zacon2 - iphone hackery - ross simpson
DESCRIPTION
Talk given at ZaCon2 on "iPhone Hackery" by Ross Simpson Date: 9 October 2010 Location: Johannesburg , South Africa Link to video: http://www.youtube.com/watch?v=Arr2Xs7w4HMTRANSCRIPT
The iPhone Jailbreak
The iPhone Jailbreak
What?
breaking out of the sandbox (Apple's restrictions)
The iPhone Jailbreak
Why?
* 3rd party apps (Cydia)
* full access to filesystem (r00t access)
* 3G tethering
* change default behaviour of system software
The iPhone Jailbreak
How?
* download an application, for your OS version
* use http://www.JailbreakMe.com (PDF exploit)
The iPhone Jailbreak
r00t!
passwords for “root” and “mobile”user accounts are “alpine”...
Change them!
(mobile terminal)
iPhone and WiFi
iPhone and WiFi
eWiFi
* free (in Cydia)
* displays encryption methods on home screen
iPhone and WiFi
eWiFi
* free (in Cydia)
* displays encryption methods on home screen
* easy “auto scan” (time/shake)
iPhone and WiFi
WiFiFoFum
* free (in Cydia)
* no encryption methods on home screen :(
iPhone and WiFi
WiFiFoFum
* free (in Cydia)
* no encryption methods on home screen :(
* displays community-contributed (public) APs
iPhone and WiFi
WiFiFoFum
* free (in Cydia)
* no encryption methods on home screen :(
* displays community-contributed (public) APs
* radar to display locations of APs
iPhone and WiFi
WiFiFoFum
* free (in Cydia)
* no encryption methods on home screen :(
* displays community-contributed (public) APs
* radar to display locations of APs
Packet Capturing
Packet Capturing
tcpdump
* free (in Cydia)
* packet analyzer
* http://www.tcpdump.org
Packet Capturing
Pirni
* free (in Cydia)
* iPhone network sniffer
* console based
Packet Capturing
Pirni Pro
* $1.99 (in Cydia)
* GUI based
* auto detects gateway
Packet Capturing
Pirni Pro
* free (in Cydia)
* GUI based
* auto detects gateway
* RegEX searching
Man In The Middle Attacks
Man-in-the-Middle attacks
* easily scriptable
* awk+sed+grep = cookies
Pirni + bash
Man-in-the-Middle attacks
* easily scriptable
* awk+sed+grep = cookies
* inject into mobile Safari
* easily scriptable
* awk+sed+grep = cookies
* inject into mobile Safari
Pirni + bash
Packet Capturing
* easily scriptable
* awk+sed+grep = cookies
* inject into mobile Safari
* Profit!
Pirni + bash
Packet Capturing
pirni-derv
* http://code.google.com/p/pirni-derv/
* console based
* sniffs for, and auto-injects, cookies
Packet Capturing
pirni-derv
* http://code.google.com/p/pirni-derv/
* console based
* sniffs for, and auto-injects, cookies
* displays and logs rawtext passwords
Penetration Testing
Penetration Testing
nmap
* free (in Cydia)
* network scanner
Penetration Testing
metasploit
* free (in Cydia)
* requires Ruby 1.8.6 (Cydia installs 1.9)
Penetration Testing
S.E.T
* install APT 0.7 Strict (Cydia)
* manually install python
* manually install subversion
* svn check out SET
* agree to install “soup”
Penetration Testing
nikto
* manually install perl (http://coredev.nl)
* manually install nikto (http://cirt.net/nikto2)
Penetration Testing
aircrack-ng
* download + unzip binaries
* lots of broken links/zips
* broken version in Cydia
* no packet capturing
* only cracking
Penetration Testing
PenTBox
* free (in Cydia)
* http://www.pentbox.net/
Penetration Testing
THC-Hydra
* free (in Cydia)
* network login hacker
Other l33t stuff
Other l33t stuff
TV Out
* free (in Cydia)
* lets you connect your iPhone to a TV
* works with un-official TV Out cables
* multiple output modes / controls (eg: size)
Other l33t stuff
Veency
* free (in Cydia)
* VNC server for iPhone
Other l33t stuff
MyWi
* costs $19.99 (in Cydia)
* create an Access Point, sharing 3G (wifi/usb)
* transmit power settings (saves battery / security)
* bypass service provider fees
Other l33t stuff
Fake location
* free (in Cydia)
* fakes your location in selected apps
* choose your location on a map
Other l33t stuff
Fake location
* free (in Cydia)
* fakes your location in selected apps
* choose your location on a map
* steal Foursquare mayorships ;)
* social engineering (Twitter / Facebook Places)