如果你是一位具有堅實Objective-C基礎(chǔ)的應(yīng)用開發(fā)者,這本《iOS應(yīng)用安全攻防(影印版)》絕對急你所需——你所在公司的iOS應(yīng)用被攻擊的可能性很大。這是因為惡意攻擊者現(xiàn)在使用一系列工具采用大多數(shù)程序員想象不到的方式進行反向工程、跟蹤和操縱應(yīng)用。
這本書講解了幾種iOS的攻擊手段,以及黑客們常用的工具和技術(shù)。你會從中學到保護你的應(yīng)用的最佳方式,并且意識到像你的對手那樣去理解和制定策略是多么重要。
檢查現(xiàn)實應(yīng)用中的微小漏洞--并丑避免在你的應(yīng)用中出現(xiàn)同樣的問題,了解黑客如何通過代碼注入來使應(yīng)用感染惡意軟件,明白攻擊者如何破解iOS keychain和數(shù)據(jù)保護加密,使用調(diào)試器和定制代碼注入來操縱運行時Objective-C環(huán)境,阻止攻擊者劫持SSL會話和竊取數(shù)據(jù)流量,安全地刪除文件和設(shè)計應(yīng)用來防止數(shù)據(jù)泄露,避免濫用調(diào)試,驗證運行時類的健全性,確保你的代碼難以跟蹤。
Preface
1.Everything You Know Is Wrong
The Myth of a Monoculture
The iOS Security Model
Components of the iOS Security Model
Storing the Key with the Lock
Passcodes Equate to Weak Security
Fotensic Data Trumps Encryption
External Dara Is at Risk, Too
Hij acking Traffic
Data Can Be Stolen...Quickly
Trust No One, Not Even Your Application
Physical Access Is Optional
Summary
PartⅠ. Hacking
2.The Basics of(omprornising iOS
Why It's Important to Learn How to Break Into a Device
Jailbreaking Explained
Developer Tools
End User Jailbreaks
Jailbreaking an iPhone
DFU Mode
Tethered Versus Untethered
Compromising Devices and Injecting Code
Building Custom Code
Analyzing Your Binary
TestingYourBinary
Daemonizing Codey
Deploying Malicious Code with a Tar Archive
Deploying Malicious Code with a RAM Disk
Exercises
Summary
3.StealingtheFilesystem
Full Disk Encryption
Solid State NAND
Disk Encryption
Where iOS Disk Encryption Has Failed You
Copying the Live Filesystem
The DataTheft Payload
Customizing launchd
Preparing the RAM disk
Imaging the Filesystem
Copying the Raw Filesystem
The RawTheft Payload
Customizing launchd
Preparing the RAM disk
Imaging the Filesystem
Exercises
The Role of Soaal Engineering
Disabled Device Decoy
Deacrivated Device Decoy
Malware Enabled Decoy
Password Engineering Application
Summary
4.ForensicTraceand Data Leakage
Extracring Image Geotags
Consolidated GPS Cache
SQLite Databases
Connecting to a Database
SQLite Built-in Commands
Issuing SQL Queries
Important Database Files
Address Book Contacts
Address Book Images
Google Maps Data
Calendar Events
Call History
Email Database
Notes
……
PartⅡ. Securing
DFU mode is a low-level diagnostic mode, commonly referred to as Device Failsafe Utility or Device Firmware Upgrade. Due to a number of vulnerabilities in the boot ROM of many devices, exploits can be deployed through this low level mode to bypass the security checks that are normally in place on the device, allowing non-Apple codeto be booted from memory. The most notable of these exploits is named limeraln (I warned you about references to precipitation), and was contributed by popular hackerGeorge Hotz (GeoHot).
Booting code from memory is akin to booting off of a USB keychain or from a CD; only the disk here is a RAM disk, loaded into the device's memory, instead of a physical disk or key fob.To place a device into DFU mode, a special key sequence is used. The key sequencebegins from the point where the device is powered down. Immediately after the deviceis powered off, both the power and home buctons must be held in together for ap-proximately 10 seconds. You then release the power button while continuing to holddown the home butron for another 10 seconds, When the device successfully entersDFU mode, the screen will remain dark and the device will appear to be off, but willbe reachable across a USB connection.Common errors primarily involve counting time (i.e., the number of seconds for whicheach step of the sequence is performed), This can result in the device simply being "shutoff", rather than placed into DFU mode. Applications such as redsnOw, and eveniTunes, will auto-detect the device when it enters DFU mode, as it appears on the USBchain. To see this for yourself, launch the System PrOjciter application in the Utilitiesfolder, found inside your Mac desktop's Applications folder. Click on the USB tab. Ifthe device is connected, you should see USB DFU Device or Apple Moblle Device (DFUModel appear on the USB chain.
……