Just saw this on @everttjf blog, and according to the literature, iOS Hacking Guide, to dump the decrypted binary via LLDB is rather simple.
You just need a jailbreak device with debugserver running on it, and the . That's all.cryptsize, cryptoff of that executable file. You may use otool to retrieve the cryptsize, cryptoff
As we've mentioned in the last post, Protection against Message Forward in Objective-C, there're at least two tools for tracing the calling sequence of the methods,
However, they just cannot handle it in the scene below,
@interface ProtectedClass : NSObject { @public NSString * _password; } @property (nonatomic, getter=password, setter=setPassword:) NSString * password; @end /// ...omited... ProtectedClass * obj = [[ProtectedClass alloc] init]; obj->_password = @"喵咕咪~"; // directly access, undectectable in BigBang or ANYMethodLog [obj setPassword:@"喵"]; // BigBang or ANYMethodLog dectectable /// ...omited...
Because it's not necessarily to call getter or setter in Objective-C when access or change an ivar. Since Objective-C is just a superset of C, so the object (or instance) in Objective-C acts pretty much like the struct in C. You can directly access its member if you have the memory address. Let's check out what happens when compiling.
Here is our code, written in Objective-C, and it's probably quite often to be seen in your projects.
Runtime is one of the powerful features of Objective-C, it provides us the ability to add/replace a method of some class, retrieve/set the implementation of a specified method, and even add a class in runtime.
However, just like the sunlight shines not only on the good guys, but also on the bad ones. There are some tools in iOS Jailbreak community which take the advantage of Objective-C's runtime feature, to be specific, the ability of message forward. Within this feature, they can log the calling sequence of the methods in the application for further exploitation. And it's not that hard to inject such tools into your application, since there are many ways such as DYLD_INSERT_LIBRARIES or modifying the MachO load commands, and they got some sets of tools like iOSOpenDev, and the new replacement of iOSOpenDev, MonkeyDev by @AloneMonkey.
And there're at least 2 tools which can log the calling sequence of the methods,
Continue reading Protection against Message Forward in Objective-C
在 iOS 逆向工程的论坛上看到了如何勾住一个类所有方法的帖子,然后基本都是用 Objective-C 里的 forwardInvocation: 来做的,例如
于是这里做了一个检测自己的类是否被这样给 hook 了的方法。
之前在空间里看见过同学发咕咕机的分享,那时还是第一代咕咕机,然后这几周在 @DIYgod 那边也看到了咕咕机,于是就入了一个来玩玩w
看着非常有趣的咕咕机,然后想自己在这上面折腾点啥东西,于是就有了这个 WordPress 插件,它可以将站点的评论打印到咕咕机上www
那时你坐着专心做女红
对美好的前途满怀信心
当时是芬芳的五月 你总爱这样度过辰光
——A Silvia
本文涉及电影内容,请注意会被剧透哦w
管理员元宝(全名是人见人爱陈元宝)是学社科的大学森,我则化身为cocola~某一天元宝和cocola聊天的时候讲到:一千个人眼中有一千个哈姆雷特,很多时候,事情本身没有改变,只是看待事情的角度变了。于是这个公众号就诞生了,因为想知道,一部电影,从不同的视角出发到底可以看到多少,可以发散到多广。不同学科或者领域的朋友,看到的东西可能会大有不同。元宝和cocola决定选择一部电影(大多是经典),从不同角度进行反复讨论(⁎⁍̴̛ᴗ⁍̴̛⁎)
初心就是:探索和交流
最后欢迎学心理学、人类学、经济学、物理学等等且喜欢电影的小伙伴加入(/ω\)
欢迎大家来围观\(≧▽≦)/
