Hacking and Securing iOS Applications

Errata for Hacking and Securing iOS Applications

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released.

The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.

Color Key: Serious Technical Mistake Minor Technical Mistake Language or formatting error Typo Question Note Update

Version Location Description Submitted By Date Submitted
Printed Page 28

Have compiled hello.c as per instructions and have confirmed several times. However the binary produced fails with the strings command. The Error produced is: strings: object: hello malformed object (unknown load command 8) Followed commands to move to the iPad and the "ldid -S hello" also fails. The cross compile is occurring on a MacBook Pro running Snow Leopard (10.8.8) using Xcode 4.2. The resulting binary from the cross compile has the following output from the file command: $file hello hello: Mach-O executable arm This is baffling me since it such a straight forward example. Any help greatly appreciated.

Garth Boyd  Aug 21, 2012 
Printed, PDF Page 37
$ sudo chown -R root:sheel System

Example code says: $ sudo chown -R root:sheel System Shouldn't this be: $ sudo chown -R root:wheel System ?

Anonymous  Mar 28, 2012 
PDF, Other Digital Version Page 45
the middle

In the listing of launchd.c in example 2-5, the definition of the cp function is omitted, which results in failure when trying to build the example. The definition of the cp function can be found later in the book, in Chapter 5, in example 5-1 (spyd.c), at pp.133-134. I had this confirmed with the author, and just wanted to make sure that the page gets updated for the benefit of other readers.

Nick Toumpelis  Feb 16, 2012 
PDF Page 50
first paragraph

Hi, Just managed to deploy the launchd example to the iPhone and when I did that, the phone goes into a loop, literally bricks the phone, text goes up the screen like mad and the screen went white just now. I am hoping this is not going to brick my phone. Here is how the screen looks like now: http://dl.dropbox.com/u/32143863/Photo%20on%2002-05-2012%20at%2023.36.jpg I cannot even turn the phone off right now. I'll wait till the battery dies and then restart it. This needs to be looked at immediately.

Vandad NP  May 02, 2012 
Printed, PDF, Other Digital Version Page 66
Example 3-4

The code example provided online for launchd.c at http://examples.oreilly.com/0636920023234/ch03/ does not correspond to the code given in the text in Example 3-4 (launchd.c). Two major issues exist in various parts of the code: a. The disk paths are not the same e.g. in the book the most recent paths are used ("dev/disk0s1s1") while in the code examples older/incorrect paths are used ("dev/disk0s1"). b. The custom operations section in the example code is not the same with the code given in the text. Several cp and chmod operations are missing, e.g. cp("/files/sh", "/mnt/bin/sh"). Also, in the code online, unlink is called on payload. Please, make sure that the two versions match and add some comments regarding disk paths in older versions of iOS.

Nick Toumpelis  Mar 19, 2012 
Printed, PDF, Other Digital Version Page 71
4th paragraph

In this paragraph, it is mentioned that files sh, tar and libncurses.5.dylib could be found at http://www.oreilly.com, in ch03_tar_binaries.zip. However, no specific link is given and at http://examples.oreilly.com/0636920023234/ch03/, where the example code for this chapter is located, this binary or the files cannot be found. A clarification is needed for users who cannot find the files online ( - if they cannot get them off the jailbroken device).

Nick Toumpelis  Mar 18, 2012 
Printed Page 88
Extracting Image Geotags

The url below is broken ad the tool is not available for download. http://www.virtual-cafe.com/~dhh/tools.d/exifprobe.d/exifprobe.html

isa56k  Mar 26, 2012 
Printed Page 130
5th paragraph

If you already have an image and the device encryption keys plist from another tool you can still use emf_decrypter.py and emf_undelete.py with minor changes. emf_decrypter will actually take the key file name as the second argument to the function, e.g.: $python emf_decrypter.py image.dmg keyfile.plist However, absent this argument, the program will not find the plist in the current directory and emf_decrypter will not take an additional keyfile argument. The fix is to patch the __init__ method for the class EMFVolume in hfs/emf.py to make the following change: dirname = os.path.dirname(os.path.abspath(bdev.filename)) which will cause the current working directory to be searched in the absence of a passed filename.

Sean McLinden  Sep 25, 2012 
Printed, PDF Page 143
Last piece of example code

The example code that JZ recommends you input doesn't work without some changes to the rest of the code. I was getting the error below: Traceback (most recent call last): File "python_scripts/emf_undelete.py", line 24, in <module> do_emf_carving(volume, carveokdir, carvenokdir) File "/iPhone/iphone-dataprotection/python_scripts/hfs/journal.py", line 146, in do_emf_carving if isDecryptedCorrectly(data): TypeError: isDecryptedCorrectly() takes exactly 2 arguments (1 given) The function: "def isDecryptedCorrectly(data, filekey):" is parsed 2 parameters data and filekey, but when called is only parsed "data" in original code from Searching the file for "if isDecryptedCorrectly(data):" and replacing with "if isDecryptedCorrectly(data, filekey):" worked for me. I also had to declare the following at the top of the file journal.py import commands import os After that all worked ok.

isa56k  Mar 29, 2012 
PDF Page 226-227
SSLTheft Payload

When I attempt to cross-compile the SSLTheft payload with the commands shown, I get the following error (running OS X 10.6.8): injection.m: In function ‘initialize’: injection.m:43: warning: passing argument 3 of ‘class_addMethod’ from incompatible pointer type injection.m:49: warning: passing argument 3 of ‘class_addMethod’ from incompatible pointer type The POSTTheft payload presents me with a similar error. I found additional information about the error here: http://gcc.gnu.org/wiki/FAQ http://c-faq.com/ansi/constmismatch.html

Billy Graham  Jul 09, 2012 
Printed Page 331
Second code sample

The code sample compares the result of lstat() with non zero, but lstat() returns zero on success. if (lstat("/Applications", &s) != 0) { } Should be: if (lstat("/Applications", &s) == 0) { }

Anonymous  May 20, 2012