iOS Hacker's Handbook
Charlie Miller, Dion Blazakis, Dino DaiZovi, Stefan Esser, Vincenzo Iozzo
Format: PDF / Kindle (mobi) / ePub
Discover all the security risks and exploits that can threaten iOS-based mobile devices
iOS is Apple's mobile operating system for the iPhone and iPad. With the introduction of iOS5, many security issues have come to light. This book explains and discusses them all. The award-winning author team, experts in Mac and iOS security, examines the vulnerabilities and the internals of iOS to show how attacks can be mitigated. The book explains how the operating system works, its overall security architecture, and the security risks associated with it, as well as exploits, rootkits, and other payloads developed for it.
- Covers iOS security architecture, vulnerability hunting, exploit writing, and how iOS jailbreaks work
- Explores iOS enterprise and encryption, code signing and memory protection, sandboxing, iPhone fuzzing, exploitation, ROP payloads, and baseband attacks
- Also examines kernel debugging and exploitation
- Companion website includes source code and tools to facilitate your efforts
iOS Hacker's Handbook arms you with the tools needed to identify, understand, and foil iOS attacks.
dictionaryWithObjectsAndKeys: (id)kSecClassGenericPassword, (id)kSecClass, @"MyItem", (id)kSecAttrGeneric, username, (id)kSecAttrAccount, password, (id)kSecValueData, [[NSBundle mainBundle] bundleIdentifier], (id)kSecAttrService, @"", (id)kSecAttrLabel, @"", (id)kSecAttrDescription, (id)kSecAttrAccessibleWhenUnlocked, (id)kSecAttrAccessible, nil]; OSStatus result = SecItemAdd((CFDictionaryRef)query, NULL); Attacking Data Protection To demonstrate the limitations of data protection and what
/private/var/tmp/container/1234/secret Dr. Ray Stantz: Total protonic reversal. iFauxn:∼/ioshh root# What has occurred in the transcript and how does it relate to the profile that was created? In the transcript, the program is started with the command-line argument /private/var/tmp/container/5678. This is used in the sandbox_init_with_extensions call. The first output you see is the result of a sandbox_issue_extension. The extension is issued for the 1337 subdirectory and occurs prior to sandbox
library is loaded, named OfficeImport. Later, when fuzzing, you can confirm this is the library that handles Office documents because you'll see crashes inside it. ... 165 OfficeImport F 0x38084000 dyld Y Y /System/Library/PrivateFrameworks/OfficeImport.framework/ OfficeImport at 0x38084000 (offset 0x6c6000) /System/Library/PrivateFrameworks/OfficeImport.framework/ OfficeImport" at 0x38084000] If you know OS X very well, you know that there is a way to preview Office documents, in Finder or as