please&complete&speaker& feedback&surveys& · ©securitytube.net....
TRANSCRIPT
![Page 1: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/1.jpg)
©SecurityTube.net
Please Complete Speaker Feedback Surveys
![Page 2: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/2.jpg)
©SecurityTube.net
Advanced iOS Applica:on Pentes:ng
Vivek Ramachandran Founder, SecurityTube.net
![Page 3: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/3.jpg)
©SecurityTube.net
Vivek Ramachandran
WEP Cloaking Defcon 19
Caffe LaKe AKack Toorcon 9
MicrosoM Security Shootout
Wi-‐Fi Malware, 2011
802.1x, Cat65k Cisco Systems
B.Tech, ECE IIT Guwaha:
Media Coverage CBS5, BBC Trainer, 2011
![Page 4: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/4.jpg)
©SecurityTube.net
SecurityTube.net
Students in 65+ Countries
![Page 5: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/5.jpg)
©SecurityTube.net
Backtrack 5 Wireless Penetra:on Tes:ng
hKp://www.amazon.com/BackTrack-‐Wireless-‐Penetra:on-‐Tes:ng-‐Beginners/dp/1849515581/
![Page 6: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/6.jpg)
©SecurityTube.net
SecurityTube iOS Security Expert
Teaching iOS Pentes:ng to Hackers from 50+ Countries!
![Page 7: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/7.jpg)
©SecurityTube.net
iOS
iPhone
iPad
iPod
iOS Opera:ng System
![Page 8: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/8.jpg)
©SecurityTube.net
What is iOS really?
hKp://en.wikipedia.org/wiki/IOS
![Page 9: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/9.jpg)
©SecurityTube.net
Is iOS Open Source?
hKp://opensource.apple.com/
![Page 10: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/10.jpg)
©SecurityTube.net
Only Selected Components
hKp://opensource.apple.com/release/ios-‐601/
![Page 11: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/11.jpg)
©SecurityTube.net
iXXX
Hardware
Opera:ng System (iOS)
Applica:ons
![Page 12: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/12.jpg)
©SecurityTube.net
iOS Applica:ons
![Page 13: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/13.jpg)
©SecurityTube.net
How does one Develop iOS Applica:ons?
• Xcode using Objec:ve-‐C
• iPhone / iPad simulator
• Run on actual device to test
![Page 14: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/14.jpg)
©SecurityTube.net
iDevice Processors
• SoC – System on a Chip
• iDevices – License ARM cores (< iPhone 5) – License ARM instruc:on set to build own code (> iPhone 5)
hKp://www.anandtech.com/show/6292/iphone-‐5-‐a6-‐not-‐a15-‐custom-‐core
![Page 15: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/15.jpg)
©SecurityTube.net
ARM anyone?
hKp://en.wikipedia.org/wiki/ARM_architecture
![Page 16: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/16.jpg)
©SecurityTube.net
iOS Security Mechanisms
• PreKy much shrouded in mystery
• First public disclosure: hKp://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf
• Talk at Blackhat 2012 – Rehash of the PDF above
![Page 17: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/17.jpg)
©SecurityTube.net
Security Architecture
Source: Apple Inc.
![Page 18: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/18.jpg)
©SecurityTube.net
Secure Boot Chain
Boot ROM LLB iBoot
iOS Kernel
![Page 19: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/19.jpg)
©SecurityTube.net
Loading Trusted Applica:ons
iOS Kernel
iOS Applica:on
Code Signing
![Page 20: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/20.jpg)
©SecurityTube.net
Applica:on Isola:on
Applica:on 1
Code Signing
Applica:on 2
Code Signing
Sandbox Sandbox
![Page 21: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/21.jpg)
©SecurityTube.net
Data Encryp:on
• Hardware Crypto – UID and GID keys
• Data and File Protec:on – Keychain – Keybags – File Encryp:on
![Page 22: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/22.jpg)
©SecurityTube.net
Network Security
• Built in support for: – SSL and TLS – VPN – Wifi
• Enterprise (EAP-‐TLS, TTLS, PEAP etc.) – Bluetooth
![Page 23: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/23.jpg)
©SecurityTube.net
Why is this relevant to Applica:on Pentes:ng?
• How can you audit an applica:on if the plamorm has so many restric:ons?
• How do you gain access to the filesystem?
• How do decrypt data from keychain, file etc.?
• How do you monitor the applica:on while it is running?
![Page 24: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/24.jpg)
©SecurityTube.net
Why do we need to Jailbreak?
• How can you audit an applica:on if the plamorm has so many restric:ons?
• How do you gain access to the filesystem?
• How do decrypt data from keychain, file etc.?
• How do you monitor the applica:on while it is running?
![Page 25: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/25.jpg)
©SecurityTube.net
Jailbreaking
• Breaking through the “Jail” to allow for – running any applica:on – file system access with root privileges
• May void Warranty!!
• In reality privilege escala:on from mobile -‐> root
![Page 26: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/26.jpg)
©SecurityTube.net
How does Jailbreaking work?
• Similar to any other exploita:on
• How do you exploit Chrome on Windows? – Run browser_autopwn in Metasploit – If vulnerable Chrome, then gets exploited
• How do you exploit an iPhone – Find a vulnerability – Exploit it – Install your tools to maintain access
![Page 27: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/27.jpg)
©SecurityTube.net
History of Jailbreaking Exploits
• Defini:ve List:
hKp://theiphonewiki.com/wiki/index.php?:tle=jailbreak
![Page 28: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/28.jpg)
©SecurityTube.net
Types of Jailbreaks
• Untethered
• Tethered
Really depends on the Jailbreaking exploit used
![Page 29: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/29.jpg)
©SecurityTube.net
Jailbreaking
• Hardware – Jailbroken iPhone / iPad – Any version of iOS >= 5.1.1 – No Support for Jailbreaking (warranty void?) – Do at your own risk – hKp://jailbreak-‐me.info/
• SoMware – Windows / Linux / OS X
![Page 30: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/30.jpg)
©SecurityTube.net
Cydia
Appstore for Jailbroken iPhones
![Page 31: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/31.jpg)
©SecurityTube.net
Logging into your Jailbroken Device
• Install Open SSH server
• Connect to Wi-‐Fi and SSH over IP
• Connect via USB Mul:plexer such as usbmuxd
![Page 32: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/32.jpg)
©SecurityTube.net
Install the Following
• Erica U:li:es • Wget • unzip • adv-‐cmds • cycript • …
![Page 33: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/33.jpg)
©SecurityTube.net
Sqlite Databases
• Sqlite is a file based database
• Does not have a server process associated with it
• Core Data files are Sqlite files
• Most common database type for both iOS and Android
![Page 34: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/34.jpg)
©SecurityTube.net
Sqlite Commands
• .headers ON – to make headers visible
• .tables – to list all available tables
• select * from table_name – to list all data in table name
![Page 35: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/35.jpg)
©SecurityTube.net
Property List Files
• used to store applica:on and user seungs
• data is serialized
• plu:l tool to inspect and convert plist files
• Further Reading: hKp://en.wikipedia.org/wiki/Property_list
![Page 36: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/36.jpg)
©SecurityTube.net
List of Applica:ons
![Page 37: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/37.jpg)
©SecurityTube.net
Class-‐Dump-‐Z
• Dumping class informa:on from an iOS applica:on
• Allows for guessing class u:lity
• Great help when using cycript or GDB
• Documenta:on: hKp://code.google.com/p/networkpx/wiki/class_dump_z
![Page 38: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/38.jpg)
©SecurityTube.net
Cycript
• Run:me Injec:on and Modifica:on of control flow
• Can view / modify data and code
• Documenta:on: hKp://www.cycript.org/
![Page 39: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/39.jpg)
©SecurityTube.net
Installing HelloWorld
• Upload zip file to phone
• unzip and install in /Applica:ons
• Already signed, hence will work
![Page 40: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/40.jpg)
©SecurityTube.net
The Life Cycle of an iOS Applica:on
![Page 41: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/41.jpg)
©SecurityTube.net
UIApplica:onMain
![Page 42: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/42.jpg)
©SecurityTube.net
Delega:on? Huh?
hKp://developer.apple.com/library/ios/#documenta:on/General/Conceptual/DevPedia-‐CocoaCore/Delega:on.html
Delega:ng Object Delegate
![Page 43: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/43.jpg)
©SecurityTube.net
UIApplica:on
![Page 44: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/44.jpg)
©SecurityTube.net
UIApplica:on Tasks
![Page 45: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/45.jpg)
©SecurityTube.net
UIApplica:on Delegate
![Page 46: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/46.jpg)
©SecurityTube.net
UIApplica:on windows
![Page 47: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/47.jpg)
©SecurityTube.net
Which is the ac:ve window?
![Page 48: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/48.jpg)
©SecurityTube.net
UIWindow
hKp://developer.apple.com/library/ios/#DOCUMENTATION/UIKit/Reference/UIWindow_Class/UIWindowClassReference/UIWindowClassReference.html#//apple_ref/occ/cl/UIWindow
![Page 49: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/49.jpg)
©SecurityTube.net
Cycript
• Tricks: hKp://iphonedevwiki.net/index.php/Cycript_Tricks • Detailed Informa:on: hKp://iphonedevwiki.net/index.php/Cycript
![Page 50: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/50.jpg)
©SecurityTube.net
Print iVars (Instance Variables)
![Page 51: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/51.jpg)
©SecurityTube.net
Prin:ng Methods
![Page 52: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/52.jpg)
©SecurityTube.net
Replacing Func:ons
![Page 53: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/53.jpg)
©SecurityTube.net
Applica:on Encryp:on?
• All Applica:ons we have used :ll now were not encrypted – out custom apps: already signed – Apple apps
• What about applica:ons from the App Store? – Encrypted and Signed
![Page 54: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/54.jpg)
©SecurityTube.net
Decryp:ng Applica:ons with GDB
• Load process in GDB
• Dump memory and patch file header
• hKp://hackulo.us/wiki/IOS_Cracking#Using_GDB_to_Dump
![Page 55: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/55.jpg)
©SecurityTube.net
Clutch
• Used for iOS applica:on decryp:on
• Can be run from the command line
• Documenta:on: hKp://hackulo.us/wiki/Clutch
![Page 56: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/56.jpg)
©SecurityTube.net
Clutch
• Used for iOS applica:on decryp:on
• Can be run from the command line
• Documenta:on: hKp://hackulo.us/wiki/Clutch
• Clutch source code and other tools: hKp://cloud.uhelios.com/1t1y2z0M2B0d (Thanks to Paul! )
• Clutch binary included in this directory
![Page 57: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/57.jpg)
©SecurityTube.net
GNU Debugger
• SecurityTube GNU Debugger Expert – Course videos – Slides – Exercises
• GDB-‐Primer directory inside Module-‐3
• Please do it first before proceeding further
![Page 58: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/58.jpg)
©SecurityTube.net
Cydia GDB Broken L
• pod2g: hKp://www.pod2g.org/2012/02/working-‐gnu-‐debugger-‐on-‐ios-‐43.html
• GDB included in module-‐3 directory
• upload to phone
![Page 59: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/59.jpg)
©SecurityTube.net
objc_msgSend
Source: Apple.com
![Page 60: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/60.jpg)
©SecurityTube.net
Demos and Ques:ons
![Page 61: Please&Complete&Speaker& Feedback&Surveys& · ©SecurityTube.net. Vivek&Ramachandran& WEP&Cloaking& Defcon19 Caffe&Lae&AKack& Toorcon9 MicrosoM&& Security&Shootout WiNFi&Malware,&2011&](https://reader033.vdocument.in/reader033/viewer/2022060403/5f0e86237e708231d43fa855/html5/thumbnails/61.jpg)
©SecurityTube.net
Please Complete Speaker Feedback Surveys