logo资料库

Hacking and Securing iOS Applications.pdf

发布时间:2022-06-21 发布人:admin 分类:说明书 资料大小:9.27M 资料格式:pdf 举报 版权申诉
第1页 / 共356页
第2页 / 共356页
第3页 / 共356页
第4页 / 共356页
第5页 / 共356页
第6页 / 共356页
第7页 / 共356页
第8页 / 共356页
资料共356页,剩余部分请下载后查看
    Table of Contents
    Preface
    Audience of This Book
    Organization of the Material
    Conventions Used in This Book
    Using Code Examples
    Legal Disclaimer
    Safari® Books Online
    How to Contact Us
    Chapter 1. Everything You Know Is Wrong
    The Myth of a Monoculture
    The iOS Security Model
    Components of the iOS Security Model
    Device security
    Data security
    Network security
    Application security
    Storing the Key with the Lock
    Passcodes Equate to Weak Security
    Forensic Data Trumps Encryption
    External Data Is at Risk, Too
    Hijacking Traffic
    Data Can Be Stolen...Quickly
    Trust No One, Not Even Your Application
    Physical Access Is Optional
    Summary
    Part I. Hacking
    Chapter 2. The Basics of Compromising iOS
    Why It’s Important to Learn How to Break Into a Device
    Jailbreaking Explained
    Developer Tools
    End User Jailbreaks
    Jailbreaking an iPhone
    DFU Mode
    Tethered Versus Untethered
    Compromising Devices and Injecting Code
    Building Custom Code
    Analyzing Your Binary
    Basic disassembly
    Listing dynamic dependencies
    Symbol table dumps
    String searches
    Testing Your Binary
    Daemonizing Code
    Deploying Malicious Code with a Tar Archive
    Grabbing signed binaries
    Preparing the archive
    Deploying the archive
    Deploying Malicious Code with a RAM Disk
    Build a custom launchd
    Breakdown of launchd example
    Building a RAM disk
    Booting a RAM disk
    Troubleshooting
    Exercises
    Summary
    Chapter 3. Stealing the Filesystem
    Full Disk Encryption
    Solid State NAND
    Disk Encryption
    Filesystem Encryption
    Protection classes
    Where iOS Disk Encryption Has Failed You
    Copying the Live Filesystem
    The DataTheft Payload
    Disabling the watchdog timer
    Bringing up USB connectivity
    Payload code
    Customizing launchd
    Preparing the RAM disk
    Imaging the Filesystem
    Copying the Raw Filesystem
    The RawTheft Payload
    Payload code
    Customizing launchd
    Preparing the RAM disk
    Imaging the Filesystem
    Exercises
    The Role of Social Engineering
    Disabled Device Decoy
    Deactivated Device Decoy
    Malware Enabled Decoy
    Password Engineering Application
    Summary
    Chapter 4. Forensic Trace and Data Leakage
    Extracting Image Geotags
    Consolidated GPS Cache
    SQLite Databases
    Connecting to a Database
    SQLite Built-in Commands
    Issuing SQL Queries
    Important Database Files
    Address Book Contacts
    Putting it all together
    Address Book Images
    Google Maps Data
    Calendar Events
    Call History
    Email Database
    Mail attachments and message files
    Notes
    Photo Metadata
    SMS Messages
    Safari Bookmarks
    SMS Spotlight Cache
    Safari Web Caches
    Web Application Cache
    WebKit Storage
    Voicemail
    Reverse Engineering Remnant Database Fields
    SMS Drafts
    Property Lists
    Important Property List Files
    Other Important Files
    Summary
    Chapter 5. Defeating Encryption
    Sogeti’s Data Protection Tools
    Installing Data Protection Tools
    Building the Brute Forcer
    Building Needed Python Libraries
    Extracting Encryption Keys
    The KeyTheft Payload
    Customizing Launchd
    Preparing the RAM disk
    Preparing the Kernel
    Executing the Brute Force
    Decrypting the Keychain
    Decrypting Raw Disk
    Decrypting iTunes Backups
    Defeating Encryption Through Spyware
    The SpyTheft Payload
    Daemonizing spyd
    Customizing Launchd
    Preparing the RAM disk
    Executing the Payload
    Exercises
    Summary
    Chapter 6. Unobliterating Files
    Scraping the HFS Journal
    Carving Empty Space
    Commonly Recovered Data
    Application Screenshots
    Deleted Property Lists
    Deleted Voicemail and Voice Recordings
    Deleted Keyboard Cache
    Photos and Other Personal Information
    Summary
    Chapter 7. Manipulating the Runtime
    Analyzing Binaries
    The Mach-O Format
    Introduction to class-dump-z
    Symbol Tables
    Encrypted Binaries
    Calculating Offsets
    Dumping Memory
    Copy Decrypted Code Back to the File
    Resetting the cryptid
    Abusing the Runtime with Cycript
    Installing Cycript
    Using Cycript
    Breaking Simple Locks
    Replacing Methods
    Trawling for Data
    Instance variables
    Methods
    Classes
    Logging Data
    More Serious Implications
    Personal data vaults
    Payment processing applications
    Electronic banking
    Exercises
    SpringBoard Animations
    Call Tapping...Kind Of
    Making Screen Shots
    Summary
    Chapter 8. Abusing the Runtime Library
    Breaking Objective-C Down
    Instance Variables
    Methods
    Method Cache
    Disassembling and Debugging
    Eavesdropping
    The Underlying Objective-C Framework
    Interfacing with Objective-C
    Malicious Code Injection
    The CodeTheft Payload
    Injection Using a Debugger
    Injection Using Dynamic Linker Attack
    Full Device Infection
    Summary
    Chapter 9. Hijacking Traffic
    APN Hijacking
    Payload Delivery
    Removal
    Simple Proxy Setup
    Attacking SSL
    SSLStrip
    Paros Proxy
    Browser Warnings
    Attacking Application-Level SSL Validation
    The SSLTheft Payload
    Hijacking Foundation HTTP Classes
    The POSTTheft Payload
    Analyzing Data
    Driftnet
    Building
    Running
    Exercises
    Summary
    Part II. Securing
    Chapter 10. Implementing Encryption
    Password Strength
    Beware Random Password Generators
    Introduction to Common Crypto
    Stateless Operations
    Stateful Encryption
    Master Key Encryption
    Geo-Encryption
    Geo-Encryption with Passphrase
    Split Server-Side Keys
    Securing Memory
    Wiping Memory
    Public Key Cryptography
    Exercises
    Chapter 11. Counter Forensics
    Secure File Wiping
    DOD 5220.22-M Wiping
    Objective-C
    Wiping SQLite Records
    Keyboard Cache
    Randomizing PIN Digits
    Application Screenshots
    Chapter 12. Securing the Runtime
    Tamper Response
    Wipe User Data
    Disable Network Access
    Report Home
    Enable Logging
    False Contacts and Kill Switches
    Process Trace Checking
    Blocking Debuggers
    Runtime Class Integrity Checks
    Validating Address Space
    Inline Functions
    Complicating Disassembly
    Optimization Flags
    Stripping
    They’re Fun! They Roll! -funroll-loops
    Exercises
    Chapter 13. Jailbreak Detection
    Sandbox Integrity Check
    Filesystem Tests
    Existence of Jailbreak Files
    Size of /etc/fstab
    Evidence of Symbolic Linking
    Page Execution Check
    Chapter 14. Next Steps
    Thinking Like an Attacker
    Other Reverse Engineering Tools
    Security Versus Code Management
    A Flexible Approach to Security
    Other Great Books
    > m o c . k o o b e w o w w w w < k o o B e ! . w o W m o r f d a o n w o D l Hacking and Securing iOS Applications Jonathan Zdziarski Beijing • Cambridge • Farnham • Köln • Sebastopol • Tokyo
    Hacking and Securing iOS Applications by Jonathan Zdziarski Copyright © 2012 Jonathan Zdziarski. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://my.safaribooksonline.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or corporate@oreilly.com. Editor: Andy Oram Production Editor: Melanie Yarbrough Cover Designer: Karen Montgomery Interior Designer: David Futato Illustrator: Robert Romano Revision History for the First Edition: 2012-01-13 First release See http://oreilly.com/catalog/errata.csp?isbn=9781449318741 for release details. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. Hacking and Securing iOS Applications, the cover image of a skunk, and related trade dress are trademarks of O’Reilly Media, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and authors assume no responsibility for errors or omissions, or for damages resulting from the use of the information con- tained herein. ISBN: 978-1-449-31874-1 [LSI] 1326485037
    Steve: The coolest cat. We loved the chase! - Hackers and tinkerers everywhere
    Table of Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Components of the iOS Security Model The Myth of a Monoculture The iOS Security Model 1. Everything You Know Is Wrong . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2 5 5 7 9 10 11 11 12 13 14 15 Storing the Key with the Lock Passcodes Equate to Weak Security Forensic Data Trumps Encryption External Data Is at Risk, Too Hijacking Traffic Trust No One, Not Even Your Application Physical Access Is Optional Summary Data Can Be Stolen...Quickly Part I. Hacking Developer Tools End User Jailbreaks Why It’s Important to Learn How to Break Into a Device Jailbreaking Explained 2. The Basics of Compromising iOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 19 20 20 23 23 25 26 26 28 29 32 34 Building Custom Code Analyzing Your Binary Testing Your Binary Daemonizing Code Jailbreaking an iPhone DFU Mode Tethered Versus Untethered Compromising Devices and Injecting Code v
    Deploying Malicious Code with a Tar Archive Deploying Malicious Code with a RAM Disk Exercises Summary 37 38 50 51 Copying the Live Filesystem The DataTheft Payload Customizing launchd Preparing the RAM disk Imaging the Filesystem Copying the Raw Filesystem Full Disk Encryption Solid State NAND Disk Encryption Where iOS Disk Encryption Has Failed You 3. Stealing the Filesystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 53 54 54 56 56 57 65 70 71 73 73 78 79 79 80 81 81 82 83 84 84 Disabled Device Decoy Deactivated Device Decoy Malware Enabled Decoy Password Engineering Application The RawTheft Payload Customizing launchd Preparing the RAM disk Imaging the Filesystem Exercises The Role of Social Engineering Summary 4. SQLite Databases Consolidated GPS Cache Forensic Trace and Data Leakage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 88 Extracting Image Geotags 89 91 91 92 93 93 93 95 97 101 103 103 105 Connecting to a Database SQLite Built-in Commands Issuing SQL Queries Important Database Files Address Book Contacts Address Book Images Google Maps Data Calendar Events Call History Email Database Notes vi | Table of Contents
    分享到:
    收藏

    相关推荐

    资料库

    移动开发

    共收录1376份资料,累计14个分类,关注成员有19位,主要包括:IOS,Symbian,webOS,WindowsPhone,小程序,Flash,BlackBerry,bada,JavaME,HTML5,iOS,Android,QT,其它

    热门标签

    IOS Symbian webOS WindowsPhone 小程序 Flash BlackBerry bada JavaME HTML5 iOS Android QT 其它

    最新资料