Ios on Hexploitable

Brace yourselves: ATS is coming

Wed, 10 Aug 2016 13:54:40 +0000

Application Transport Security

Since HTTP is a plaintext protocol and therefore creates inherent security and privacy concerns when used by applications - Apple has decided that it is finally time to start treating the secure alternative, HTTPS, as the de facto web protocol for iOS mobile apps. At WWDC this year, Apple rightly pointed out that simply “enabling” HTTPS does not necessarily mean that you are secure. There are many ways in which HTTPS can be improperly configured resulting in the use of insecure connections.

Security updates in iOS 10

Fri, 24 Jun 2016 15:17:44 +0000

Apple recently announced iOS 10 which includes many security and privacy related changes. This article aims to talk about some of the significant changes since iOS 9.

Network Security

Since HTTP is a plaintext protocol and therefore creates inherent security and privacy concerns when used, Apple has now decided that it is finally time to start treating HTTPS as the de facto web protocol. At WWDC this year, Apple rightly pointed out that simply “enabling” HTTPS does not necessarily mean that you are secure. There are many ways in which HTTPS can be improperly configured resulting in the use of insecure connections.

Recent Tool Contributions

Tue, 24 Nov 2015 11:43:52 +0000

So recently I made a couple of minor contributions to online iOS tools. Whilst the contributions are tiny, it was my first experience of actually submitting merge requests to other tools. For this reason I thought I’d share them with you.

1. ipainstaller

One of the changes introduced in iOS 8 was that applications are laid out differently on the device. Essentially, the application exists as multiple containers spread out across the /private/var/mobile/ directory.

Integrating Touch ID into your iOS applications

Mon, 03 Aug 2015 09:30:54 +0000

Image copyrights and trademarks belong exclusively to Apple.

What is Touch ID?

Simply put, Touch ID is Apple’s fingerprint technology for iOS mobile devices. It allows consumers to unlock their phones and make purchases conveniently using their fingerprint(s). Furthermore, as of iOS version 8.0, Apple opened Touch ID up to developers by making APIs available for use in the SDK.

Biometric opinions

This post assumes you have performed your own risk assessment and are aware of the risks associated with biometric authentication technologies, and that you have decided that Touch ID is suitable for use in your application.

Touch Unlock for iOS

Thu, 19 Mar 2015 08:54:49 +0000

It. Is. ALIVEEEEE.

So for the last “very long time” some folks and I have been working hard in any second of spare time we could find to write an app called Touch Unlock. Basically, the app is available for all iOS devices which have Apple’s Touch ID hardware and allows you to lock and unlock your Mac via Bluetooth Low Energy. And the best thing? It is totally free, no strings attached. That’s right - no in-app purchases, no advertisements, no surveys, no crap - just a great idea that works.

MEMSCAN improvements

Thu, 12 Feb 2015 21:51:32 +0000

Improvements to MEMSCAN.

First off, I want to say that I was pretty overwhelmed with the volume of attention MEMSCAN received when I initially blogged about it a little while ago. I really didn’t think it was that big of a deal. I started MEMSCAN for two reasons - there wasn’t anything out there which did /exactly/ what I wanted it to do and also because I wanted to move beyond reading C to actually trying to write some C of my own. The fact that so many people downloaded and have contacted me about MEMSCAN is great and makes me find time to work on it that I didn’t think I had.

Small updates to SuccessID

Thu, 12 Feb 2015 21:32:51 +0000

Touch ID reason text

Today I made some small tweaks to SucccessID which some people have been asking for. It was a relatively simple fix, I’m not sure why I didn’t actually put the code in, in the first place. The Alertview shown by successID when Local Authentication API’s are invoked now displays the reason text, which is specified by the application you’re testing.

SuccessID prompts not appearing

I experienced an issue the other day where for a specific app I was testing, the SuccessID prompts weren’t appearing. I tweaked the code ever so slightly and it works. It wasn’t a bug, I just made a couple of unrelated changes and suddenly it worked.

Substrate - hooking C on Android and iOS part 1/2

Mon, 01 Dec 2014 11:55:00 +0000

This post is the first of a two part walkthrough on hooking C functionality on iOS and Android concerning the use of substrate for hooking code on the two supported mobile platforms. The aim is to provide you with a start to finish demonstration of how you can hook C functions on Android and iOS. The Android post is written by John Kozyrakis. You can check it out here: https://hexplo.it/substrate-android/

Hooking C functions on iOS

Preparing the environment

Although it’s possible to set up the same tools in Windows and Unix I’m going to assume you’re using a mac to follow along. We will be installing Theos on to our OSX machine and using it to build our hooks. There are guides as to how you can install Theos onto a jailbroken device itself but for the purpose of this article, I’m not going to document how to do that.

Introducing MEMSCAN

Thu, 13 Nov 2014 14:06:05 +0000

MEMSCAN

MEMSCAN is a utility for iOS which I’ve been working on in bits and pieces here and there. I wanted to be able to dump the memory of a given process or to search for certain bytes in memory and get back an address for those bytes. This can be particularly useful when you’re testing an application which uses PIE and the symbols are not available. Using this technique you can look up the method fingerprint (e.g the first 16 bytes) and then get the address of the method.

Passbook business card tutorial

Tue, 11 Nov 2014 14:17:04 +0000

Introduction

Apple’s passbook functionality has been around for a little while and gradually more and more of the services I use are adopting it, most airlines I fly with use it now, my coffee shops use it, etc. etc.

Whilst that’s awesome, there are other cool and creative things you can do with Passbook as an individual though and it’s very easy! One neat trick you can do to impress your co-workers and clients is to create a Passbook business card.

SuccessID - TouchID override & simulation

Wed, 05 Nov 2014 09:20:20 +0000

Updates

12/FEB/2015 - Added reason text to alertview

iOS 8 activity

Over the past few weeks a lot has happened in the iOS jailbreaking community, PanguTeam dropped an iOS 8.0-8.1 jailbreak, developers frantically tried to iron out performance and stability issues and of course app devs began to update their tweaks and utilities.

One of the many exciting things about an iOS 8 jailbreak for me is the ability to manipulate all of the new SDK additions, HomeKit, HealthKit, ApplePay, LocalAuthentication, etc.

Exporting pseudo code from Hopper

Wed, 26 Feb 2014 21:18:16 +0000

Introduction

First off I want to start by saying that if any of you are interested in binary analysis, reverse engineering, or iOS/OSX thick client pen-testing then I recommend you pick up a copy of Hopper Disassembler. It’s only £50 and it’s awesome. It’s got everything you need to get started, it’s affordable and it has a python API to plug in your own scripts.

I’ve been using Hopper as part of my assessments for the past while and the more I use it the more I love it. However, there’s something that up until today (26 February 2014), Hopper couldn’t offer me and that is the ability to export the generated pseudo code.