The Myth of a Monoculture
The iOS Security Model
Components of the iOS Security Model
Storing the Key with the Lock
Passcodes Equate to Weak Security
Forensic Data Trumps Encryption
External Data Is at Risk, Too
Hijacking Traffic
Data Can Be Stolen...Quickly
Trust No One, Not Even Your Application
Physical Access Is Optional
Summary 15
Part I. Hacking
Chapter 2. The Basics of Compromising iOS
Why It’s Important to Learn How to Break Into a Device
Jailbreaking Explained
Developer Tools
End User Jailbreaks
Jailbreaking an iPhone
DFU Mode
Tethered Versus Untethered
Compromising Devices and Injecting Code
Building Custom Code
Analyzing Your Binary
Testing Your Binary
Daemonizing Code
Deploying Malicious Code with a Tar Archive
Deploying Malicious Code with a RAM Disk
Exercises
Summary
Chapter 3. Stealing the Filesystem
Full Disk Encryption
Solid State NAND
Disk Encryption
Where iOS Disk Encryption Has Failed You
Copying the Live Filesystem
The DataTheft Payload
Customizing launchd
Preparing the RAM disk
Imaging the Filesystem
Copying the Raw Filesystem
The RawTheft Payload
Customizing launchd
Preparing the RAM disk
Imaging the Filesystem
Exercises
The Role of Social Engineering
Disabled Device Decoy
Deactivated Device Decoy
Malware Enabled Decoy
Password Engineering Application
Summary
Chapter 4. Forensic Trace and Data Leakage
Extracting Image Geotags
Consolidated GPS Cache
SQLite Databases
Connecting to a Database
SQLite Built-in Commands
Issuing SQL Queries
Important Database Files
Address Book Contacts
Address Book Images
Google Maps Data
Calendar Events
Call History
Email Database
Notes
Photo Metadata
SMS Messages
Safari Bookmarks
SMS Spotlight Cache
Safari Web Caches
Web Application Cache
WebKit Storage
Voicemail
Reverse Engineering Remnant Database Fields
SMS Drafts
Property Lists
Important Property List Files
Other Important Files
Summary
Chapter 5. Defeating Encryption
Sogeti’s Data Protection Tools
Installing Data Protection Tools
Building the Brute Forcer
Building Needed Python Libraries
Extracting Encryption Keys
The KeyTheft Payload
Customizing Launchd
Preparing the RAM disk
Preparing the Kernel
Executing the Brute Force
Decrypting the Keychain
Decrypting Raw Disk
Decrypting iTunes Backups
Defeating Encryption Through Spyware
The SpyTheft Payload
Daemonizing spyd
Customizing Launchd
Preparing the RAM disk
Executing the Payload
Exercises
Summary
Chapter 6. Unobliterating Files
Scraping the HFS Journal
Carving Empty Space
Commonly Recovered Data
Application Screenshots
Deleted Property Lists
Deleted Voicemail and Voice Recordings
Deleted Keyboard Cache
Photos and Other Personal Information
Summary
Chapter 7. Manipulating the Runtime
Analyzing Binaries
The Mach-O Format
Introduction to class-dump-z
Symbol Tables
Encrypted Binaries
Calculating Offsets
Dumping Memory
Copy Decrypted Code Back to the File
Resetting the cryptid
Abusing the Runtime with Cycript
Installing Cycript
Using Cycript
Breaking Simple Locks
Replacing Methods
Trawling for Data
Logging Data
More Serious Implications
Exercises
SpringBoard Animations
Call Tapping...Kind Of
Making Screen Shots
Summary
Chapter 8. Abusing the Runtime Library
Breaking Objective-C Down
Instance Variables
Methods
Method Cache
Disassembling and Debugging
Eavesdropping
The Underlying Objective-C Framework
Interfacing with Objective-C
Malicious Code Injection
The CodeTheft Payload
Injection Using a Debugger
Injection Using Dynamic Linker Attack
Full Device Infection
Summary
Chapter 9. Hijacking Traffic
APN Hijacking
Payload Delivery
Removal
Simple Proxy Setup
Attacking SSL
SSLStrip
Paros Proxy
Browser Warnings
Attacking Application-Level SSL Validation
The SSLTheft Payload
Hijacking Foundation HTTP Classes
The POSTTheft Payload
Analyzing Data
Driftnet
Building
Running
Exercises
Summary
Part II. Securing
Chapter 10. Implementing Encryption
Password Strength
Beware Random Password Generators
Introduction to Common Crypto
Stateless Operations
Stateful Encryption
Master Key Encryption
Geo-Encryption
Geo-Encryption with Passphrase
Split Server-Side Keys
Securing Memory
Wiping Memory
Public Key Cryptography
Exercises
Chapter 11. Counter Forensics
Secure File Wiping
DOD 5220.22-M Wiping
Objective-C
Wiping SQLite Records
Keyboard Cache
Randomizing PIN Digits
Application Screenshots
Chapter 12. Securing the Runtime
Tamper Response
Wipe User Data
Disable Network Access
Report Home
Enable Logging
False Contacts and Kill Switches
Process Trace Checking
Blocking Debuggers
Runtime Class Integrity Checks
Validating Address Space
Inline Functions
Complicating Disassembly
Optimization Flags
Stripping
They’re Fun! They Roll! -funroll-loops
Exercises
Chapter 13. Jailbreak Detection
Sandbox Integrity Check
Filesystem Tests
Existence of Jailbreak Files
Size of /etc/fstab
Evidence of Symbolic Linking
Page Execution Check
Chapter 14. Next Steps
Thinking Like an Attacker
Other Reverse Engineering Tools
Security Versus Code Management
A Flexible Approach to Security
Other Great Books