IOS security defense (I): Essential commands and tools for Hack

Source: Internet
Author: User

HackEssential commands and tools
 
 
Your application is being reverse engineered, tracked, and operated by other competitors! Is your application still bare-handed without defense?
I solemnly declare that we know how to defend against attacks. Everything is to prepare for future defense. Speak nonsense and start with the question.
Summary of the preparations for hack today.
 
Common commands and tools
Ps-display Process status, CPU usage, memory usage, etc.
Sysctl -- check the set Kernel configuration
Netstat: displays network connections, route tables, and interface statuses.
Route -- route Modification
Renice -- Adjust the program running priority
Ifconfig -- View network configurations
Tcpdump-intercept and Analyze network packets
Lsof-list the files opened by the current system. Do not forget that everything is a file, including network connection and hardware.
Otool ① -- view the dynamic library information that the program depends on and decompile the code segment ...... And so on.
Nm ② -- display symbol table
Ldid ③ -- signature Tool
Gdb-debugging tool
Patch-patch tools
SSH-Remote Control
 
 
Note: ① otool. You can view the libraries linked to executable programs:
Otool-L WQAlbum
You can get:

WQAlbum:
/System/Library/Frameworks/StoreKit. framework/StoreKit (compatibility version 1.0.0, current version 1.0.0)
/System/Library/Frameworks/AdSupport. framework/AdSupport (compatibility version 1.0.0, current version 1.0.0)
/Usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.5)
/System/Library/Frameworks // MediaPlayer. framework/MediaPlayer (compatibility version 1.0.0, current version 1.0.0)
/System/Library/Frameworks/MobileCoreServices. framework/MobileCoreServices (compatibility version 1.0.0, current version 40.0.0)
/System/Library/Frameworks/CoreMedia. framework/CoreMedia (compatibility version 1.0.0, current version 1.0.0)
......
 
Decompile WQAlbum's _ TEXT _ content, and cut the first 10 rows:
Otool-TV WQAlbum | head-n 10

You can get:

WQAlbum:
(_ TEXT ,__ text) section
Start:
20172de0 pushl $0x00
20172de2 movl % esp, % ebp
20172de4 andl $0xf0, % esp
Limit 2de7 subl $0x10, % esp
20172dea movl 0x04 (% ebp), % ebx
......
 
② Nm, show the program symbol table, and use my own app private album to show it up:
Nm-g WQAlbum (-g stands for global)

You can get:

001e5eec S _ OBJC_IVAR _ $ _ WQPhotoViewController. albumObject
001e5efc S _ OBJC_IVAR _ $ _ WQPhotoViewController.int _ current
001e5f00 S _ OBJC_IVAR _ $ _ WQPhotoViewController.int _ total
 
Where WQPhotoViewController is the class name and albumObject is the member of this class
 
 
③ Ldid: it is a signature tool provided by iPhone OS. platform. We need to sign the name of our self-compiled program to run on the iPhone/iPad. How to use it
Export CODESIGN_ALLOCATE =/Applications/Xcode. app/Contents/Developer/Platforms/iPhone OS. platform/Developer/usr/bin/codesign_allocate
Ldid-S helloworld
 
 
Compile Hello world
1. First find the compiler:

 

 

 
Arm-apple-darwin10-llvm-gcc-4.2.
For convenience, you can configure environment variables in. bashrc or profile to facilitate compilation.
 
2. Find the SDK

 
When compiling our own program, you must specify the SDK under this directory.
 
3. A classic Hello world:  
1. # include <stdio. h>
2. IntMain (){
3. printf ("Hello world !!! \ N ");
4. Return0;
5 .}



4. Compile

 
Where-isysroot is used to specify the SDK for build
 
5. Verification
 
 
File to check the type. No problem.
 
6. The premise of SCP for iPhone and iPad is that the device has been jailbroken and installed with SSH, and must be in the same network segment.
$ Scp helloworld root@x.x.x.x: hello world



7. login device signature $ ssh-l root x. x
# Ldid-S helloworld



8. Execute the Program #./helloworld
Hello world !!!
 
It runs successfully, which completes the simplest manual execution of your application.
 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.