book

Hacking and Securing iOS Applications

Name: Hacking and Securing iOS Applications
Author: Jonathan Zdziarski
ISBN: 9781449318741

by Jonathan Zdziarski

January 2012

Intermediate to advanced

354 pages

9h 32m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Dedication
A Note Regarding Supplemental Files
Preface
Audience of This BookOrganization of the MaterialConventions Used in This BookUsing Code ExamplesLegal DisclaimerSafari® Books OnlineHow to Contact Us
1. Everything You Know Is Wrong
The Myth of a MonocultureThe iOS Security ModelComponents of the iOS Security ModelDevice securityData securityNetwork securityApplication securityStoring the Key with the LockPasscodes Equate to Weak SecurityForensic Data Trumps EncryptionExternal Data Is at Risk, TooHijacking TrafficData Can Be Stolen...QuicklyTrust No One, Not Even Your ApplicationPhysical Access Is OptionalSummary
I. Hacking
2. The Basics of Compromising iOS
Why It’s Important to Learn How to Break Into a DeviceJailbreaking ExplainedDeveloper ToolsEnd User JailbreaksJailbreaking an iPhoneDFU ModeTethered Versus UntetheredCompromising Devices and Injecting CodeBuilding Custom CodeAnalyzing Your BinaryBasic disassemblyListing dynamic dependenciesSymbol table dumpsString searchesTesting Your BinaryDaemonizing CodeDeploying Malicious Code with a Tar ArchiveGrabbing signed binariesPreparing the archiveDeploying the archiveDeploying Malicious Code with a RAM DiskBuild a custom launchdBreakdown of launchd exampleBuilding a RAM diskBooting a RAM diskTroubleshootingExercisesSummary
3. Stealing the Filesystem
Full Disk EncryptionSolid State NANDDisk EncryptionFilesystem EncryptionProtection classesWhere iOS Disk Encryption Has Failed YouCopying the Live FilesystemThe DataTheft PayloadDisabling the watchdog timerBringing up USB connectivityPayload codeCustomizing launchdPreparing the RAM diskImaging the FilesystemCopying the Raw FilesystemThe RawTheft PayloadPayload codeCustomizing launchdPreparing the RAM diskImaging the FilesystemExercisesThe Role of Social EngineeringDisabled Device DecoyDeactivated Device DecoyMalware Enabled DecoyPassword Engineering ApplicationSummary
4. Forensic Trace and Data Leakage
Extracting Image GeotagsConsolidated GPS CacheSQLite DatabasesConnecting to a DatabaseSQLite Built-in CommandsIssuing SQL QueriesImportant Database FilesAddress Book ContactsPutting it all togetherAddress Book ImagesGoogle Maps DataCalendar EventsCall HistoryEmail DatabaseMail attachments and message filesNotesPhoto MetadataSMS MessagesSafari BookmarksSMS Spotlight CacheSafari Web CachesWeb Application CacheWebKit StorageVoicemailReverse Engineering Remnant Database FieldsSMS DraftsProperty ListsImportant Property List FilesOther Important FilesSummary
5. Defeating Encryption
Sogeti’s Data Protection ToolsInstalling Data Protection ToolsBuilding the Brute ForcerBuilding Needed Python LibrariesExtracting Encryption KeysThe KeyTheft PayloadCustomizing LaunchdPreparing the RAM diskPreparing the KernelExecuting the Brute ForceDecrypting the KeychainDecrypting Raw DiskDecrypting iTunes BackupsDefeating Encryption Through SpywareThe SpyTheft PayloadDaemonizing spydCustomizing LaunchdPreparing the RAM diskExecuting the PayloadExercisesSummary
6. Unobliterating Files
Scraping the HFS JournalCarving Empty SpaceCommonly Recovered DataApplication ScreenshotsDeleted Property ListsDeleted Voicemail and Voice RecordingsDeleted Keyboard CachePhotos and Other Personal InformationSummary

7. Manipulating the Runtime
Analyzing BinariesThe Mach-O FormatIntroduction to class-dump-zSymbol TablesEncrypted BinariesCalculating OffsetsDumping MemoryCopy Decrypted Code Back to the FileResetting the cryptidAbusing the Runtime with CycriptInstalling CycriptUsing CycriptBreaking Simple LocksReplacing MethodsTrawling for DataInstance variablesMethodsClassesLogging DataMore Serious ImplicationsPersonal data vaultsPayment processing applicationsElectronic bankingExercisesSpringBoard AnimationsCall Tapping...Kind OfMaking Screen ShotsSummary
8. Abusing the Runtime Library
Breaking Objective-C DownInstance VariablesMethodsMethod CacheDisassembling and DebuggingEavesdroppingThe Underlying Objective-C FrameworkInterfacing with Objective-CMalicious Code InjectionThe CodeTheft PayloadInjection Using a DebuggerInjection Using Dynamic Linker AttackFull Device InfectionSummary
9. Hijacking Traffic
APN HijackingPayload DeliveryRemovalSimple Proxy SetupAttacking SSLSSLStripParos ProxyBrowser WarningsAttacking Application-Level SSL ValidationThe SSLTheft PayloadHijacking Foundation HTTP ClassesThe POSTTheft PayloadAnalyzing DataDriftnetBuildingRunningExercisesSummary
II. Securing
10. Implementing Encryption
Password StrengthBeware Random Password GeneratorsIntroduction to Common CryptoStateless OperationsStateful EncryptionMaster Key EncryptionGeo-EncryptionGeo-Encryption with PassphraseSplit Server-Side KeysSecuring MemoryWiping MemoryPublic Key CryptographyExercises
11. Counter Forensics
Secure File WipingDOD 5220.22-M WipingObjective-CWiping SQLite RecordsKeyboard CacheRandomizing PIN DigitsApplication Screenshots
12. Securing the Runtime
Tamper ResponseWipe User DataDisable Network AccessReport HomeEnable LoggingFalse Contacts and Kill SwitchesProcess Trace CheckingBlocking DebuggersRuntime Class Integrity ChecksValidating Address SpaceInline FunctionsComplicating DisassemblyOptimization FlagsStrippingThey’re Fun! They Roll! -funroll-loopsExercises
13. Jailbreak Detection
Sandbox Integrity CheckFilesystem TestsExistence of Jailbreak FilesSize of /etc/fstabEvidence of Symbolic LinkingPage Execution Check
14. Next Steps
Thinking Like an AttackerOther Reverse Engineering ToolsSecurity Versus Code ManagementA Flexible Approach to SecurityOther Great Books
About the Author
Copyright

Overview

If you’re an app developer with a solid foundation in Objective-C, this book is an absolute must—chances are very high that your company’s iOS applications are vulnerable to attack. That’s because malicious attackers now use an arsenal of tools to reverse-engineer, trace, and manipulate applications in ways that most programmers aren’t aware of.

This guide illustrates several types of iOS attacks, as well as the tools and techniques that hackers use. You’ll learn best practices to help protect your applications, and discover how important it is to understand and strategize like your adversary.

Examine subtle vulnerabilities in real-world applications—and avoid the same problems in your apps
Learn how attackers infect apps with malware through code injection
Discover how attackers defeat iOS keychain and data-protection encryption
Use a debugger and custom code injection to manipulate the runtime Objective-C environment
Prevent attackers from hijacking SSL sessions and stealing traffic
Securely delete files and design your apps to prevent forensic data leakage
Avoid debugging abuse, validate the integrity of run-time classes, and make your code harder to trace

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781449325213Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills