automated embedding of dynamic libraries into ios
play

Automated embedding of dynamic libraries into iOS applications from - PowerPoint PPT Presentation

Nov 02, 2022 •308 likes •676 views

Automated embedding of dynamic libraries into iOS applications from GNU/Linux Marwin Baumann 1 & Leandro Velasco 1 1 Systems and Network Engineering MSc. University of Amsterdam Research Project 2, 2017 Marwin Baumann & Leandro Velasco

  1. Automated embedding of dynamic libraries into iOS applications from GNU/Linux Marwin Baumann 1 & Leandro Velasco 1 1 Systems and Network Engineering MSc. University of Amsterdam Research Project 2, 2017 Marwin Baumann & Leandro Velasco Research Project 2, 2017 1 / 20

  2. Introduction Dynamic library embedding: Deploy debugging mechanisms Monitor the invocation of functions Tracking how data is propagated through the application Modify the behavior of Apps (on non-jailbroken devices) Marwin Baumann & Leandro Velasco Research Project 2, 2017 2 / 20

  3. Introduction Dynamic library embedding: Deploy debugging mechanisms Monitor the invocation of functions Tracking how data is propagated through the application Modify the behavior of Apps (on non-jailbroken devices) Common Use-case: Frida Instrumentation Marwin Baumann & Leandro Velasco Research Project 2, 2017 2 / 20

  4. Introduction Problem: Only on MacOS MacOS in Virtual Machine not legal [1] Cumbersome process Marwin Baumann & Leandro Velasco Research Project 2, 2017 3 / 20

  5. Introduction Problem: Only on MacOS MacOS in Virtual Machine not legal [1] Cumbersome process Motivation: More apps released every day [2] Increase in need for mobile app security assessments Need for automation and free publicly available tools Marwin Baumann & Leandro Velasco Research Project 2, 2017 3 / 20

  6. Procedure Overview Marwin Baumann & Leandro Velasco Research Project 2, 2017 4 / 20

  7. Research Question Is it possible from GNU/Linux to automate the process of embedding dynamic libraries into iOS applications? Marwin Baumann & Leandro Velasco Research Project 2, 2017 5 / 20

  8. Methodology Study procedure internals: Analyze iOS application format Analyze internals of dynamic library embedding Investigate Xcode signing procedure Implement procedure in GNU/Linux: Explore tools already ported Write/port new tools Marwin Baumann & Leandro Velasco Research Project 2, 2017 6 / 20

  9. Procedure Overview Marwin Baumann & Leandro Velasco Research Project 2, 2017 6 / 20

  10. iOS App Store Package (.ipa) Marwin Baumann & Leandro Velasco Research Project 2, 2017 7 / 20

  11. Application Acquisition Pre iOS 9: Get IPA from backup iOS 9 and later: iTunes redownload (Fairplay) Clutch Marwin Baumann & Leandro Velasco Research Project 2, 2017 8 / 20

  12. Application Acquisition Pre iOS 9: Get IPA from backup iOS 9 and later: iTunes redownload (Fairplay) Clutch Requirements Clutch: Jailbroken iDevice running iOS 9+ Marwin Baumann & Leandro Velasco Research Project 2, 2017 8 / 20

  13. Procedure Overview Marwin Baumann & Leandro Velasco Research Project 2, 2017 8 / 20

  14. iOS App Store Package (.ipa) Marwin Baumann & Leandro Velasco Research Project 2, 2017 9 / 20

  15. Mach-O File Format Header Identifier Architecture Number of load commands Size of load commands ... Load Command region Layout and linkage properties Data region Data stored in segments which contain sections Marwin Baumann & Leandro Velasco Research Project 2, 2017 10 / 20

  16. Mach-O File Format Header Identifier Architecture Number of load commands Size of load commands ... Load Command region Inserting a LC_LOAD_DYLIB command Data region Data stored in segments which contain sections Marwin Baumann & Leandro Velasco Research Project 2, 2017 10 / 20

  17. Executable Modification Open Source Tools (all MacOS): Node_applesign Optool Insert_dylib Marwin Baumann & Leandro Velasco Research Project 2, 2017 11 / 20

  18. Executable Modification Open Source Tools (all MacOS): Node_applesign Optool Insert_dylib Port Insert_dylib to GNU/Linux: Mach-O headers are Open Sourced by Apple Header files from hogliux/cctools project used Changed code to avoid usage of copyfile.h Marwin Baumann & Leandro Velasco Research Project 2, 2017 11 / 20

  19. Procedure Overview Marwin Baumann & Leandro Velasco Research Project 2, 2017 11 / 20

  20. Application Signing - Background Mandatory Code Signing Integrity of the code Identify code source (developer / signer) For Apps not signed by Apple, Mobile Provisioning is needed Marwin Baumann & Leandro Velasco Research Project 2, 2017 12 / 20

  21. Application Signing - Background Mandatory Code Signing Integrity of the code Identify code source (developer / signer) For Apps not signed by Apple, Mobile Provisioning is needed Mobile Provisioning Free Apple Account Individual Developer Account Enterprise Developer Account Marwin Baumann & Leandro Velasco Research Project 2, 2017 12 / 20

  22. Application Signing - Procedure Resources files : Signature stored in the file _CodeSignature/CodeResources Mach-o files : Signature stored in the file via LC_CODE_SIGNATURE load command Marwin Baumann & Leandro Velasco Research Project 2, 2017 13 / 20

  23. Application Signing - Software iSign Jtool Only signs mach-o files Signs complete IPA or app bundle Does not include Code Requirements in signature Experimental branch needed to sign binaries from scratch Close Source Open Source Marwin Baumann & Leandro Velasco Research Project 2, 2017 14 / 20

  24. Application Signing - Software iSign Jtool Only signs mach-o files Signs complete IPA or app bundle Does not include Code Requirements in signature Experimental branch needed to sign binaries from scratch Close Source Open Source Marwin Baumann & Leandro Velasco Research Project 2, 2017 14 / 20

  25. Procedure Overview Marwin Baumann & Leandro Velasco Research Project 2, 2017 14 / 20

  26. Application Deploying - Background Marwin Baumann & Leandro Velasco Research Project 2, 2017 15 / 20

  27. Application Deploying - GNU/Linux Marwin Baumann & Leandro Velasco Research Project 2, 2017 15 / 20

  28. Application Deploying - Software Cydia Impactor iDeviceinstaller Signs & Install IPA’s Libmobiledevice Utility Close Source Open Source GUI tool Command line tool Entitlements do not allow app debugging Marwin Baumann & Leandro Velasco Research Project 2, 2017 16 / 20

  29. Application Deploying - Software Cydia Impactor iDeviceinstaller Signs & Install IPA’s Libmobiledevice Utility Close Source Open Source GUI tool Command line tool Entitlements do not allow app debugging Marwin Baumann & Leandro Velasco Research Project 2, 2017 16 / 20

  30. Automation Marwin Baumann & Leandro Velasco Research Project 2, 2017 17 / 20

  31. Roadmap Application acquisition : Clutch usage could be automated ⇒ little value added Provision profile generation : Free Apple account ⇒ automation possible, but requires deep analysis of Xcode / Cydia Paid Apple Developer account ⇒ automation possible with Fastlane/Spaceship Marwin Baumann & Leandro Velasco Research Project 2, 2017 18 / 20

  32. Conclusion / Discussion It is possible to automate the embedding process in GNU/Linux using a paid Developer Account, however: Marwin Baumann & Leandro Velasco Research Project 2, 2017 19 / 20

  33. Conclusion / Discussion It is possible to automate the embedding process in GNU/Linux using a paid Developer Account, however: For free Apple accounts, Xcode access is needed once per week to renew the provisioning profile For IPA acquisition jailbroken device needed Marwin Baumann & Leandro Velasco Research Project 2, 2017 19 / 20

  34. Conclusion / Discussion It is possible to automate the embedding process in GNU/Linux using a paid Developer Account, however: For free Apple accounts, Xcode access is needed once per week to renew the provisioning profile For IPA acquisition jailbroken device needed iInject is still a proof of concept iInject was tested against iOS 10.2.1 and iOS 10.3.2 (non-jailbroken) iInject was tested against 9 diferent IPA’s Marwin Baumann & Leandro Velasco Research Project 2, 2017 19 / 20

  35. Questions? Try it out yourself: https://github.com/LeanVel/iInject Marwin Baumann & Leandro Velasco Research Project 2, 2017 20 / 20

  36. Bibliography Apple Support Community. Macintosh virtual machine hosted by Windows. https://discussions.apple.com/thread/5785112?tstart=0 , 2014. [Online; accessed 8-June-2017]. Android Open Source Project. Android Security 2015 Year In Review. https://source.android.com/security/reports/Google_ Android_Security_2015_Report_Final.pdf , 2016. [Online; accessed 7-June-2017]. Marwin Baumann & Leandro Velasco Research Project 2, 2017 20 / 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Planarity Embedding Embedding For a given graph G = ( V , E ) , an embedding (into R 2 ) assigns

Planarity Embedding Embedding For a given graph G = ( V , E ) , an embedding (into R 2 ) assigns

Planarity Embedding Embedding For a given graph G = ( V , E ) , an embedding (into R 2 ) assigns each vertex a coordinate and each edge a (not necessarily straight) line connecting the corresponding coordinates. 0 1 3 4 1 1 0 2 5 2 5

754 views • 18 slides
Graph Drawing Embedding Embedding For a given graph G = ( V , E ) , an embedding (into R 2 )

Graph Drawing Embedding Embedding For a given graph G = ( V , E ) , an embedding (into R 2 )

Graph Drawing Embedding Embedding For a given graph G = ( V , E ) , an embedding (into R 2 ) assigns each vertex a coordinate and each edge a (not necessarily straight) line connecting the corresponding coordinates. 0 1 3 4 1 1 0 2 5 2

541 views • 18 slides
A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion: PC, Mobile, and Web

A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion: PC, Mobile, and Web

A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion: PC, Mobile, and Web Alexei Bulazel & Blent Yener River Loop Security Rensselaer Polytechnic Institute (RPI) Introduction Automated dynamic malware analysis is

684 views • 33 slides
CS 241: Systems Programming Lecture 30. Dynamic Libraries Fall 2019 Prof. Stephen Checkoway 1

CS 241: Systems Programming Lecture 30. Dynamic Libraries Fall 2019 Prof. Stephen Checkoway 1

CS 241: Systems Programming Lecture 30. Dynamic Libraries Fall 2019 Prof. Stephen Checkoway 1 Announcements No class on Friday No o ffi ce hours Thursday or Friday of this week 2 Last time Static libraries (or archives) are a way of bundling

490 views • 18 slides
Speeding Up Thread-Local Storage Access from Dynamic Libraries Alexandre Oliva

Speeding Up Thread-Local Storage Access from Dynamic Libraries Alexandre Oliva

Speeding Up Thread-Local Storage Access from Dynamic Libraries Alexandre Oliva http://www.lsd.ic.unicamp.br/ oliva/ aoliva@redhat.com oliva@lsd.ic.unicamp.br Red Hat University of Campinas March, 2008 Summary TLS?!? Dynamic

607 views • 21 slides
Predicting Dynamic Embedding Trajectory in Temporal Interaction Networks Xikun Zhang Jure

Predicting Dynamic Embedding Trajectory in Temporal Interaction Networks Xikun Zhang Jure

Predicting Dynamic Embedding Trajectory in Temporal Interaction Networks Xikun Zhang Jure Leskovec Srijan Kumar Stanford University Stanford University UIUC Georgia Institute of Technology Code and Data: https://snap.stanford.edu/jodie 1

831 views • 25 slides
Libraries In C++ its possible to create static libraries and shared libraries Static

Libraries In C++ its possible to create static libraries and shared libraries Static

Libraries In C++ its possible to create static libraries and shared libraries Static libraries (end in .a) are combined/linked into an executable Executables are large. If library is updated in a binary compatible way, programs

297 views • 8 slides
Dynamic Embedding on Textual Networks via a Gaussian Process Presenter : Pengyu Cheng Joint work

Dynamic Embedding on Textual Networks via a Gaussian Process Presenter : Pengyu Cheng Joint work

Dynamic Embedding on Textual Networks via a Gaussian Process Presenter : Pengyu Cheng Joint work with : Yitong Li, Xinyuan Zhang, Liqun Chen, David Carlson, Lawrence Carin Duke University Textual Networks Networks with textual information as

526 views • 15 slides
Greedy embedding of a graph Greedy embedding of a graph 99 Greedy embedding Greedy embedding

Greedy embedding of a graph Greedy embedding of a graph 99 Greedy embedding Greedy embedding

Given a graph, find an embedding s.t. greedy routing works Greedy embedding of a graph Greedy embedding of a graph 99 Greedy embedding Greedy embedding Given a graph G, find an embedding of the vertices in R d , s.t. for each pair of

361 views • 23 slides
Finding and proving new geometry theorems in regular polygons with dynamic geometry and automated

Finding and proving new geometry theorems in regular polygons with dynamic geometry and automated

Finding and proving new geometry theorems in regular polygons with dynamic geometry and automated reasoning tools Zolt an Kov acs The Private University College of Education of the Diocese of Linz CICM Hagenberg, Calculemus August 16,

730 views • 68 slides
Software components software re-use libraries, etc. inter-language linkage the

Software components software re-use libraries, etc. inter-language linkage the

Software components software re-use libraries, etc. inter-language linkage the Microsoft way COM: the Component Object Model Visual Basic: scripting, embedding, viruses .NET C# other approaches to components

442 views • 5 slides
Automated capability analysis in Wordpress plugins Using static and dynamic analysis SNE RP2

Automated capability analysis in Wordpress plugins Using static and dynamic analysis SNE RP2

Automated capability analysis in Wordpress plugins Using static and dynamic analysis SNE RP2 Frank Uijtewaal Collab: DongIT (dongit.nl) Initial project goal Find a new and interesting type of security analysis for web applications

480 views • 35 slides
RWIS Automated Advisory System Centralized advisory system for the control of Dynamic Message

RWIS Automated Advisory System Centralized advisory system for the control of Dynamic Message

RWIS Automated Advisory System Centralized advisory system for the control of Dynamic Message Signs Presented by: Jeremy Duensing Product Manager Schneider Electric Presentation Learning Outcomes Weather can have large impacts on small

785 views • 30 slides
DYNAMIC ODME FOR AUTOMATED VEHICLES MODELING USING BIG DATA Dr. Jaume Barcel, Professor

DYNAMIC ODME FOR AUTOMATED VEHICLES MODELING USING BIG DATA Dr. Jaume Barcel, Professor

DYNAMIC ODME FOR AUTOMATED VEHICLES MODELING USING BIG DATA Dr. Jaume Barcel, Professor Emeritus, UPC- Barcelona Tech, Strategic Advisor to PTV Group Shaleen Srivastava, Vice-President/Regional www.ptvgroup.com Director (PTV Group

439 views • 24 slides
Listen to me! Public announcements to agents that pay attention or not Hans van Ditmarsch 1 ,

Listen to me! Public announcements to agents that pay attention or not Hans van Ditmarsch 1 ,

Our logic ABAL Embedding in Dynamic Epistemic Logic Automated reasoning Joint attention and attention change Conclusion Listen to me! Public announcements to agents that pay attention or not Hans van Ditmarsch 1 , Andreas Herzig 2 ,

679 views • 53 slides
Automated determination of isoptics with dynamic geometry Thierry Dana-Picard 1 acs 2 Zolt an

Automated determination of isoptics with dynamic geometry Thierry Dana-Picard 1 acs 2 Zolt an

Automated determination of isoptics with dynamic geometry Thierry Dana-Picard 1 acs 2 Zolt an Kov 1 Jerusalem College of Technology 2 The Private University College of Education of the Diocese of Linz CICM Hagenberg, Calculemus August 15,

728 views • 56 slides
Fourth Quarter 2018 1 Disclaimer The information contained in this presentation has been

Fourth Quarter 2018 1 Disclaimer The information contained in this presentation has been

EARNINGS PRESENTATION Fourth Quarter 2018 1 Disclaimer The information contained in this presentation has been Cencosud and their respective affiliates, officers, prepared by Cencosud SA ("Cencosud") for informational directors,

408 views • 21 slides
Alpha Presentation SmartSat Satellite App Store The Capstone Experience Team Lockheed Martin

Alpha Presentation SmartSat Satellite App Store The Capstone Experience Team Lockheed Martin

Alpha Presentation SmartSat Satellite App Store The Capstone Experience Team Lockheed Martin Space Client: Josh Davidson, Senior Software Engineer Brian Fuessel Daniel Webb Peng Sun Sailesh Gundepudi Tony Miller Department of Computer

503 views • 14 slides
Enabling non-programmers to develop smart environment applications Artem Katasonov VTT Technical

Enabling non-programmers to develop smart environment applications Artem Katasonov VTT Technical

Enabling non-programmers to develop smart environment applications Artem Katasonov VTT Technical Research Center of Finland SISS at IEEE ISCC, Riccione, 22.06.2010 29/06/2010 2 Long-term motivation Most people know how to replace a light

199 views • 16 slides
EDDMapS 2020 15 Years of Tracking Invasive Species in North America Who? Chuck Bargeron -

EDDMapS 2020 15 Years of Tracking Invasive Species in North America Who? Chuck Bargeron -

EDDMapS 2020 15 Years of Tracking Invasive Species in North America Who? Chuck Bargeron - Warnell School of Forestry and Natural Resources Michael Toews College of Agriculture and Environmental Sciences Joe LaForest Associate Director /

1.81k views • 147 slides
{ // Arjun Gopalakrishna // Bhavya Udayashankar Indie app development is different from

{ // Arjun Gopalakrishna // Bhavya Udayashankar Indie app development is different from

Indie_App_Development() { // Arjun Gopalakrishna // Bhavya Udayashankar Indie app development is different from traditional app development for a corporation. It involves a small number of individuals handling all stages of product development

800 views • 34 slides
mHealth Prescribing: Dead or Thriving? Matt Tindall General Manager, Consumer Solutions IMS

mHealth Prescribing: Dead or Thriving? Matt Tindall General Manager, Consumer Solutions IMS

mHealth Prescribing: Dead or Thriving? Matt Tindall General Manager, Consumer Solutions IMS Health www.appscript.net 1 An Emerging Treatment Modality DE-ID DATA ID DATA MEDICAL DEVICES DIGITAL THERAPIES DRUGS GENOMIC DATA SOCIAL MEDIA

698 views • 25 slides
TERMINAL ONE DEVELOPMENT PROJECT BCDC PERMIT APPLICATION NO. 2018.006.00 APPLICANTS: TERMINAL ONE

TERMINAL ONE DEVELOPMENT PROJECT BCDC PERMIT APPLICATION NO. 2018.006.00 APPLICANTS: TERMINAL ONE

TERMINAL ONE DEVELOPMENT PROJECT BCDC PERMIT APPLICATION NO. 2018.006.00 APPLICANTS: TERMINAL ONE DEVELOPMENT, LLC, AND CITY OF RICHMOND MARCH 5, 2020 PROJECT LOCATION Miller-Knox Miller-Knox Regional Park Regional Park Richmond Richmond

543 views • 9 slides
The MoDiS experimental platform for the validation and demonstration of S-DMB functions and

The MoDiS experimental platform for the validation and demonstration of S-DMB functions and

The MoDiS experimental platform for the validation and demonstration of S-DMB functions and services I. Andrikopoulos, G. Kolonias Space Hellas T. Gallet, M. Durand Alcatel Space J. Vandermot, T. Dubois Agilent Technologies L. Roullet

688 views • 27 slides

More recommend