payatu.com
Open in
urlscan Pro
188.114.96.12
Public Scan
Submitted URL: https://payatu.com/blog/Sneha-Rajguru/ios-app-runtime-analysis-using-gdb
Effective URL: https://payatu.com/ios-app-runtime-analysis-using-gdb
Submission: On August 05 via api from US — Scanned from NL
Effective URL: https://payatu.com/ios-app-runtime-analysis-using-gdb
Submission: On August 05 via api from US — Scanned from NL
Form analysis 1 forms found in the DOM
POST https://payatu.com/subscription/newsletter
<form id="newsletter-subs" class="form" method="POST" action="https://payatu.com/subscription/newsletter"
style="width: 100% !important;margin-left: 0px !important;padding-left: 0px !important;margin-right: 0px !important;padding-right: 0px !important;text-align: center !important;">
<input id="newsletter-subs-email" pattern="[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{1,63}$" required="" type="email" class="form__field col-10" placeholder="Your E-Mail Address"
style=" box-shadow: 10px 10px 5px #850404 !important; width: 21em !important; height: 50px; background: #EAEAEA; border-radius: 5px 0px 0px 5px; font-family: Nunito; font-style: normal; font-weight: normal; font-size: 16px; line-height: 27px; color: #6C757D;">
<button type="submit" class="btn btn--primary btn--inside uppercase col-4 hvr-grow"
style=" padding: 3px !important;width: 198px; background: #221638; border-radius: 0px 5px 5px 0px; height: 55px; font-family: Roboto; font-style: normal; font-weight: normal; font-size: 16px; color: #FFFFFF;">Subscribe</button>
</form>Text Content
Services IoT Security Testing Red Team Assessment Product Security AI/ML Security Audit Web Security Testing Mobile Security Testing DevSecOps Consulting Code Review Cloud Security Critical Infrastructure Products EXPLIoT EXPLIoT is framework for IoT security testing and exploitation. CloudFuzz CloudFuzz is platform that lets you code for bugs by running your software with millions of test cases. Who we are About Us Payatu Bandits Resources Blogs MasterClass Series Case Studies E-Books New Advisory Media Checklist Tools securecode.wiki New Contact Us Pune Location Europe Location Australia Location Top Openings Security consultant IT sales Pre-Sales Executive Software Developer Embedded Developer ALL OPENINGS Get all of it Be a Bandit Services Products Who we are Resources Contact Us We are Hiring * Home * News * Advisory * Hardware-Lab * Contact-Us * Career Back Services Products Who we are Resources News Advisory Hardware Lab Career Contact Us Services IoT Security Testing Red Team Assessment Product Security AI/ML Security Audit Web Security Testing Mobile Security Testing DevSecOps Consulting Code Review Cloud Security Critical Infrastructure Products EXPLIoT CloudFuzz Resources Blogs MasterClass Series Case Studies E-Books New Advisory Media Checklist Tools securecode.wiki New Who we are About Us Payatu Bandits Contact Us Pune Location Europe Location Australia Location ⌂ Home › ☷ All Blogs › ✍ Sneha-Rajguru › IOS APP RUNTIME ANALYSIS USING GDB Sneha-Rajguru 16/06/2017 IOS APP RUNTIME ANALYSIS USING GDB 16/06/2017 0 Comments in Blog by Sneha Rajguru This blog is a simple guide for performing runtime analysis on iOS apps using GDB. With use of GDB we can get an in-depth knowledge of the application and not restricting to that, it also allows us to set breakpoints and manipulate the values and completely change the execution flow of the application. We have crafted a vulnerable iOS application for understanding and to learn to use GDB to perform runtime analysis, with our crafted vulnerable app known as ‘swizzle-me’. Introduction to the app. The app ‘swizzle-me’ is a simple authentication app, wherein the user is required to enter his/her valid credentials and get access to the application. App’s challenge: Your task is to bypass this login mechanism of the application and access the authenticated page! Screens of the application: If wrong password is entered The application shows an error message stating the “Entered Credentials are incorrect”. Once, the correct credentials are entered the application greets the user with a ‘successful login page’ Now login to the device: Now run the ‘swizzle-me’ app on your device. And attach GDB to the app’s running process. For this use the command attach gdb <pid_of_swizzle-me>, here we got the pid for the app as 780. Now, lets attach the process. Before going ahead lets take a look at the code, and identify the method which is responsible for performing the authentication in the app You can use the class-dump-z to get the entire class dump of the application, there by gaining the knowledge of the methods of the application. Now, that we know the method responsible for authenticating the user, we shall put a breakpoint on this method. Method name “authenticate”. As we have already set the breakpoint at the ‘authenticate’ method, lets enter any username and password in the app and press on check, Now, use the disas to print the disassembly for this function. And as it is known that the validation of the username and password is happening within this function (authenticate), and by looking at the disassembly we do not find any other interesting method related to our application. Other way to look around for a method is to look for obj_msgSend function. Remember the obj_msgSend function is executed when an external function is called. Also, an app can have multiple obj_msgSend calls. Considering our given scenario, we shall point out all the addresses of all those instructions who call the obj_msgSend, and put a breakpoint to it. A very simple way to do it is to look for the blx instruction, note its address and set a breakpoint for it and keep on pressing c (continue) until the next breakpoint is hit. As we have set the breakpoint to our function, we now try to print out the values stored in it. Taking the advantage of objective-c, we understand that every object is a pointer.Thus providing pointer we will try to get inside the registers and see what value it has. To find out the value, we use ‘po’ command to print the value of the object. With the use of ‘po’ command we could get the actual values of the objects. As seen in the above image we have got the values ‘Hacker’ and ‘Theforceiswithyou’ , by looking at it we can surely tell that this must be the hardcoded username and password for the ‘swizzle-me’ app. Our next step would be to try to enter the received values as app’s credentials. Reference https://blog.netspi.com/ios-tutorial-dumping-the-application-heap-from-memory/ http://resources.infosecinstitute.com/ios-application-security-part-22-runtime-analysis-manipulation-using-gdb/#gref http://www.iicybersecurity.com/pentesting-cracking-analysis-ios-apps.html Get to know more about our process, methodology & team! Get started today Close the overlay I AM LOOKING FOR CYBERSECURITY SERVICES CYBERSECURITY TRAINING PLEASE CLICK ONE! ☷ ALL BLOGS › ✍ LATEST BLOGS arjuns 04/08/2022 AUTHORIZATION FLAWS FOR RESEARCHER Common authorization flaws that exist on web application. ... debjeet 02/08/2022 HOW TO FIND ASSETS USING FAVICON HASHES This Blog explains how Penetration Testers and Bug Bounty hunters can use Favicons and search engines like Shodan to hunt for hidden assets of an organization.... aamir.ahmed 02/08/2022 ALL ABOUT CONTENT SECURITY POLICY AND ITS BYPASSES This blog talks about content security policy, its implementation and bypasses.... ☷ ALL NEWS › ⚑ LATEST NEWS Talk, Online 28-May-2022 Aseem Jakhar will be giving a talk at cyberstartersconference. Workshop, Online 13-May-2022 Kartheek Lade will be conducting a workshop on “Car hacking 101” Webinar, Online 29-April-2022 Amit prajapat will be delivering a webinar on “Gaining Access to Protected Components In Android”. SUBSCRIBE TO OUR NEWSLETTER Subscribe or or FOLLOW OUR SOCIAL MEDIA HANDLES FOLLOW OUR SOCIAL MEDIA HANDLES Research Powered Cybersecurity Services and Training. Eliminate security threats through our innovative and extensive security assessments. Subscribe to our newsletter Services IoT Security Testing Red Team Assessment Product Security AI/ML Security Audit Web Security Testing Mobile Security Testing DevSecOps Consulting Code Review Cloud Security Critical Infrastructure Products EXPLIoT CloudFuzz Conference Nullcon Hardwear.io Resources Blog E-Book Advisory Media Case Studies MasterClass Series Securecode.wiki About About Us Career News Contact Us Payatu Bandits Hardware-Lab Disclosure Policy All rights reserverved © 2022 Payatu Research Powered Cybersecurity Services and Training. Eliminate security threats through our innovative and extensive security assessments. Subscribe to our newsletter Services IoT Security Testing Red Team Assessment Product Security AI/ML Security Audit Web Security Testing Mobile Security Testing DevSecOps Consulting Code Review Cloud Security Critical Infrastructure Products EXPLIoT CloudFuzz Conference Nullcon Hardwear.io Resources Blog E-Book Advisory Media Case Studies MasterClass Series Securecode.wiki About About Us Career News Contact Us Payatu Bandits Hardware-Lab Disclosure Policy All rights reserverved © 2021 Payatu