Sebastin Guerrero
Mobile Security Analyst
viaForensics
@0xroot
Agenda
Analyzing binaries
Encrypted binaries
#RSAC
Analyzing binaries
#RSAC
Header
Target architecture
Load commands
Shared libraries
Data
Organized in segments
#RSAC
#RSAC
Introduction to class-dump-z
#RSAC
Encrypted binaries
Encrypted binaries
#RSAC
Find the starting offset and the size of the encrypted data in the app
binary.
Find the memory loading address of the application (changes every time
the app is compiled with PIE).
Overwrite the applications encrypted area with the dumped binary data.
#RSAC
10
Clutch
#RSAC
11
Cycript
Gives access to all classes and instance variables within the app
14
#RSAC
15
Create object for the class and directly access the instance variables
and invoke methods
#RSAC
16
#RSAC
17
#RSAC
18
cy# ObjectiveC.classes
#RSAC
19
Evernote Demo
#RSAC
20
#RSAC
21
Electronic banking
#RSAC
22
Tamper response
Blocking debuggers
Complicating disassembly
#RSAC
24
Summary
#RSAC
25
References
https://viaforensics.com/blog/
https://viaforensics.com/resources/reports/best-practices-ios-androidsecure-mobile-development/
http://www.cycript.org/
http://resources.infosecinstitute.com/ios-application-security-part-8method-swizzling-using-cycript/
http://resources.infosecinstitute.com/ios-application-security-part-4runtime-analysis-using-cycript-yahoo-weather-app/
#RSAC
26
#RSAC
27