iOS App Reverse Engineering
Know the column:
- Jailbroken iPhone security in the eyes of iOS security developers
- Summary of iOS Security Development Protection
- Reveal Advanced Tips for Viewing Any App
Book Recommendations:
iOS jailbreak program development
iOS Application Security
- Build a mobile penetration testing platform
- Get class information for iOS application
- 理解Objective-C Runtime
- Runtime Analysis with Cycript (Yahoo Weather App)
- Advanced Techniques for Runtime Analysis with Cycript (Yahoo Weather Application
- New Security Features in iOS 7
- How to install an app to a device without a certificate
- Method Swizzling with Cycript
- Analyzing the Security of iOS Applications with Snoop-it
- iOS file system and forensics
- Analyze network traffic using HTTP/HTTPS
- Export Keychain data
- Start custom Ramdisk using Sogeti Data Protection tools
- Gather information with Sogeti Data Protection tools
- Static Analysis of iOS Apps with iNalyzer
- Dynamic Analysis of iOS Apps with iNalyzer
- Black-box testing of iOS apps with Introspy
- Detect custom signatures with Introspy
- Using Introspy in your program
- Local data storage and its security (NSUserDefaults, CoreData, Sqlite, Plist files)
- ARM and GDB basics
- Runtime analysis and manipulation with GDB
- Against runtime analysis and manipulation
- Jailbreak detection and bypass
- iOS development security programming practice
- Patching iOS Apps with IDA Pro
- Brief summary
iOS security attack and defense
- Hack essential commands and tools
- Background daemon illegally steals user iTunesstore information
- Use Reveal to analyze other people's apps
- Prevent GDB from being attached
- Use Cycript to modify Alipay app runtime
- Use class-dump-z to analyze Alipay app
- Hack actual combat - lift the limit on the number of times the Alipay app is unlocked by gestures
- Keyboard Cache and Secure Keyboard
- 使用Keychain-Dumper导出keychain数据
- 二进制和资源文件自检
- Hack实战——探究支付宝app手势密码
- iOS7的动态库注入
- 数据擦除
- Hack实战——支付宝app手势密码校验欺骗
- 使用iNalyzer分析应用程序
- 使用introspy追踪分析应用程序
- Fishhook
- 数据保护API
- 基于脚本实现动态库注入
- 越狱检测的攻与防
- 废除应用程序的ASLR特性
- static和被裁的符号表
苹果关于安全的文档
- Security Overview
- Secure Coding Guide
- iOS Security
- Cryptographic Services Guide
- Secure Transport Reference
- CFNetwork Programming Guide
- Certificate, Key, and Trust Services Reference
- Certificate, Key, and Trust Services Programming Guide
- Keychain Services Reference
- Keychain Services Programming Guide
Posted by TracyYih - 2014-02-14
如需转载,请注明: 本文来自 Esoft Mobile