iOS Internals Part -2
0 likes924 views
Using Cycript for runtime hooking , bypassing locks , making changes to SpringBoard and security analysis
![cy# - commands
Find all classes
cy# ObjectiveC.classes
Get Instance of a class
cy# var blah = new Instance(0x123456)
Call Methods
cy# [classname method_name: arguments]
Find a class in memory
cy# choose(ClassName)](https://image.slidesharecdn.com/iosinternals-160321084906/85/iOS-Internals-Part-2-6-320.jpg)
iOS Internals Part -2
- 2. @whoami Anto Joseph Works @ Citrix Does Security Research on Mobile / iOT and anything Interesting Speaker / Trainer @ HITB , HIP , NullCon, g0s, c0c0n, x0rconf etc Loves Music ( in my other life , i have been a DJ ) / Food / Bikes etc
- 3. iOS 101 Objective C runtime Can be written in Objective C / Swift / Native Code CodeSigning is important Apps are zip file containers containing resources( images / plits) and the binary Binary if coming from apple has to be decrypted - use cluth / dump decrypted Use class-dump to find out the classes/ methods Use cycript to call those methods
- 4. Dynamic Analysis URl Schemes - Ios way of doing IPC Clipboard - - Ios way of doing IPC Network - SSL Trust Killer 2 Binary Analysis - Hopper / IDa
- 5. Enter Cycript Cycript allows developers to explore and modify running applications on either iOS or Mac OS X using a hybrid of Objective-C++ and JavaScript syntax through an interactive console that features syntax highlighting and tab completion.
- 6. cy# - commands Find all classes cy# ObjectiveC.classes Get Instance of a class cy# var blah = new Instance(0x123456) Call Methods cy# [classname method_name: arguments] Find a class in memory cy# choose(ClassName)
- 7. Demo Time Bypassing A Lock Making Changes to the SpringBoard
- 8. Thanks