Topics
Day 1
Introduction to iOS Security
Welcome to iOS
What makes mobile security so different?
OWASP Top 10 Mobile
What is iOS?
iOS Device Architecture
iOS Security Model
iOS File System isolation
Application Sandbox
The iOS Pen-Testing Environment
Lab Setup overview
Device Setup
Jailbreaking iOS
Cydia Installations
Laptop Installation
AppSec Labs iNalyzer
Application Static Analysis
The need for Static Analysis
Sources for Static Analysis
The IPA file package
IPA file deployment on device
IPA manual file installation
The CodeResources file
Anti tampering configuration
Tampering with IPA Content
Investigating the Application contents – View Controllers
Investigating Info.plist file
Listing all CFUR types on a device
Investigating Binary – URI Strings
Investigating Binary – Parameters usage
Investigating Binary – Encryption
iOS Binary Application Structure
Encryption
Decrypting Binary – concept
Static analysis of a decrypted Binary
Investigating binary content
Reversing Interfaces
Using iNalyzer for static analysis
Day 2
Application Storage Analysis
Application Storage Analysis
File System access security
File System Data Protection Class
File System access
Application storages
Property list files (.plist)
Tampering with Property list files (.plist)
Investigating Plist files – plutil.
Database files (.db/.sqlite)
Snapshots Storage
Persistent Cookies
Investigating Logs
Keyboard Cache
Cryptographic failures
Keychain access
iNalyzer Storage Snapshot
Traffic Manipulation
Traffic Analysis and Manipulation
Common architecture
Bad Session Management
Phone identifiers used in authentication
Credentials leakage
Client information sent to advertisement/analytics server
Server side vulnerabilities
Sniffing Traffic
Traffic interception
SSL obstacles
Importing SSL certificates & trusted CA’s
Bypassing server certificate validations
Day 3
Temporary Runtime Manipulation
Temporary Runtime Manipulation
Why do we need temporary runtime manipulation?
Temporary runtime manipulation tools
Objective C class interposing
Runtime manipulation with Cycript
Cycript: as a Tampering tool
Runtime manipulation with iNalyzer Dashboard
Persistent Runtime Manipulation
Persistent Runtime Manipulation
Means of persistent manipulation
Persistent runtime manipulation technique
Persistent runtime manipulation – backstage
Persistent runtime manipulation frameworks
Theos Injection Framework
iNalyzer header dump
iNalyzer class dump reference
Reversing iOS Binary
IDA Pro
Remote debugging with GDB