ios dynamic library code injection - 23 nov 2016

Image from http://dyci.github.io/ iOS Dynamic Library Injection - Kenneth Poon

Upload: kenneth-poon

Post on 14-Jan-2017

324 views

Category:

Software

2 download

Report

Download

Embed Size (px):

TRANSCRIPT

Page 1: iOS Dynamic Library Code Injection - 23 Nov 2016

Image from http://dyci.github.io/

iOS Dynamic Library Injection

- Kenneth Poon

Page 2: iOS Dynamic Library Code Injection - 23 Nov 2016

•Technical Lead iOS Engineer @ PropertyGuru •Agile, Xtreme Programming, Tests •XCUITest+Gherkin (July 2016)

Page 3: iOS Dynamic Library Code Injection - 23 Nov 2016

Agenda

• Short story of me engaging in PokemonGo

• Game plan for creating iOS Mod Apps

• Demo of Code Injection

Page 4: iOS Dynamic Library Code Injection - 23 Nov 2016

Trying to beat the game

6 Aug 2016

- 9 am Discovered PokemonGo is live

- 12 pm Started Location Spoofing

A Week Later

- Built my own location spoof Mac App

- Integration Go Radar Api

- Requires Direct XCode-Device Wired Connection

Page 5: iOS Dynamic Library Code Injection - 23 Nov 2016

Trying to beat the game

Page 6: iOS Dynamic Library Code Injection - 23 Nov 2016

How to install this PokemonGo Mod?

http://pokemongohacks.me/

Page 7: iOS Dynamic Library Code Injection - 23 Nov 2016

How to install this PokemonGo Mod?

Mod Ipa

Cydia Impactor

• Cydia Impactor is a tool that resigns and install apps onto devices

• Works with non-jailbroken devices

• Downloadable at http://www.cydiaimpactor.com/

Apple Dev Account

Non-JB

Page 8: iOS Dynamic Library Code Injection - 23 Nov 2016

How to install this PokemonGo Mod?

DEMO

Page 9: iOS Dynamic Library Code Injection - 23 Nov 2016

Hmmm Whats That?

Page 10: iOS Dynamic Library Code Injection - 23 Nov 2016

Concepts - Code Injection

Investigative To Introduce Behaviour Change

• Code Injection Attacks Examples- SQL Injection / XML Injection- HTML Script / Command Injection

Page 11: iOS Dynamic Library Code Injection - 23 Nov 2016

Concepts - Dynamic Library / Binary

• XCode compiles Apps statically • Highlights Compilation Errors for codes in project that

cannot be statically linked • During Build Phase, Xcode links project with external

binaries and perform necessary checks. • However at packaging phase, Xcode does not

guarantee all dependencies will be available during run time

dyld: Library not loaded: @rpath/libswift_stdlib_core.dylib

Page 12: iOS Dynamic Library Code Injection - 23 Nov 2016

Concepts - Dynamic Library / Binary

Page 13: iOS Dynamic Library Code Injection - 23 Nov 2016

Concepts - Dynamic Library / Binary• Static Library - a unit of code linked at compile time.

[Cant use this]

• Dynamic library - a unit of code and/or assets linked at runtime that may change [We can use this]

• Load Dylib command needs to be executed on the .ipa package before the final package/signing of the app

Page 14: iOS Dynamic Library Code Injection - 23 Nov 2016

Non-JB

Game plan for creating iOS Mod Apps

Cydia Impactor

Apple Dev Account

Original Ipa

Custom Dylib

Patched Ipa

Patched Ipa+ Patching

You may need to download cracked from 3rd Party content providers like www.iphonecake.com

http://www.iphonecake.com

Page 15: iOS Dynamic Library Code Injection - 23 Nov 2016

Dynamic Library Injection

DEMO

https://github.com/depoon/iOSDylibInjectionDemo

Occupancy Sensor Switch MODEL: IOS-DSIMF/IOS-DPBIMF

SPICA Fuel Injection Roadside Fault Analysis and Repair1 Ver 1, Nov 2004 SPICA Fuel Injection Roadside Fault Analysis and Repair This guide is intended to aid the owner-mechanic in

Cisco Unified Communications Manager and Cisco IOS … · About Cisco IOS and Cisco IOS XE Software Documentation Documentation Organization iv Cisco IOS Documentation Set Cisco IOS

Web Security: Injection Attacksinst.eecs.berkeley.edu/~cs161/fa16/slides/11.8.web_inj.pdf · Web Security: Injection Attacks CS 161: Computer Security Prof. Raluca Ada Popa Nov 3,

Laufzeitanalyse & Manipulation von Apple iOS Apps · 2020-01-17 · Dynamic Library Injection Nachladen einer Bibliothek [2] über die ... # cycript -p ... OWASP Web Application

site.judbrasov.ro · apmsed mppap as soŒ1 ap .10)uaaua a!ios/ios as.ms tup a!ios/ios 00.1011 ap auk) us.uns a!ios/ios • 79 ti!P '9 a!ios/ios a!ios/ios ti!P a!ios/ios .101!.munq

Subsea Water Treatment Comes of Age europe nov 2011...SUBSEA WATER INTAKE & TREATMENT How Important is Water Injection? •The «Age of Easy oil» is over •Injection of seawater

Upgrading Field-Programmable Hardware Devices for Cisco ...Nov 13, 2014 · Use the Cisco Feature Navigator to find information about platform support and Cisco IOS and Cisco IOS

IOS-N-xx-OF / IOS-N-xx-NO

Dependency Injection в iOS

Cisco Router IOS M Clements. 20-Jan-16 IOS Version - choice and deployment 2 This week …… Cisco IOS versions IOS Features Choosing an IOS IOS upgrade

CHAPTER 2 THEORITICAL FOUNDATION 2.1. Tourismlibrary.binus.ac.id/eColls/eThesisdoc/Bab2/bab 2_2014...iPad iPad 2 iPad 3 iPad 4 iPad Air iOS iOS 3,2 iOS 4,3 iOS 5,1 iOS 6 iOS 7 Screen

Seminário PHP Injection/ SQL Injection

iOS Human Interface Guidlines for iOS-Platforms

With Micronaut on iOS & Android...WITH MICRONAUT ON IOS & ANDROID NEVERNULL • Overview & Deep Dive: Dependency Injection systems for mobile Java • How Java Forum app applies DI

Designing for Plastics: Optimizing Your Injection … · ... Optimizing Your Injection ... Injection Molding Process and Rapid Injection Molding. Injection Molding Process Plastic

SPICA Fuel Injection Roadside Fault Analysis and …...1 Ver 1, Nov 2004 SPICA Fuel Injection Roadside Fault Analysis and Repair This guide is intended to aid the owner-mechanic in

Adapting iOS 8 in iOS 7 Apps

Web Application Security Course TOC€¦ · Injection Aacks Web Script Injection SMTP Injection SQL Injection LDAP Injection XPath Injection Command Injection Aack Web Application

Dependency Injection in iOS

iOS Interview Questions With Answers - WaY 2 iOS

Mobile Bialystok #5 Dependency Injection iOS @Michał Karpowicz

Force workshop 6-7 Nov 2013 Competence... · Force workshop 6-7 Nov 2013. ... pressure maintenance 80 %RF CIPR ... Water or Gas injection 40 to 50% Water injection 20 to 30% Water

ap ecu.10N ap ê!SUOd ap fnqo TdO'O oo,10U ap esa.tpe 'atunN esans a!ios/ios as.ms !1d0D • £ 'L a!ios/ios . CL V aubu a!ios/ios ugp 9 alios/ios • CS

Injectables... · Meloxicam Paracetamol Injection Meloxicam Powder 20mg Injection ... Paracetamol 150mg with DMSO Injection Nitroxinil Injection 34% Norfloxacin 10% Injection Ofloxacin

introduction of ios development , iOS Classes Ahmedabad , iOS Training Ahmedabad

Prototyping iOS Apps – Tom Bowden – Nov 2015 – Eventacular Inc

Continuous Integration for iOS (iOS User Group Berlin)

iOS 6 vs iOS 7- what's the difference?

Harm Reduction & Human Rights - Global Response to Injection-Driven HIV Epidemics: Nov. 2008

Installation & User Manual - TECNO-GAZ industriesEzSensor HD(HI) IOS-U20VF U2… · Installation & User Manual (IOS-U20VF, IOS-U15VF, IOS-U10VF, IOS-U20IF, ... Consists of a special

· + Paracetamol 150mg with DMSO injection Flunixin Meg umine 83.3% Injection Dexamethasone Sodium phosphate Injection Levoto Injection Vet-erocin Injection Vetmol D injection Dicyciomine

IOS LIFESTYLE 88 - Oct/Nov 2014

MACTANS:INJECTINGMALWAREINTO … Resources... · 2013. 8. 8. · 5" " 4." IOS"MALWARE"INJECTION"ATTACK" Using the observations described in the previous section, we chained together

Subsea Water Treatment and Injection – tailored water ... · Torbjørn Hegdal Business Development Manager NOV Completion & Production Solutions Subsea Water Treatment and Injection