2021 new iOS learning direction

Mobile 2021-03-18 16:05:34 views: null

33940477b2687f52c13fc487a7094231.webp

iOS reverse security learning

With Apple's years of research and development of the iOS system, there are more and more security protection mechanisms on iOS and more and more complex. This is very unfriendly to researchers who are new to iOS security and often do not know where to start. Therefore, in order for everyone to have a more systematic understanding of the security mechanisms on iOS, everyone starts with the outline below, hoping to bring some help to everyone's study and research.

You can refer to the index of the column "Reverse and Security of iOS Applications" in the study outline below.

A Preliminary Study of Reverse

Assembly language

DATA SEGMENT; the beginning of the data segment
   ……; pseudo-instruction, define the data segment variable
DATA ENDS; end of data segment

EXTRA SEGMENT; start of extended segment
   ……; Directive, define the extended segment variable
EXTRA ENDS; the end of the extended segment

STACK SEGMENT; start of stack segment
   ……; pseudo-instruction, define the data segment variable
STACK ENDS; end of stack segment

MAC1 MACRO; start of macro definition
……; pseudo-instruction or instruction, macro definition body
ENDM; End of macro definition

CODE SEGMENT; start of code segment
ASSUME CS:CODE,DS:DATA,ES:EXTRA,SS:STACKSTART: ;Main program start address definition
   MOV AX,DATA; register initialization
   MOV      DS,AX
   MOV      AX,EXTRA
   MOV ES, AX
   MOV      AX,STACK
   MOV      SS,AX

…… ;Command
CALL SUB1; call subroutine
……; ;Command
MAC1; call macro
…… ;Command
MOV AH, 4CH; return to DOS
  INT  21H
  SUB1 PROC; start of subroutine definition
  ……
  RET; return to the main program
  SUB1 ENDP; End of subroutine definition
CODE ENDS; end of code segment
END START; end assembly

Signature and re-signature

  • Fully re-signed

The information of the certificate, mobileprovision, and Bundle ID is the same. This method of re-signing is basically the same as signing the code directly;

advantage:

Long validity period and high stability;
Disadvantages:

The maintenance cost is high. Each re-signed ipa must modify the Bundle ID  and match the corresponding signature certificate and mobileprovision description file; the
scope of application:

There are requirements for signature stability;

  • Incomplete resignature

Only guarantee that the certificate and mobileprovision correspond to each other. As for whether the two are consistent with the original ipa Bundle ID and other information, it will not be considered;

advantage:

It seems more convenient to maintain;
disadvantages:

In fact, the original ipa signature has not been completely replaced. It is easy to re-signature and fail, and the stability is not high. It is very likely that the signature will become invalid. You need to re-sign.
Scope of application:

The stability requirement is not high;

Detailed video

View original text

HOOK and injection

  • Software encryption technology is constantly updated and iterated. The level of both parties is constantly improving. Simple static level security confrontation has rarely appeared. Analysts are facing more high-strength code encryption technology and program anti-tampering technology. Under the background, a new software analysis technology-Hook and injection came into being
  • Decompiling the APK, modifying or adding code and then repacking the APK will change the hash value and signature information of the original file. The software anti-tampering technology is to check the hash value and signature of the original file when the software is running to determine whether the program is been destroyed. Hook technology is also called "hook technology". The principle is to "hook" the function to be modified first, and then replace it with a custom function, allowing the program to execute the custom function at runtime, achieving the purpose of dynamically modifying the software. Take the Hook anti-tampering technology as an example. When the anti-tampering system detects the hash value and signature of the program, it will call the system API to read the APK signature information. Using the Hook technology, these system APIs can be "hooked" and return directly to the original program. Signature information, thereby effectively "cheating" the anti-tampering system, and solving the problem of signature checking after the code is repackaged. So it involves two technical points: how to implement the action of "hooking"; how to write a custom function

Pay attention to the official account: iOS Advanced Collection

Recommended essays


Guess you like

Origin blog.51cto.com/15010671/2662929
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com