iPhone Rootkit? There's an App for that! - Reverse Engineering Mac ...
iPhone Rootkit? There's an App for that! - Reverse Engineering Mac ... iPhone Rootkit? There's an App for that! - Reverse Engineering Mac ...
Mach Binary Encryption (continued…)http://www.opensource.apple.com/source/xnu/xnu-1228.9.59/osfmk/kern/page_decrypt.hhttp://www.opensource.apple.com/source/xnu/xnu-1228.9.59/osfmk/kern/page_decrypt.cCopyright Trustwave 2010
What’s your point?For starters… text encryption is an OS X feature also!MySnowLeopardMac$ nm /mach_kernel |grep text_crypterffffff8000623410 D _text_crypter_createffffff800027cdac T _text_crypter_create_hook_setWill we see this used for the Mac App store?Not the same thing as DSMOS ("Don't Steal Mac OS X”) binaryprotection but bears some resemblance to it:http://www.osxbook.com/book/bonus/chapter7/binaryprotection/All I’ll say is beyond that is “ongoing research”Anybody knows more about this stuff, I’d like to buy you some beers.(extra beers if you are under an Apple NDA and “shouldn’t” talk about it!)Copyright Trustwave 2010
- Page 5 and 6: iPhone/iOS Security Overview
- Page 7 and 8: Architecture OverviewApplications P
- Page 9 and 10: Application SecurityCode signing•
- Page 11 and 12: Jailbreaking Overview
- Page 13 and 14: Jailbreakme.com A Thing to Behold
- Page 15 and 16: What it looks likeVisit h'p://jailb
- Page 17 and 18: Weaponizing
- Page 19 and 20: Patch PlanReversing the installui.d
- Page 21 and 22: My “Big Fat Rootkit”… so farC
- Page 23 and 24: Set-upA vanilla un-jailbroken iPhon
- Page 25 and 26: Hardware: Mic and AudioAudio record
- Page 27 and 28: Dumping Process DataSeveral interes
- Page 29 and 30: Targeting iOS ApplicationsiOS isn
- Page 31 and 32: Demo App Backdoor
- Page 33 and 34: Binary Reversing Prep (continued…
- Page 35 and 36: No More SecretsHint: find the LC
- Page 37: Mach Binary Encryption (continued
- Page 41 and 42: Objective-C Method HookingIt’s ca
- Page 43 and 44: Objective-C Method Hook ExampleLets
- Page 45 and 46: Injecting Our LibraryConventionally
- Page 47 and 48: ConclusionsLots of security researc
- Page 49 and 50: Reversing Redux: The Binary “star
- Page 51 and 52: … continued: eggMalformed Times-
- Page 53 and 54: class-dump on installui.dylib (aka
What’s your point?For starters… text encryption is <strong>an</strong> OS X feature also!MySnowLeopard<strong>Mac</strong>$ nm /mach_kernel |grep text_crypterffffff8000623410 D _text_crypter_createffffff800027cdac T _text_crypter_create_hook_setWill we see this used <strong>for</strong> the <strong>Mac</strong> <strong>App</strong> store?Not the same thing as DSMOS ("Don't Steal <strong>Mac</strong> OS X”) binaryprotection but bears some resembl<strong>an</strong>ce to it:http://www.osxbook.com/book/bonus/chapter7/binaryprotection/All I’ll say is beyond <strong>that</strong> is “ongoing research”Anybody knows more about this stuff, I’d like to buy you some beers.(extra beers if you are under <strong>an</strong> <strong>App</strong>le NDA <strong>an</strong>d “shouldn’t” talk about it!)Copyright Trustwave 2010