 17: Hacking & Securing of iOS Apps by Saurabh Mishra](https://reader036.fdocuments.us/reader036/viewer/2022062823/587198881a28ab044e8b52bf/html5/thumbnails/17.jpg)
Local Storage Analysis NSUserdefault Sqlite CoreData
![Page 18: Hacking & Securing of iOS Apps by Saurabh Mishra](https://reader036.fdocuments.us/reader036/viewer/2022062823/587198881a28ab044e8b52bf/html5/thumbnails/18.jpg)
![Page 19: Hacking & Securing of iOS Apps by Saurabh Mishra](https://reader036.fdocuments.us/reader036/viewer/2022062823/587198881a28ab044e8b52bf/html5/thumbnails/19.jpg)
Secure Coding & Best Practices Secure coding is about increasing the
complexity demanded for an attack against the application to succeed. No application can ever be truly secure. With the right resources and time, any application, including those utilizing strong encryption, can be broken.
![Page 20: Hacking & Securing of iOS Apps by Saurabh Mishra](https://reader036.fdocuments.us/reader036/viewer/2022062823/587198881a28ab044e8b52bf/html5/thumbnails/20.jpg)
Precaution not Cure :-P Use dummy methods. Analyze flow & architecture of code. Is Jailbroken? Don’t use hardcoded strings (key,outhtoken etc). Is debugger attached. Handle - (void)applicationDidEnterBackground:
(UIApplication *)application Use keychain for sensitive info (key,outhtoken etc). Don’t use plain http web api. Always use server side validation for inapp
purchase.