New Reverse Engineering an iOS application By Patricbensen

New Reverse Engineering an iOS application By Patricbensen - is the information you are looking for, and in the blog All Specs Gadget we have provided her, all right in this article titled New Reverse Engineering an iOS application By Patricbensen we will discuss it in full, in addition to the information we have also provided a lot of info about the latest gadgets and a wide range of tips and tricks that according to the gadget you are using, well please continue reading:

Articles: New Reverse Engineering an iOS application By Patricbensen
Full Link : New Reverse Engineering an iOS application By Patricbensen
Artikel class dump, Artikel ios penetration testing, Artikel ios reverse engineering,

You can also see our article on:


New Reverse Engineering an iOS application By Patricbensen

Introduction:

When you are PenTesting an iOS application, you would want to read the code of the provided application and understand the backend classes and hidden information. Using this, you can try and exploit the application to gain access to sensitive information or to redirect the flow of the application in an malicious manner.

Reverse Engineering an iOS application is completely different as compared to an Android apk. The complete original source code cannot be revivied from an existing iOS application. Only, declarations for the classes, categories and protocols can be decompiled from an given application.

Requirements:
  • iOS device must be jailbroken.
  • OpenSSH should be installed on the iOS device.
  • SSH Client on your machine.
  • "Class Dump" should be installed on the iOS device via "Cydia"
Detailed Steps:

Step 1: SSH in to your iOS device using credentials as root:alpine.
 

Step 2: Launch the application on your device and note down the application location on your device using the "ps -ax | grep "App"" command.


As shown in the above diagram, the application is running from location “ /Applications/Stocks.app/Stocks”

Step 3: Navigate to that location “/Applications/Stocks.app/” via the shell.
We will use “Class dump” to reverse engineer this application. It is a command-line utility for examining the Objective-C runtime information stored in Mach-O files. It generates declarations for the classes, categories and protocols. We will do this using the command
class-dump Stocks > /tmp/dinesh/Stockreversed.txt

As shown in the below screenshot, the application was decompiled properly and the header and implementation files are copied to location /tmp/dinesh/in the file Stockreversed.txt


Below screenshot shows the contents of the file “Stockreversed.txt” is clearly readable and all kinds of hidden secrets and logical flaws can be understood from here.


The above screenshot shows that the source code is in cleartext and can be easily analysed.
Now that you have the declarations of the classes and the protocols you can go ahead an debug the application using GDB or, hook on to the functions present in the application via MobileSubstrate and try to change its behavior.

However, many a times this process is not so straight forward and the developers put in additional security feature to prevent the attackers from reversing the applications by using debugging techniques. The ways by which, we can bypass this restrictions and try and dump the class declarations in an encrypted iOS application would be explained in the next blog post. 

References:



Information New Reverse Engineering an iOS application By Patricbensen has finished we discussed

says the article New Reverse Engineering an iOS application By Patricbensen, we beharap be useful to you in finding repensi about the latest gadgets and long.

Information on New Reverse Engineering an iOS application By Patricbensen has finished you read this article and have the link https://patricbensen.blogspot.com/2013/01/new-reverse-engineering-ios-application.html Hopefully the info we deliver is able to address the information needs of the present.

0 Response to "New Reverse Engineering an iOS application By Patricbensen"

Post a Comment