iPhone Rootkit? There's an App for that! - Reverse Engineering Mac ...

12.07.2015 Views
Still Curious About Apple’s Binary Encryption?So was ITIP: Encryption code portions are in the open XNU sourcehttp://opensource.apple.com/source/xnu/xnu-1228.9.59/bsd/kern/mach_loader.cCode responsible for parsing mach-headers on loading mach or FAT binariesCopyright Trustwave 2010

Mach Binary Encryption (continued…)h

Page 5 and 6: iPhone/iOS Security Overview

Page 7 and 8: Architecture OverviewApplications P

Page 9 and 10: Application SecurityCode signing•

Page 11 and 12: Jailbreaking Overview

Page 13 and 14: Jailbreakme.com A Thing to Behold

Page 15 and 16: What it looks likeVisit h'p://jailb

Page 17 and 18: Weaponizing

Page 19 and 20: Patch PlanReversing the installui.d

Page 21 and 22: My “Big Fat Rootkit”… so farC

Page 23 and 24: Set-upA vanilla un-jailbroken iPhon

Page 25 and 26: Hardware: Mic and AudioAudio record

Page 27 and 28: Dumping Process DataSeveral interes

Page 29 and 30: Targeting iOS ApplicationsiOS isn

Page 31 and 32: Demo App Backdoor

Page 33 and 34: Binary Reversing Prep (continued…

Page 35: No More SecretsHint: find the LC

Page 39 and 40: What’s your point?For starters…

Page 41 and 42: Objective-C Method HookingIt’s ca

Page 43 and 44: Objective-C Method Hook ExampleLets

Page 45 and 46: Injecting Our LibraryConventionally

Page 47 and 48: ConclusionsLots of security researc

Page 49 and 50: Reversing Redux: The Binary “star

Page 51 and 52: … continued: eggMalformed Times-

Page 53 and 54: class-dump on installui.dylib (aka

iPhone Rootkit? There's an App for that! - Reverse Engineering Mac ...

iPhone Rootkit? There's an App for that! - Reverse Engineering Mac ... ... View more iPhone Rootkit? There's an App for that! - Reverse Engineering Mac ...

Delete template?

Save as template ?

iPhone Rootkit? There's an App for that! - Reverse Engineering Mac ... iPhone Rootkit? There's an App for that! - Reverse Engineering Mac ...