iOS Dynamic Library Code Injection - 23 Nov 2016

Post on 14-Jan-2017

327 views 2 download

Preview:

Click to see full reader
Report this document
SHARE

Transcript of iOS Dynamic Library Code Injection - 23 Nov 2016

Image from http://dyci.github.io/

iOS Dynamic Library Injection

- Kenneth Poon

•Technical Lead iOS Engineer @ PropertyGuru •Agile, Xtreme Programming, Tests •XCUITest+Gherkin (July 2016)

Agenda

• Short story of me engaging in PokemonGo

• Game plan for creating iOS Mod Apps

• Demo of Code Injection

Trying to beat the game

6 Aug 2016

- 9 am Discovered PokemonGo is live

- 12 pm Started Location Spoofing

A Week Later

- Built my own location spoof Mac App

- Integration Go Radar Api

- Requires Direct XCode-Device Wired Connection

Trying to beat the game

How to install this PokemonGo Mod?

http://pokemongohacks.me/

How to install this PokemonGo Mod?

Mod Ipa

Cydia Impactor

• Cydia Impactor is a tool that resigns and install apps onto devices

• Works with non-jailbroken devices

• Downloadable at http://www.cydiaimpactor.com/

Apple Dev Account

Non-JB

How to install this PokemonGo Mod?

DEMO

Hmmm Whats That?

Concepts - Code Injection

Investigative To Introduce Behaviour Change

• Code Injection Attacks Examples- SQL Injection / XML Injection- HTML Script / Command Injection

Concepts - Dynamic Library / Binary

• XCode compiles Apps statically • Highlights Compilation Errors for codes in project that

cannot be statically linked • During Build Phase, Xcode links project with external

binaries and perform necessary checks. • However at packaging phase, Xcode does not

guarantee all dependencies will be available during run time

dyld: Library not loaded: @rpath/libswift_stdlib_core.dylib

Concepts - Dynamic Library / Binary

Concepts - Dynamic Library / Binary• Static Library - a unit of code linked at compile time.

[Cant use this]

• Dynamic library - a unit of code and/or assets linked at runtime that may change [We can use this]

• Load Dylib command needs to be executed on the .ipa package before the final package/signing of the app

Non-JB

Game plan for creating iOS Mod Apps

Cydia Impactor

Apple Dev Account

Original Ipa

Custom Dylib

Patched Ipa

Patched Ipa+ Patching

You may need to download cracked from 3rd Party content providers like www.iphonecake.com

http://www.iphonecake.com

Dynamic Library Injection

DEMO

https://github.com/depoon/iOSDylibInjectionDemo

https://github.com/depoon/iOSDylibInjectionDemo

Top related

Dynamic DNS Support for Cisco IOS Software · Dynamic DNS Support for Cisco IOS Software TheDynamicDNSSupportforCiscoIOSSoftwarefeatureenablesCiscoIOSsoftwaredevicestoperform DynamicDomainNameSystem(DDNS
 Documents
Simulation Services for Injection Molded Plastic Components · •MPI, Midplane, Fusion, 3D •Fibre, Warp, Cool, Gas, Sequential Filling, Overmolding, Dynamic Feed, Co-Injection,
 Documents
Automated embedding of dynamic libraries into iOS applications … · 2017-08-03 · order to conduct the dynamic analysis using the second method the dynamic libraries provided by
 Documents
Dynamic Solution Injection
 Documents
Injection in Rings with Small Dynamic Aperture - Lessons Learned at BESSY II A. Jankowiak, P. Kuske.
 Documents
Cisco IOS Software Release 12.2(18)SXD Routing … · CISCO IOS SOFTWARE RELEASE ... • BGP Dynamic Peer Groups ... (iSPF) allows routers to intelligently determine where the
 Documents
Electric ALLROUNDERs - ARBURG ALLROUNDERs Injection molding machines for ... reproducible mould filling through dynamic injection. With our ALLROUNDER injection mold- ... The au- …
 Documents
A New Dynamic Injection System of Urea-Water Solution for a … · 2017-08-14 · A New Dynamic Injection System of Urea-Water Solution for a Vehicular Select ... almost 99% of diesel
 Documents
Automated embedding of dynamic libraries into iOS ... · Automatedembeddingofdynamiclibraries intoiOSapplicationsfromGNU/Linux MarwinBaumann1 &LeandroVelasco1 1Systems and Network
 Documents
Role of Fluid Injection on Earthquake ... - cdfm.stanford.edu · Role of Fluid Injection on Earthquake Size in Dynamic Rupture Simulations on Rough Faults Jeremy Maurer1,2, Eric M.
 Documents
Automated embedding of dynamic libraries into iOS applications … · Automatedembeddingofdynamiclibraries intoiOSapplicationsfromGNU/Linux MarwinBaumann1 &LeandroVelasco1 1Systems
 Documents
CANDID: Dynamic Candidate Evaluations for …pbisht/files/Bisht_TISSEC_2010.pdf14 CANDID: Dynamic Candidate Evaluations for Automatic Prevention of SQL Injection Attacks PRITHVI BISHT
 Documents
Injection in Rings with Small Dynamic Aperture - Lessons Learned at BESSY II
 Documents
Dynamic Emulation and Fault-Injection using Dyninst
 Documents
TOSHIBA MACHINE - Injection Depot - Home · TOSHIBA MACHINE PANTONE 193 ... Injection process condition dynamic self-tuning (DST-FILL) ... Puts the machine into mold safety/shutdown
 Documents
Dynamic Multipoint VPN Configuration Guide, Cisco IOS Release ...
 Documents
Dynamic Model and Analysis of a Sucker-rod Pump Injection ...
 Documents
Dynamic Multipoint VPN Configuration Guide, Cisco IOS ... · Dynamic Multipoint VPN Configuration Guide, Cisco IOS Release 15M&T Americas Headquarters Cisco Systems, Inc. 170 West
 Documents
SQLPrevent: E ective Dynamic Detection and Prevention of SQL Injection Attacks …lersse-dl.ece.ubc.ca/record/146/files/146.pdf ·  · 2013-05-22SQLPrevent: E ective Dynamic Detection
 Documents
Improved Discretisation Dynamic Modelling Co2 Solubility During Injection Subsequent Convective Dispersion
 Documents

Copyright © 2022 FDOCUMENTS