IOS security analysis on the mobile cloud storage service platform (Parse)

IOS security analysis on the mobile cloud storage service platform (Parse)

Parse: A cloud platform that provides background services for mobile apps
Parse is a cloud computing platform incubated by YC to provide background services for mobile applications. It provides tedious background services for developers so that developers only need to focus on specific development work. It provides services such as saving any data, storing photos or other files, sending push notifications, creating user accounts, using geographic data, and adding Facebook/Twitter accounts to log in.
Parse provides mobile developers with many practical functions, such as cloud data storage, push notifications, usage reports, crash log statistics, code hosting, background jobs, and other functions. Compared with the provided functions, This article focuses on the core of cloud computing, cloud data storage.
All cloud data is stored in the so-called custom category (common data table)



Perhaps it is the simple product experience of Parse that allows developers to forget security issues and vulnerabilities.
Parse Security Analysis
You can set different client permissions for these categories: GET, FIND, UPDATE, CREATE, DELETE, and add fields. By default, all are public. Of course, most developers often ignore this point when configuring tables.

I have a project on the Parse platform, which takes a lot of time to configure AOLs, so I am very interested in how other developers configure their accounts on Parse.
A Key pair is used to connect the Parse account to the mobile app: Application ID and Client Key. to operate on cloud data, we must find these keys. This allows us to use idb (an amazing IOS penetration testing program) [https://github.com/dmayer/idb#-crack the application's binary file. During decryption, we can check NSUserDefaults (a common place to store the data)

As you can see, there is nothing to gain. Let's go back to cracking the application's binary file. Using Hopper, we will find the Parse key from an application.

As we expected, the key for connecting to Parse is here. Next, we will analyze the Parse data structure and customer permissions.
The next step is to identify the table name of Parse. In fact, we have found the ClientKey in the previous one. Here we want to call multiple registerSubclass functions. Each class has a parseClassName function to return a corresponding Parse table name.


Let's take a look at the structure of these tables:

PFQuery *query =[PFQuery queryWithClassName:@"ParseClassName"];[queryfindObjectsInBackgroundWithBlock:^(NSArray *objects, NSError *error) {    NSLog(@"%@", objects);}];

We try to get an access license to determine how the application is running. What we need to do is submit a query to Parse and analyze the returned results. To this end, I wrote a tool ParseReveale to simplify some operations, making the entire process more convenient and convenient.