"Human resource configurations: iOS Cheats hacker attack and defense," Book Launch

Others 2019-07-21 18:09:48 views: null

This book is easy to understand, allows the reader step by step, systematically learning iOS security technologies. The book first detailed introduction to escape the environment and reverse the development tools, then turn explain the basis for the compilation, dynamic testing, static analysis, and injection hook, file format, and finally presents for everyone to crack the application and application protection, access and privacy forensics, brush the amount of cheating, a unique device ID, write several topics such as insider shell.

Chapter 1 iOS security mechanisms ....................................... .1
1.1 installation source applications ............................................. 1
1.2 Sandbox ............ ................................................ .. 2
1.3 3 code signing ......................................................
1.4 isolation ............... user permissions ............................... 4
1.5 .................................... data execution protection. 4
1.6 randomization address ....................................... ......... .. 5
1.7 daemon ...................................................... 5

Chapter 2 jailbreak prepare environmental development tools .................. 8
2.1 8 ................................................ jailbreak and Cydia
2.2 file management tool ........................... ..10 ...............
2.2.1 iFile: manage files on the phone 10 .............
2.2.2 AFC2: manage mobile phone via USB file ................................................ 10
2.3 11 command-line tool ................................................
2.3.1 MTerminal: execute command-line phone .......................................... .. 11
2.3 .2 OpenSSH: command line executed on a computer .......................................... .. 12
2.4 13 .................................... code injection testing tool.
2.5 remote debugging tool 14 .. ..........................................
2.5.1 debugserver configuration with start 14 ............
2.5.2 debugserver connection and commissioning a LLDB ................................. ............... 15
2.5.3 debugging USB SSH connection ...... 17
2.6 disassembler 18 is ................................................
2.6.1 the IDA ................................................. 18
2.6.2 Hopper .......................................... .. 21
2.7 Other tools ........................ ………………………. twenty two

Chapter 3 ARM assembler ..30 base .................................
3.1 ...................................................... the ARMv7. 30
3.1.1 32-bit write assembly code ..................... .. 30
3.1.2 .................................... register stack 32 and
3.1.3 the base instruction ....................................... 32
3.1 .4 conditional jump circulating ........................... .. 33
3.1.5 during the function call parameter 34 is .....................
3.1.6 the Thumb instruction .............................. 35 ......
3.2 arm64 ....................................................... 36
3.2.1 64 prepared by the assembly code .................. .36
3.2.2 register and stack ...... .............................. 36
calls the function procedure parameters ..................... 37 3.2.3
3.3 ........................ inline assembler 38 in Xcode
3.3.1 C / C ++ / Objective-C assembler function calls ................................................ 39
3.3.2 written directly inline assembly ........................ .39

Chapter 4 analyzes the application of reverse .................................... .41
4.1 Looking main function of the entrance .............................. 41
4.1.1 Write a test program ............... .......... 41 is
4.1.2 main function of the ARMv7 inlet ............ .. 42 is
the main function of the inlet ............ .. 43 4.1.3 aRM64
4.2 .................................... dynamic debugging ............... 44
4.2.1 disassembly .......................................... .. 44
4.2.2 Add breakpoint ........................................ 45
4.2.3 print data ....................................... 50
4.2.4 read data ........................................ 5114
execution flow modification program 4.2.5 ..................... 5217
4.2.6 ....................................... to view the information. 54
4.2.7 perform a call stack upper ........................ 56
4.2.8 modify the value of the temporary variable ........................ 57
4.2.9 using help and search ........................... .. 57

Preparation of technical Tweak ................................. 76 Chapter 5
5.1 Theos development environment using .............................. 76
5.1.1 Programming a first Tweak ..................... .76 ...
5.1.2 Theos project file .............................. 80
5.2 reverse analysis and write ........................... .. 83 Tweak
5.2.1 reverse analysis ..................... .................. .83
write Tweak 5.2.2 .................................... .91

Chapter 6 ....................................... .94 injected with Hook
6.1 inject a dynamic library ................................................ 94
6.1.1 write dynamic libraries ...... 94 ..............................
6.1.2 DynamicLibraries directory .................. 95
6.1.3 DYLD_INSERT_LIBRARIES environment variable ....................................... 95
6.1.4 jailbreak DLL injection ......................... 96
6.2 97 Hook ............................................................
6.2.1 Cydia Substrate, ........................... .... 97
6.2.2 .............................. .. 100 the Symbol the Table
6.2.3 Method, Swizzing ........................ .. 102

Chapter 7 Mach-O file format parsing ................... 104
7.1 the Mach-O format file 104 ....................................
7.1.1 Fat head ........................ ................ 106
7.1.2 108 the Mach head ....................................
7.1.3 the Load Command .............................. 109
7.1.4 symbol table string table 122 .. .....................
7.2 CFString operation procedure ............................... 124
7.2.1 124 write tests ..............................
7.2.2 of CFString data structure .................. 125
7.2.3 debugging process 126 runs ..............................
7.3 ARM function of the Mach-O bound call process analysis ................................. ............... .. 127
7.3.1 write test code .............................. 127
7.3.2 analysis of the calling process ARMv7 function to bind to .................................... .. 128
7.3.3 analysis of the binding function calling procedure ARM64 .................................... .. 136
7.3.4 summarizes ..................................... 140
7.4 static storehouse File format .................................... ..142
7.5 principles of class-dump export header files ............... 143
7.6 About Bitcode .......................................... ... 147
7.6.1 Bitcode role ........................... .. 148
7.6.2 How to generate Bitcode in Xcode ... ..148
7.6.3 through command-line compiler ............ .150 Bitcode
7.6.4 will Bitcode compiled into an executable file ... ..152
7.6.5 compiler parameters ........................... 153

Chapter 8 ....................................... 154 unique device ID
8.1 the UDID .................................... .. 154 device ID
8.2 ........................ the IDFA 157 .................................
8.3 IDFV ......................................................... 157
8.4 OpenUDID .......................................... 158 ......
8.5 SimulateIDFA ........................................... 159
8.6 160 the MAC address ................................................
persistent storage of ......... 8.7 ID ............................ 163
8.8 deviceToken ............................................. 167

Chapter 9, the amount of cheating brush ....................................... .168
obtain root privileges under 9.1 jailbreak environment ..................... .168
9.2 modify phone information ........................ .................. 169
9.2.1 modify the basic information .............................. 169
9.2.2 Wi-Fi modify information ........................... 176
9.2.3 modify deviceToken ......... ............... 177
9.2.4 modify location information .............................. 178
9.3 Clear application data .......................................... 179
9.4 Clear Keychain ............... ........................... 181
9.5 clear the clipboard ............................................. 183
9.6 publishing applications ................................................ .. 183
9.6.1 the App packaged into ..................... .. 183 deb
9.6.2 production Cydia source publishing applications ............... 184
switches rights ................................. 9.7 ............ 185
9.8 IP address changes ............................................. 186
9.9 anti escape detection .................................... ......... .188
9.10 jailbreak without modifying any location information ............... ..190
9.11 log in the same micro-channel ......... 192 simultaneously on two phone
62 data ................................. 9.12 micro-letter ...... 193

Chapter 10 important access to information and evidence .................. .. 195
10.1 Contacts ................................................... 195
10.2 SMS ........................... ........................ .. 196
10.3 197 call records ................................................
10.4 location ............................................. ... 197
10.5 ................................................ network information 199
10.6 206 .. The sensor information ..........................................
10.7 system information ............... ................................. 210
10.8 214 .......................................... hardware ID information
list of applications installed ................................. 216 10.9
10.10 use idb analysis of the leaked data .................. .. 218
10.11 important files and directories ............................... 223
10.12 libimobiledevice obtain phone information ......... .. 226

Chapter 11 Application of crack .......................................... 228
11.1 re-packaged applications and open up ................................. 228
11.1.1 re-packaged applications ............... ............... .228
11.1.2 to open .......................................... 235
11.2 application-signature .......................................... ..238
11.2. 1 code signing ................................. .238
11.2.2 authorization mechanism ................................. .241
11.2.3 profile ................................. .243
11.2.4 heavy signature .................................... ..244
11.3 ..245 capture and change package ..........................................
11.3.1 tcpdump arrested package ............................ 245
11.3.2 capture the Wireshark ......................... 248
11.3.3 Charles gripping HTTPS packets .. 250 ...
11.3.4 heavy Charles modified data packet hair ...... 254
11.3.5 breakthrough SSL mutual authentication .................. 257
11.4 document Control ................................................ 258
11.5 crack the login authentication ........................ ............ . 259
11.5.1 HTTP transmission data obtained .. ......... 259
11.5.2 decrypted data obtained .. ..................... 260
11.5.3 crack method .................................. 261

Chapter 12 application protection .......................................... 262
12.1 Function name confusion .......................................... ..262
12.2 string encryption ............... ........................... ..262
12.3 265 code obfuscation ................................................
12.3.1 inline inline functions ........................ 265
12.3 .2 obfuscator-llvm compiler 266 ............
12.3.3 the Xcode LLVM ..........................................-integrated configuration Obfuscator. 268
12.3.4 Theos integrated configuration obfuscator-llvm ............ ............................... 270
12.4 270 ................................................ escape detection
12.4.1 determines whether there is a relevant document .. ......... 270
12.4.2 directly .................. read the relevant file. 271
12.4.3 function to determine the stat file .......... 271
12.4.4 check dynamic library listing .. ..................... 272
12.4.5 check environmental variables ...... ..................... 272
12.4.6 function checks whether hijacked ............... 272
12.5 anti-piracy .................................... ............... .273
12.5.1 ............ ..273 check Bundleidentifier
12.5.2 Check the source ... ..273 whether the AppStore
12.5.3 re-signing checks .............................. 276
Code Checksum ................................. 12.5.4 .277
12.6 and anti-anti-anti-debugging debug ................................. 278
12.6.1 antidebugging method .................. ............ 279
12.6.2 anti-anti-debugging ................................. .281
12.7 injected with the anti-anti-anti-implantation ................................. 285

Chapter 13 code entry point hijack ........................... ..287
13.1 The principle ................................................ 287
13.2 write ShellCode ........................ ............... 287
13.2.1 Writing ARM assembler ........................ 288
13.2.2 main function jump address calculation ...... 292
13.2.3 294 final ..................... the ShellCode
13.3 inserted Code ................................................ 295
13.4 296 to modify the entry point .. ..........................................
13.4.1 instruction on switching ............... 296 ............
13.4.2 the ARMv7 entry point ........................ 297
13.4.3 arm64 entry point ........................ 297
13.5 weight signature .............................. ..................... .298

Chapter 14 written inside shell 300 ..........................................
14.1 Analyzing type of file format ................................. 300
inserted code ........................ 14.2 .................. .. 301
14.3 modify the program entry point ..................................... 303
14.4 Shellcode how to call a function ........................ 304
14.5 writing and debugging Shellcode ......... .308 ..................
14.5.1 ARMv7 Shellcode ..................... 309
14.5.2 arm64 Shellcode ..................... 316
14.6 summary .......................................... ............ .. 329

Chapter 15 331 system-related ..........................................
15.1 Cydia related issues and fix ............ .. 331
15.2 downgrade legend .................................... ............ 334
15.3 access restrictions password security risks ..................... 335
15.4 scan code 338 online installation application .................................
15.5 overflow vulnerability CVE-2018-4407 remote ......... ... 344
15.6 solve the problem of insufficient disk space ..................... 345

Appendix A list of tools used in the book ..................... ..347

Questions about the book can be encountered in a post on the forum, the author will try to reply, while learning exchange with readers.
iOS security technology exchange forum

Many security experts recommend circle centered Words Writing

We must first of its profits. The book focuses on seven chapters before getting started, we explained the common method will use a variety of environmental jailbreak tools, ARM assembler basis and the application of a reverse, followed by eight chapters focus on offensive and defensive combat and skill. The book is coherent, beginners almost no jump chapters to read. As the title of this book makes clear is that this is a very prestigious "martial arts Cheats." I strongly recommend you read this book iOS security enthusiasts, I believe it will make you function greatly increased.
---- Yi Feng, iOS security researcher

Chen and I have been acquainted for seven years, he has more than 10 years of business experience in the direction of attack and defense and security. This is a book written by first-tier security industry veteran, explained in the book Tiaofenlvxi iOS security and application of reverse, disclose various methods of cheating and brush the amount of use of "wool party", unveils the little-known iOS platform write shell technology. This book content is practical, user-friendly, very helpful in the majority of iOS security enthusiasts entry and improve.
---- Liming Zheng, 7-year safety practitioners

The book details the currently most popular software platform iOS offensive and defensive techniques, iOS security field is a rare masterpiece. The contents of the book collection of cutting-edge security technology and years of combat experience, I believe we will gain in reading this book.
---- Non-worms, senior software security experts, "macOS software security and reverse analysis" of

Guess you like

Origin www.cnblogs.com/exchen/p/11221318.html
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com