Footnotes

Chapter 1: The IOS Security Model

1. https://developer.apple.com/appstore/resources/approval/guidelines.html
2. http://www.macworld.com/article/1152835/iphone_flashlight_tethering.html
3. This description is, of course, slightly simplified; there are also sticky bits, setuid bits, and so forth. Since iOS doesn’t use DAC as its primary access control mechanism, though, I won’t get into those topics in this book.
4. You can find a good summary of the default iOS sandbox policies at https://media.blackhat.com/bh-us-11/DaiZovi/BH_US_11_DaiZovi_iOS_Security_WP.pdf
5. It seems, however, that most jailbreak users are motivated by the ability to perform the digital equivalent of putting spinning hubcaps on your car.
6. http://theiphonewiki.com/wiki/XCon
7. http://www.cultofmac.com/82097/ibooks-1-2-1-tries-to-run-jailbreak-code-to-detect-jailbroken-iphones/
8. http://theiphonewiki.com/wiki/Bypassing_Jailbreak_Detection
9. http://stackoverflow.com/questions/4165138/detect-udid-spoofing-on-the-iphone-at-runtime/
10. http://phonegap.com/
11. http://arstechnica.com/apple/2011/11/safari-charlie-discovers-security-flaw-in-ios-gets-booted-from-dev-program/
12. http://reverse.put.as/wp-content/uploads/2011/06/syscan11_breaking_ios_code_signing.pdf
13. http://www.cc.gatech.edu/~klu38/publications/security13.pdf

Chapter 2: Objective-C for the Lazy

1. http://developer.apple.com/library/mac/#releasenotes/ObjectiveC/RN-TransitioningToARC/Introduction/Introduction.html
2. https://developer.apple.com/library/mac/documentation/Cocoa/Reference/Foundation/Protocols/NSCoding_Protocol/Reference/Reference.html
3. https://github.com/rentzsch/jrswizzle/

Chapter 3: IOS Application Anatomy

1. http://www.macroplant.com/iexplorer/
2. Erica Utilities has a number of other useful tools for working with jailbroken devices; you can check out the list at http://ericasadun.com/ftp/EricaUtilities/.
3. https://developer.apple.com/library/Mac/documentation/Cocoa/Reference/Foundation/Classes/NSBundle_Class/Reference/Reference.html
4. Note that not all directories that can exist in this directory tree will exist for every application; some are created on the fly only when certain APIs are used by the app.
5. http://developer.apple.com/library/ios/#documentation/FileManagement/Conceptual/DocumentInteraction_TopicsForIOS
6. http://developer.apple.com/library/ios/documentation/iPhone/Conceptual/iPhoneOSProgrammingGuide/iPhoneAppProgrammingGuide.pdf (page 69)

Chapter 4: Building Your Test Platform

1. http://www.portswigger.net
2. I generally consider Chrome a more secure daily browser, but the self-contained nature of Firefox does let you tweak proxy settings more conveniently.
3. http://getfoxyproxy.org
4. http://www.stunnel.org/
5. https://github.com/iSECPartners/dnsRedir/
6. https://github.com/iSECPartners/tcpprox/
7. http://www.trailofbits.com/resources/ios4_security_evaluation_paper.pdf
8. http://clang-analyzer.llvm.org/
9. http://clang.llvm.org/docs/AddressSanitizer.html
10. http://blog.chromium.org/2012/04/fuzzing-for-security.html
11. https://pypi.python.org/pypi/watchdog/

Chapter 5: Debugging with lldb and Friends

1. http://lldb.llvm.org/
2. For a detailed resource on debugging in Xcode, I recommend iOS 7 Programming: Pushing the Limits; see http://iosptl.com/.
3. If you’d like further insight into assembly on iOS and ARM, check out Ray Wenderlich’s tutorial at http://www.raywenderlich.com/37181/ios-assembly-tutorial/.

Chapter 6: Black-Box Testing

1. http://blog.iphone-dev.org/
2. http://iclarified.com/
3. https://github.com/stefanesser/dumpdecrypted
4. Traditionally, this has been done with the GNU Debugger, gdb. However, gdb hasn’t been included with Xcode since version 4, and most versions in Cydia are broken. This method of using lldb should work for the foreseeable future ... I think.
5. https://developer.apple.com/library/mac/#documentation/DeveloperTools/Conceptual/MachORuntime/Reference/reference.html
6. Unless you disable PIE. You can do this with the removePIE tool; see https://github.com/peterfillmore/removePIE/.
7. http://sourceforge.net/projects/machoview/
8. This is how it appears in xxd(1), which is what I usually use for quick-and-dirty editing. Your editor may vary. If in doubt, check with MachOView first and then develop whatever scripts you may require.
9. http://stevenygard.com/projects/class-dump/
10. http://code.google.com/p/networkpx/wiki/class_dump_z
11. http://www.cycript.org/
12. https://github.com/limneos/weak_classdump/
13. https://www.hex-rays.com/products/ida/
14. http://www.hopperapp.com/
15. https://github.com/iSECPartners/ios-ssl-kill-switch/
16. http://iphonedevwiki.net/index.php/MobileSubstrate
17. http://iphonedevwiki.net/index.php/Theos/Getting_Started
18. http://gitweb.saurik.com/ldid.git
19. http://iphonedevwiki.net/index.php/Logos
20. http://www.macports.org/
21. http://brew.sh/
22. http://www.saurik.com/id/7/
23. https://github.com/iSECPartners/ios-ssl-kill-switch/blob/master/Tweak.xm
24. https://github.com/iSECPartners/Introspy-iOS/
25. https://github.com/iSECPartners/Introspy-Analyzer/

Chapter 7: IOS Networking

1. https://developer.apple.com/DOCUMENTATION/Cocoa/Conceptual/URLLoadingSystem/URLLoadingSystem.pdf
2. https://developer.apple.com/library/mac/#documentation/Foundation/Reference/NSURLConnectionDelegate_Protocol
3. https://developer.apple.com/library/ios/#documentation/cocoa/conceptual/URLLoadingSystem/Articles/RequestChanges.html
4. https://developer.apple.com/library/ios/#documentation/Foundation/Reference/NSURLConnectionDataDelegate_protocol/Reference/Reference.html#//apple_ref/occ/intfm/NSURLConnectionDataDelegate/connection:willSendRequest:redirectResponse:
5. https://bug665814.bugzilla.mozilla.org/attachment.cgi?id=540839
6. https://docs.google.com/presentation/d/11eBmGiHbYcHR9gL5nDyZChu_-lCa2GizeuOfaLU2HOU/edit?pli=1#slide=id.g1d134dff_1_222
7. https://github.com/AFNetworking/AFNetworking
8. https://github.com/pokeb/asi-http-request
9. https://developer.apple.com/library/prerelease/ios/documentation/MultipeerConnectivity/Reference/MultipeerConnectivityFramework/index.html
10. https://nabla-c0d3.github.io/blog/2014/08/20/multipeer-connectivity-follow-up/
11. https://developer.apple.com/library/ios/#qa/qa2009/qa1652.html
12. https://developer.apple.com/library/mac/#documentation/CoreFoundation/Reference/CFSocketStreamRef/Reference/reference.html

Chapter 8: Interprocess Communication

1. https://developer.apple.com/library/mac/documentation/Cocoa/Reference/Foundation/Classes/NSURL_Class/index.html#//apple_ref/doc/uid/20000301-SW21
2. http://developer.apple.com/library/ios/documentation/iPhone/Conceptual/iPhoneOSProgrammingGuide/iPhoneAppProgrammingGuide.pdf (page 99)
3. https://github.com/bengottlieb/Twitter-OAuth-iPhone

Chapter 9: IOS-Targeted Web Apps

1. https://www.webkit.org/
2. http://developer.apple.com/library/ios/documentation/uikit/reference/UIWebViewDelegate_Protocol/Reference/Reference.html
3. https://github.com/apache/cordova-ios/blob/master/CordovaLib/Classes/Public/CDVURLProtocol.m
4. http://www.andreas-kurtz.de/2014/09/malicious-apps-ios8.html
5. http://docs.phonegap.com/en/1.9.0/guide_whitelist_index.md.html
6. https://github.com/shazron/KeychainPlugin

Chapter 10: Data Leakage

1. https://developer.apple.com/library/ios/#documentation/System/Conceptual/ManPages_iPhoneOS/man3/asl.3.html
2. http://www.cocoanetics.com/2011/03/accessing-the-ios-system-log/
3. https://github.com/Atrac613/UIPasteboardSniffer-iOS
4. https://developer.apple.com/library/mac/documentation/Cocoa/Reference/WebKit/Classes/WebArchive_Class/Reference/Reference.html
5. http://developer.apple.com/library/ios/#documentation/uikit/reference/UIResponder_Class/Reference/Reference.html
6. https://developer.apple.com/library/ios/documentation/cocoa/reference/foundation/Classes/NSURLCache_Class/Reference/Reference.html#//apple_ref/occ/instm/NSURLCache/setDiskCapacity:
7. https://developer.apple.com/library/ios/documentation/Cocoa/Conceptual/URLLoadingSystem/Concepts/CachePolicies.html#//apple_ref/doc/uid/20001843-BAJEAIEE
8. It’s rather out of character for me to not file bugs, but Apple’s bug tracker, RADAR, is so breathtakingly, insultingly useless that no reasonable person should have to use it. Instead, I recommend visiting http://fixradarorgtfo.com/ and filing this single RADAR bug: “Fix Radar or GTFO (duplicate of rdar://10993759).”
9. http://developer.apple.com/library/ios/#documentation/uikit/reference/UITextInputTraits_Protocol/Reference/UITextInputTraits.html
10. The en prefix will be different for different locales, but this is what it is for an English-speaking device.
11. https://www.owasp.org/index.php/OWASP_iGoat_Project
12. For more details on the circumstances under which these events are triggered, visit http://www.cocoanetics.com/2010/07/understanding-ios-4-backgrounding-and-delegate-messaging/.
13. http://developer.apple.com/library/ios/#documentation/UIKit/Reference/UIView_Class/UIView/UIView.html#//apple_ref/occ/instp/UIView/alpha
14. Check out a good example of creating a Storyboard application with state preservation at http://www.techotopia.com/index.php/An_iOS_6_iPhone_State_Preservation_and_Restoration_Tutorial.
15. Using CCCrypt or, ideally, RNCryptor: https://github.com/rnapier/RNCryptor
16. Available at https://github.com/iSECPartners/SecureNSCoder
17. http://developer.apple.com/library/ios/documentation/iPhone/Conceptual/iPhoneOSProgrammingGuide/iPhoneAppProgrammingGuide.pdf (page 112)

Chapter 11: Legacy Issues and Baggage from C

1. The term format string attack was popularized by Tim Newsham’s paper of the same name; see http://www.thenewsh.com/~newsham/format-string-attacks.pdf.
2. Yes, %n works. Xcode might complain about it, but manual builds, such as those performed with the xcodebuild command line utility, work fine.
3. You can find more details on exploiting format strings to gain code execution in Scut’s paper on the topic; see https://crypto.stanford.edu/cs155/papers/formatstring-1.2.pdf.
4. Todd C. Miller, maintainer of sudo, discusses the merits of these functions further at http://www.sudo.ws/todd/papers/strlcpy.html.
5. https://developer.apple.com/library/ios/documentation/Security/Conceptual/SecureCodingGuide/Articles/BufferOverflows.html

Chapter 12: Injection Attacks

1. https://superevr.com/blog/2011/xss-in-skype-for-ios/
2. You can download Google Toolbox for Mac at https://code.google.com/p/google-toolbox-for-mac/.
3. http://support.apple.com/kb/HT6441
4. http://www.raywenderlich.com/553/how-to-chose-the-best-xml-parser-for-your-iphone-project

Chapter 13: Encryption and Authentication

1. http://developer.apple.com/library/ios/#samplecode/GenericKeychain/Introduction/Intro.html
2. https://www.trailofbits.com/resources/ios4_security_evaluation_slides.pdf
3. https://github.com/iSECPartners/R2B2
4. https://github.com/granoff/Lockbox
5. http://useyourloaf.com/blog/2010/4/3/keychain-group-access.html
6. iOS generates the file public and file private keys using D. J. Bernstein’s Curve25519, an Elliptic Curve Diffie-Hellman algorithm (http://cr.yp.to/ecdh.html).
7. Please disregard this if you are in fact a cryptographer.
8. I see this all the time. No one should ever switch from a secure default to ECB mode, but I still come across this problem every month or two.
9. https://github.com/rnapier/RNCryptor
10. http://robnapier.net/blog/rncryptor-hmac-vulnerability-827

Chapter 14: Mobile Privacy Concerns

1. http://developer.apple.com/library/ios/#documentation/AdSupport/Reference/ASIdentifierManager_Ref/ASIdentifierManager.html
2. http://www.w3.org/TR/tracking-dnt/
3. http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html
4. http://www.pskl.us/wp/wp-content/uploads/2010/09/iPhone-Applications-Privacy-Issues.pdf
5. http://www.apple.com/iphone-5s/features/
6. https://developer.apple.com/library/ios/documentation/LanguagesUtilities/Conceptual/iTunesConnect_Guide/8_AddingNewApps/AddingNewApps.html
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.136.18.48