3. This description is, of course, slightly simplified; there are also sticky bits, setuid bits, and so forth. Since iOS doesn’t use DAC as its primary access control mechanism, though, I won’t get into those topics in this book.
5. It seems, however, that most jailbreak users are motivated by the ability to perform the digital equivalent of putting spinning hubcaps on your car.
4. Note that not all directories that can exist in this directory tree will exist for every application; some are created on the fly only when certain APIs are used by the app.
2. I generally consider Chrome a more secure daily browser, but the self-contained nature of Firefox does let you tweak proxy settings more conveniently.
4. Traditionally, this has been done with the GNU Debugger, gdb. However, gdb hasn’t been included with Xcode since version 4, and most versions in Cydia are broken. This method of using lldb should work for the foreseeable future ... I think.
8. This is how it appears in xxd(1), which is what I usually use for quick-and-dirty editing. Your editor may vary. If in doubt, check with MachOView first and then develop whatever scripts you may require.
8. It’s rather out of character for me to not file bugs, but Apple’s bug tracker, RADAR, is so breathtakingly, insultingly useless that no reasonable person should have to use it. Instead, I recommend visiting http://fixradarorgtfo.com/ and filing this single RADAR bug: “Fix Radar or GTFO (duplicate of rdar://10993759).”
6. iOS generates the file public and file private keys using D. J. Bernstein’s Curve25519, an Elliptic Curve Diffie-Hellman algorithm (http://cr.yp.to/ecdh.html).
7. Please disregard this if you are in fact a cryptographer.
8. I see this all the time. No one should ever switch from a secure default to ECB mode, but I still come across this problem every month or two.