2010 za con_ross_simpson
TRANSCRIPT
The iPhone Jailbreak
The iPhone Jailbreak
What?
breaking out of the sandbox (Apple's restrictions)
The iPhone Jailbreak
Why?
* 3rd party apps (Cydia)
* full access to filesystem (r00t access)
* 3G tethering
* change default behaviour of system software
The iPhone Jailbreak
How?
* download an application, for your OS version
* use http://www.JailbreakMe.com (PDF exploit)
The iPhone Jailbreak
r00t!
passwords for “root” and “mobile” user accounts are “alpine”...
Change them!
(mobile terminal)
iPhone and WiFi
iPhone and WiFi
eWiFi
* free (in Cydia)
* displays encryption methods on home screen
iPhone and WiFi
eWiFi
* free (in Cydia)
* displays encryption methods on home screen
* easy “auto scan” (time/shake)
iPhone and WiFi
WiFiFoFum
* free (in Cydia)
* no encryption methods on home screen :(
iPhone and WiFi
WiFiFoFum
* free (in Cydia)
* no encryption methods on home screen :(
* displays community-contributed (public) APs
iPhone and WiFi
WiFiFoFum
* free (in Cydia)
* no encryption methods on home screen :(
* displays community-contributed (public) APs
* radar to display locations of APs
iPhone and WiFi
WiFiFoFum
* free (in Cydia)
* no encryption methods on home screen :(
* displays community-contributed (public) APs
* radar to display locations of APs
Packet Capturing
Packet Capturing
tcpdump * free (in Cydia)
* packet analyzer
* http://www.tcpdump.org
Packet Capturing
Pirni * free (in Cydia)
* iPhone network sniffer
* console based
Packet Capturing
Pirni Pro
* $1.99 (in Cydia)
* GUI based
* auto detects gateway
Packet Capturing
Pirni Pro
* free (in Cydia)
* GUI based
* auto detects gateway
* RegEX searching
Man In The Middle Attacks
Man-in-the-Middle attacks
* easily scriptable
* awk+sed+grep = cookies
Pirni + bash
Man-in-the-Middle attacks
* easily scriptable
* awk+sed+grep = cookies
* inject into mobile Safari
* easily scriptable
* awk+sed+grep = cookies
* inject into mobile Safari
Pirni + bash
Packet Capturing
* easily scriptable
* awk+sed+grep = cookies
* inject into mobile Safari
* Profit!
Pirni + bash
Packet Capturing
pirni-derv
* http://code.google.com/p/pirni-derv/
* console based
* sniffs for, and auto-injects, cookies
Packet Capturing
pirni-derv
* http://code.google.com/p/pirni-derv/
* console based
* sniffs for, and auto-injects, cookies
* displays and logs rawtext passwords
Penetration Testing
Penetration Testing
nmap
* free (in Cydia)
* network scanner
Penetration Testing
metasploit * free (in Cydia)
* requires Ruby 1.8.6 (Cydia installs 1.9)
Penetration Testing
S.E.T * install APT 0.7 Strict (Cydia)
* manually install python
* manually install subversion
* svn check out SET
* agree to install “soup”
Penetration Testing
nikto * manually install perl (http://coredev.nl)
* manually install nikto (http://cirt.net/nikto2)
Penetration Testing
aircrack-ng * download + unzip binaries
* lots of broken links/zips
* broken version in Cydia
* no packet capturing
* only cracking
Penetration Testing
PenTBox * free (in Cydia)
* http://www.pentbox.net/
Penetration Testing
THC-Hydra * free (in Cydia)
* network login hacker
Other l33t stuff
Other l33t stuff
TV Out
* free (in Cydia)
* lets you connect your iPhone to a TV
* works with un-official TV Out cables
* multiple output modes / controls (eg: size)
Other l33t stuff
Veency * free (in Cydia)
* VNC server for iPhone
Other l33t stuff
MyWi
* costs $19.99 (in Cydia)
* create an Access Point, sharing 3G (wifi/usb)
* transmit power settings (saves battery / security)
* bypass service provider fees
Other l33t stuff
Fake location
* free (in Cydia)
* fakes your location in selected apps
* choose your location on a map
Other l33t stuff
Fake location
* free (in Cydia)
* fakes your location in selected apps
* choose your location on a map
* steal Foursquare mayorships ;)
* social engineering (Twitter / Facebook Places)