Index. D, E Damn Vulnerable ios application (DVIA), Data Execution Prevention (DEP), 3 Data storage security,

Transcription

1 Index A Address Space Layout Randomization (ASLR), 3 Anti-debugging protections, Application delegate protocol, 63 ApplicationDidFinishLaunching function, 113 App transport security, 6 Authentication, 45 Authorization, 45 Automating app testing manual penetration, 97 repetitive tasks, 97 B Binary Analysis Results tab, 106 Binary analyzing, 101 Binary button, 100 Blackbox testing definition, 47 intercepting network traffic, (see Network interception) ios applications, 47 runtime analysis application icon, 65 aprogramming experience, 61 class-dump, 67 classruntimemanipulation DetailsVC, 70 controller s class, 68 Cycript, 62 Cycript interpreter, 70 Cycript s capabilities, 65 DVIA app, 66 DVIA login, 70 gswizzling library, 62 JavaScript syntax, 63 login bypass, 66 LoginValidated method, 71 NSString type, 69 objective-c code, 64 Read Tutorial button, 67 SFTP client, 67 status bar, 64 URL string, 69 URL variable, 68 username/password combination, Blocking installed apps detection, 6 Boot procedure, 4 5 Brute force technique, 6 Buff er overflows, C Certificate pinning, 123 Client-side injection, 44 Cocoa framework, 22 CocoaPods, 22, 121 Cocoa Touch, 1 Code signing method, 2 Control Flow Graph (CFG), 76 Core OS layer, 7 Cyberduck, 112 Cycript installation, D, E Damn Vulnerable ios application (DVIA), Data Execution Prevention (DEP), 3 Data storage security, Kunal Relan 2016 K. Relan, ios Penetration Testing, DOI /

2 Debugging ios/os X developer, 79 software development, 79 Directory permissions, 91 Dumping ios Keychain, DVIA pen-testing, 99 Dynamic linker (DYLD), 3 F, G Filesystem, 101 Filesystem Hierarchy Standard (HFS), 8, 11 fork(), 92 Forward secrecy, 123 H Hopper, 73 I iboot, 4 IDB, DVIA, 99 Homebrew package manager, 97 keychain information, 102 Log, 101 NSLog API, 101 OS X, 98 Pasteboard, 103 penetration-testing, 99, 103 pen-test, 99 select App button, 98 tool, 97 tools tab, 101 URL Handlers tab, 100 Insecure data storage, 43, Insecure transport layer, 43 Installing class-dump, Integrated Development Environment (IDE), 20 Invalidated input, ios application, 11 ASLR, 3 boot procedure, 4 5 code signing, 2 DEP, 3 introduction, 1 2 platform layers, 7 Sandbox, 3 security features, 6 7 security history, 2 updates, 5 ios app development objective-c, 13 research, 13 ios app vulnerabilities penetration testing, 31 security, 31 ios Reverse Engineering Toolkit (iret), 97 application analysis, 107 database analysis, 109 Database Analysis tab, 108 Debian package installer, 103 installation, 104 keychain analysis, 107 keychain dumper, 108 links, 105 log viewer, 109 penetration-testing tools, 110 penetration tests, 103 Python, 104 target application, 106 text files, 110 triggering, 104 utilities, 106 web interface, 104 web portal, 106 ios security toolkit reverse engineering address 0x100026cd7, 77 Assemble Instruction, 78 Control Flow Graph button, 77 disassembler, 74 disassembling, 76 DVIA app, DVIA login, 74 fi le menu, 75 Hopper, 73 instruction, 78 loginmethod1tapped control flow graph, 77 memory (RAM), 73 multi-processor disassembler, 73 popup menu, 75 runtime manipulation, 78 user login bypass, 79 ios storage, 119 ios vulnerabilities,

3 J Jailbreak detection Cycript shell, 95 DVIA app, 93 functionalities, 91 Hooking DVIA, 93 JailbreakDetectionVC, 93 LLDB, 95 runtime patching, 95 status, Test 1 button, 95 Jailbreak detection mechanisms, 125 Jailbreaking ios, K Keychain data protection comparison, 120 Keychain_dumper installation, Keychain-dumping tool, 102 L Libimobiledevice library, loginmethod1tapped method, 76 Log tab, 101 Log Viewer, 109 Loopback SSH connection, 92 Lower level bootloader (LLB), 4 M Mac Address Randomization improved, 6 Model-View-Controller (MVC), 29 architecture, 22 N Network interception battery percentage, 52 certificates, 50 Charles Proxy, 47 configuring HTTP proxy, 50 data, 53 HTTP proxy, 49 ios device, 47, 49 SSL certificate, 51 Uber rider app, 52 vulnerabilities, 47 NSUserDefaults, O Objective-C class methods, 17 creation, 15 data types, 15 instance methods, 16 ios and OS X development, 13 runtime, 13 terminology, open source UNIX operating system, 7 P, Q Pasteboard capturing, 103 Platform layers, 7 Position Independent Executable (PIE), 3 Privilege escalation, 43 Proxy, 38 python ire_server.py, 104 R RNCryptor implementation in Swift, 121 RuntimeManipulationDetailsVC, 76 S Sandbox, 3 Seatbelt, 4 Secure development guidelines classic C vulnerabilities, data storage, 127 geolocation handling, 127 transport layer, 128 untrusted data, 126 user session management, 127 Six-digit passcode, 7 SSHing, SSL certificate pinning, 123 SSL pinning, Structures in C, 20 Swift classes and methods, 26 compatibility, 18 conditional statements, 23 default screen, 23 drag and drop toolbar, 28 functions, 25 Hackintosh, 17 Info.plist file,

4 Swift (cont.) ios development, 17 iterative statements, 24 loops, 24 methods, 19 OS X and ios, 17 run button, 28 runtime, 18 simulator, 28 source programming language, 17 stored properties, 18 storyboard designing, 28 type-safe language, 18 Xcode, 23, 27 system(), 92 System hierarchy applications, 9 bin directory, 10 boot directory, 11 developer directory, 10 etc directory, 11 ios file system, 8 lib folder, 10 library, 9 mnt directory, 11 private directory, 11 sbin directory, 10 system directory, 10 tmp directory, 10 user directory, 11 usr directory, 11 var directory, 11 T Tools tab, 101 Transport layer security certificate pinning, 123 SSL pinning, 124 Tweaks bash command, 111 code part, 114 C programming languages, 112 DVIA tweak, 116 existing applications, 110 high-level introduction, 118 installation path, 111 installing SDK 9.3, 110 Linux/Windows machine, 110 login bypass, 117 login panel, 117 makefile, 114 Objective-C, 112 RuntimeManipulation DetailsVC, 116 SDK, 110 SFTB, 112 Springboard header file, 113 time-consuming, 111 Tweak.xm file, UIAlertView, 114 Xcode, 110 U, V, W UIAlertView, 113, 115 UIApplication sharedapplication, 63 UNIX operating system, 1 URI schemes, 6 URL Handlers, 100 User validation client-side validation, 54 DVIA, mobile apps, 53 possibilities are limitless, 53 X, Y, Z Xcode getting started, programming languages, 20 Swift 2.2, 20 Xcode debugging action button, 86 add action button, 86 automate form submissions, 87 Breakpoints tab, 81 bypassing app, 85 code signing, 90 commands, 81, 89 debugger s features, 85 entitlements.plist file, graphical UI, 80 LLDB and GDB, 82 LLDB command, 84 LLDB s GUI interface, 80 loginmethod1tapped method, 82 OS X terminal,

5 penetration testing, 85 program execution, 81, 83 read-only RAM disk, 89 RegEx, 85 third-party ios apps, 91 urltoload variable, 88 urltoload value, 87 usr/bin directory, 90 variables, 86 viewdidload,