8/17/2019 Breaking Secure Mobile Applications - BSides
1/47
!"#$%&'( *+#,-"#. /01&2# 3442&,$50'6
!+&7#6/89:-'# ;
?70@,A#22?/B+#,C$16
8/17/2019 Breaking Secure Mobile Applications - BSides
2/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
H'E"07-,50'
3(#'7$
• !$,%("0-'7
• IA# 4"012#@
• 8$6# 6E-7
• !&'$"J 4"0E#,50'6
• K&'$2 ,$6# 6E-7J
•
80',2-6&0'6
8/17/2019 Breaking Secure Mobile Applications - BSides
3/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
• +4#'E L=M @0'EA6 N"0@ ;
8/17/2019 Breaking Secure Mobile Applications - BSides
4/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
IA# U"012#@
/01&2# B$E$
• C0E6 0N $442&,$50'6P 70&'( 20E6 0N !"#$%$&'"( EA&'(6
– !$'%&'(
– +0,&$2 '#EQ0"%6
–
V$@12&'( – U"&G$,J 7"&G#' $442&,$50'6
– W'E#"4"&6# $442&,$50'6 Q&EA &'E#"'$2 &'E#("$50'6
•
C0E6 0N &'E#"#65'( 7$E$ – UHH
– K&'$',&$2 7$E$
– +#'6&5G# ,0"40"$E# 7$E$
8/17/2019 Breaking Secure Mobile Applications - BSides
5/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
IA# U"012#@
IA# 3X$,% +-"N$,#
• /01&2# $442&,$50' &'6#,-"&5#6 $"# Q#22 70,-@#'E#7
– H'6#,-"# 6E0"$(#
– I"$'640"E &'6#,-"&5#6
–
H'O#,50' G-2'#"$1&2&5#6 – I$@4#"&'( $X$,%6
• YA$E $"# EA# $X$,% 6,#'$"&06Z
–
:$&21"#$%&'([9005'( 1J -6#"[$X$,%#" \ U$'(-Z – 3X$,%6 N"0@ @$2Q$"#P #F(F ]'^07 !$1J U$'7$
– 344 &@&E$50' $'7 "#4$,%&'( Q&EA @$2&,&0-6 ,07#
– I$"(#E#7 #_420&E$50'
– 8$6-$2 7"&G# 1J 70Q'20$7
8/17/2019 Breaking Secure Mobile Applications - BSides
6/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
IA# U"012#@
3442&,$50' H'6#,-"&5#6
•
B&"#,E "#@#7&$50' 0N $442&,$50' &'6#,-"&5#6 &6 (#'#"$22J Q#22 70,-@#'E#7
•
/$'J $442&,$50'6 A$G# 6E$"E#7 E0 N0220Q "#,0@@#'7#7 $,50'6 E0 $77"#66 EA#
E"$7&50'$2 G-2'#"$1&2&5#6`
–
82'E 6&7# $-EA#'5,$50'
– W',"J450' 0N 4#"6&6E#'E 7$E$
– 8#"5a,$E# 4&''&'(
•
B0 EA#6# 4"0E#,E $($&'6E $22 $X$,% 6,#'$"&06Z – b0Q E"&G&$2 &6 &E E0 1J4$66 N"0@ 0'c7#G&,#Z
– YA$E $10-E "#60-",#[$44 @07&a,$50' \ $7Q$"#[64JQ$"# &'6#"50'Z
•
IA# $"@6 "$,# 1#(&'6d
8/17/2019 Breaking Secure Mobile Applications - BSides
7/47 D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
• *+#,-"#. &6 1$'7#7 $"0-'7 $ 20EP '0E O-6E &' @01&2#
– *+#,-"# #'7cE0c#'7 @#66$(&'(.
– *+#,-"# 6E0"$(#.
–
*+#,-"# 7#G&,# @$'$(#@#'E.
• B#,&7#7 E0 ,A$22#'(# 60@# 0N EA#6# ,2$&@6
H'E"07-,50'
8$6# +E-7
8/17/2019 Breaking Secure Mobile Applications - BSides
8/47 D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
8$6# +E-7J e=
/01&2#H"0'
• U04-2$" /B/ 7"&G#' 1J 402&, 6#E 0' EA# f+U gf&"E-$2
+@$"E4A0'# U2$h0"@i
•
9#40"E6 1$,% E0 EA# f+U[+#'E"J 7#G&,#6 0N 402&,J G&02$50'6 6-,A$6 O$&21"#$%&'( $'7 ,$' "#$,E $,,0"7&'(2JP #_$@42#6 &',2-7#
"#@0G&'( #c@$&2 $'7 fUj $,,#66
8/17/2019 Breaking Secure Mobile Applications - BSides
9/47 D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
8$6# +E-7J e=
/01&2#H"0'
• Y#22 %'0Q' 2&@&E$50' 0N EA# 60kQ$"#P N0",&12J ,206&'( EA# $44
$'7 7&6$12&'( 20,$50' 6#"G&,#6 4"#G#'E6 &E 7#E#,5'( 402&,J
G&02$50'6 $'7 "#40"5'( 1$,% E0 EA# f+U
8/17/2019 Breaking Secure Mobile Applications - BSides
10/47 D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
8$6# +E-7J e;
Y&,%"
• H' :$'-$"J ; Y&,%" $''0-',#7 $ 1-( 10-'EJ
8/17/2019 Breaking Secure Mobile Applications - BSides
11/47 D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
8$6# +E-7J e;
Y&,%"
• IA# $442&,$50' &6 $ 4"&G$,J 7"&G#' &'6E$'E @#66$(&'( 6#"G&,#
• I$( 2&'# *2#$G# '0 E"$,#. \ 6-4406#72J N0"#'6&,$22J 60-'7
• +#2Nc7#6E"-,5'( @#66$(#6P 4&,E-"#6P N-22J #',"J4E#7
• IA# $44 #@420J#7 '0 1&'$"J 4"0E#,50'6 60 E$@4#"&'( Q$6 N$&"2J
E"&G&$2
• Y&EA&' ;> A0-"6 EA#"# Q#"# 60@# &'E#"#65'( a'7&'(6
8/17/2019 Breaking Secure Mobile Applications - BSides
12/47 D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
8$6# +E-7J e;
Y&,%"
YH8l9 BW/m
8/17/2019 Breaking Secure Mobile Applications - BSides
13/47 D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
8$6# +E-7J en
VmoW'E#"4"&6#
• !pmB ,0'E$&'#" EA$E $220Q6 $ 6#4$"$E# Q0"%64$,# N0" @$&2P
,0'E$,E6P 6#,-"# 1"0Q6&'(P a2# 6E0"$(# #E,F
•
*IA# VmoW'E#"4"&6# @01&2&EJ 42$h0"@ Q$6 7#6&('#7 N"0@ EA#("0-'7 -4 Q&EA 6#,-"&EJ &' @&'7F IA-6 VmoW'E#"4"&6# 602-50'6
&'A#"&E $ Q#$2EA 0N 6#,-"&EJ N#$E-"#6 EA$E @&'&@&q# EA# "&6% 0N
-'$-EA0"&q#7 $,,#66P 7$E$ 2#$%$(# $'7 6#,-"&EJ 1"#$,A#6F.
• 322 @$'$(#7 N"0@ $ 4#" #'E#"4"&6# ,20-7 &'6E$',#
8/17/2019 Breaking Secure Mobile Applications - BSides
14/47 D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
8$6# +E-7J en
VmoW'E#"4"&6#
• H'6E$22#7 EA# $44 $'7 6J',A"0'&6#7 7$E$S $44#$"#7 E0 1# -6&'(
EA#6# 7$E$1$6#6 N0" 6E0"$(#
• B#,0@4&2&'( $'7 $'$2J6&'( EA# 3UlP "#G#$2#7 &E Q$6 -6&'(
+rC8&4A#"
8/17/2019 Breaking Secure Mobile Applications - BSides
15/47 D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
8$6# +E-7J en
VmoW'E#"4"&6#
• j#_E 6E#4 Q$6 E0 a'7 QA#"# @U$66Q0"7 ,0@#6 N"0@`
8/17/2019 Breaking Secure Mobile Applications - BSides
16/47 D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
8$6# +E-7J en
VmoW'E#"4"&6#
• IA# %#J $44#$"6 E0 1# 7#"&G#7 N"0@ EA# H/WH $'7 EA# 4$EA E0 EA#
7$E$1$6#P -6&'( EA# H/WH $6 $ 6$2E
• IA&6 ,$' 1# G#"&a#7 1J "#4"07-,&'( EA# ,07# &' $'0EA#" $44
8/17/2019 Breaking Secure Mobile Applications - BSides
17/47 D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
8$6# +E-7J en
VmoW'E#"4"&6#
• 9-''&'( EA# U08 (#'#"$E#6 EA# N0220Q&'( %#J N0" EA# *6E0"$(#F71.
7$E$1$6#
• ]6&'( EA# %#J &ER6 4066&12# E0 GQ EA# 7$E$1$6#
8/17/2019 Breaking Secure Mobile Applications - BSides
18/47 D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
8$6# +E-7J en
VmoW'E#"4"&6#
• IA# sG$"&$12#6 E$12# A$6 60@# &'E#"#65'( 7$E$d
8/17/2019 Breaking Secure Mobile Applications - BSides
19/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
8$6# +E-7J e>
l$6#J$ !pmB
8/17/2019 Breaking Secure Mobile Applications - BSides
20/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
8$6# +E-7J e>
l$6#J$ !pmB
• !pmB $442&,$50' EA$E 4"0G&7#6 $,,#66 E0 70,-@#'E6P #c@$&2P $'7
$ 1"0Q6#"
•
3446 ,0''#,E E0 $ ($E#Q$J EA$E 4"0_ E0 &'E#"'$2 "#60-",#6 6-,A$6 &'E"$'#E $442&,$50'6 $'7 a2# 6A$"#6
• 3,,#66 E0 EA# $44 &6 4"0E#,E#7 G&$ $ UHj
8/17/2019 Breaking Secure Mobile Applications - BSides
21/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
8$6# +E-7J e>
l$6#J$ !pmB
• r-&,%2J &7#'5a#7 $' &'E#"#65'( ,2$66`
8/17/2019 Breaking Secure Mobile Applications - BSides
22/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
8$6# +E-7J e>
l$6#J$ !pmB
l$6#J$ !pmB BW/m
8/17/2019 Breaking Secure Mobile Applications - BSides
23/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
!&'$"J U"0E#,50'6
mG#"GQ
• H'E"07-,#7 E0 EA# mY3+U /01&2# I04 I#' $E mY3+U 344+#,
8$2&N0"'&$ &' :$'-$"J ;
•
3X#@4E6 E0 $,AG# EA# N0220Q&'( (0$26` – U"#G#'E 60kQ$"# 04#"$5'( &' $' -'E"-6E#7 #'G&"0'@#'E
– IAQ$"E 0" &',"#$6# EA# ,0@42#_&EJ 0N "#G#"6# #'(&'##"&'(
– IAQ$"E 0" &',"#$6# EA# ,0@42#_&EJ 0N @07&a,$50' 0" E$@4#"&'( $X$,%6
–
B#E#,E[U"#G#'E $X$,%6 N"0@ 0'c7#G&,# @$2Q$"#
• b0Q ,0@@0' $"# EA#6# 4"0E#,50'6Z
– ;
8/17/2019 Breaking Secure Mobile Applications - BSides
24/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
!&'$"J U"0E#,50'6
mG#"GQ
• +0 QA$E $"# EA# "&6%6Z
– IA#k 0N H'E#22#,E-$2 U"04#"EJ N"0@ "#G#"6# #'(&'##"&'(
– 8&",-@G#'50' 0N 6#,-"&EJ ,0'E"026S $-EA#'5,$50'P #',"J450'P 2&,#'6&'(P
B9/P O$&21"#$%["00E 7#E#,50'
– C066 0N "#G#'-# N"0@ 4&"$,J
– !"$'7[9#4-E$50'$2 7$@$(# N"0@ $44 &@&E$50' $'7[0" ,07# @07&a,$50'
8/17/2019 Breaking Secure Mobile Applications - BSides
25/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
!&'$"J U"0E#,50'6
mG#"GQ
• +0@# 0N EA# 1&'$"J 4"0E#,50'6 J0- @$J A$G# #',0-'E#"#7`
– :$&21"#$%[900E 7#E#,50'
– 9#60-",# $'7 ,07# &'E#("&EJ ,A#,%6-@6
–
3'5c7#1-((&'( – 9-'5@# E$@4#" 4"0E#,50'
– m1N-6,$50'
• j0E $ 6&2G#" 1-22#Eo
8/17/2019 Breaking Secure Mobile Applications - BSides
26/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
!&'$"J U"0E#,50'6
:$&21"#$%[900E B#E#,50'
• 3X#@4E6 E0 7#E#,E &N EA# $442&,$50' &6 "-''&'( 0' $ O$&21"0%#' 0"
"00E#7 7#G&,#
•
HN $ ,0@4"0@&6# &6 7#E#,E#7 EA# $44 -6-$22J 70#6 0'# 0" @0"# 0N` – Y$"' EA# -6#"
– Y&4# $'J 6#'6&5G# 7$E$
– 9#40"E 1$,% E0 $ @$'$(#@#'E 6#"G#"
–
W_&E [ 8"$6A
8/17/2019 Breaking Secure Mobile Applications - BSides
27/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
!&'$"J U"0E#,50'6
:$&21"#$%[900E B#E#,50'
• :$&21"#$%[900E 7#E#,50' &@42#@#'E$50'6 -6-$22J 4#"N0"@ EA#
N0220Q&'( $,5G&5#6`
– W_$@&'# EA# a2#6J6E#@
–
8A#,% 04#' 40"E6 – I#6E 6$'710_ "#6E"&,50'6
– U#"@&66&0'6 0' @#@0"J 4$(#6
– WG&7#',# 0N @07&a,$50'6 g#F(F 1-&27 %#J6i
•
mk#' E"&G&$2 E0 1J4$66 -'2#66 0EA#" 4"0E#,50'6 $"# &' 42$,#
8/17/2019 Breaking Secure Mobile Applications - BSides
28/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
!&'$"J U"0E#,50'6
H'E#("&EJ 8A#,%6-@6
• 3X#@4E E0 #'6-"# EA$E $442&,$50' "#60-",#6 0" &'E#"'$2 ,07#
6E"-,E-"#6 A$G#'RE 1##' @07&a#7 0" '#Q ,07# &'6#"E#7
•
HN E$@4#"&'( &6 7#E#,E#7 @0"# 0k#' EA$' '0E $ ,"$6A &6 E"&((#"#7
• IJ4&,$22J &@42#@#'E#7 1J #@1#77&'( $ *Q#1. 0N 6#2N G$2&7$5'(
,A#,%6-@ N-',50'6 &' E0 $' $442&,$50'
• 8A#,%6-@ ,$2,-2$50'6 4#"N0"@#7 0' 64#,&a, N-',50'6 0" $,"066
$ ,2$66P $6 Q#22 $6 40"50'6 0N EA# ,07# 6#(@#'E
8/17/2019 Breaking Secure Mobile Applications - BSides
29/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
!&'$"J U"0E#,50'6
H'E#("&EJ 8A#,%6-@6
• K0" '$5G# ,07# ,$' 1# &@42#@#'E#7 -6&'( 8
– H'6#"E $ 2$1#2 1#N0"# $'7 $k#" EA# N-',50'6 J0- Q$'E E0 ,A#,%6-@ E0 (#E
EA# N-',50' 6&q#
8/17/2019 Breaking Secure Mobile Applications - BSides
30/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
!&'$"J U"0E#,50'6
H'E#("&EJ 8A#,%6-@6
• 3 ,A#,%6-@ ,$' EA#' 1# ,$2,-2$E#7 1$6#7 0' EA# 6E$"E $77"#66 u
EA# 2#'(EA $'7 ,0@4$"#7 Q&EA $ 6E0"#7 ,A#,%6-@
• +&@&2$" ,A#,%6 6A0-27 1# #@1#77#7 $,"066 EA# ,07#
8/17/2019 Breaking Secure Mobile Applications - BSides
31/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
!&'$"J U"0E#,50'6
H'E#("&EJ 8A#,%6-@6
• IA#"# $"# 6#G#"$2 6A0"E,0@&'(6 &' EA&6 @#EA07 0N
&@42#@#'E$50'`
– IA# $442&,$50' a"6E '##76 E0 1# "-' E0 ,$2,-2$E# EA# 6E0"#7 898 QA&,A &6
EA#' #@1#77#7 &' E0 EA# ,07#
– IA# 20,$50' 0N EA# ,A#,%6-@6 &6 7&v,-2E E0 "$'70@&q# $,"066 1-&276
• 3 1#X#" 1-E ,0@42#_ $44"0$,A ,$' 1# $,AG#7 -6&'( EA# CCf/
,0@4&2#"
–
B-"&'( ,0@4&2$50' EA# :HI #'(&'# ,$' ,0@4&2# EA# N-',50'6 EA$E J0- Q$'E
E0 4"0E#,E
– IA&6 ,$' 1# -6#7 E0 ,$2,-2$E# EA# "#2#G$'E ,A#,%6-@6 EA#' G$2&7$50' ,07#
,$' 1# #@1#77#7 -6&'( EA# CCf/ H9
8/17/2019 Breaking Secure Mobile Applications - BSides
32/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
!&'$"J U"0E#,50'6
3'5cB#1-((&'(
• Y&EA $ 7#1-((#" $' $X$,%#" &6 $12# E0 E"&G&$22J @$'&4-2$E#
$442&,$50' 1#A$G&0"
•
K0" #_$@42#P &' &m+ $442&,$50'6 &E &6 4066&12# E0 6&@-2$E# @#EA07,$226 E0 01O#,E6 1J &'G0%&'( ,$226 E0 objc_msgSend
• 3'5c7#1-((&'( 4"0E#,50'6 $X#@4E E0 7#E#,E $'7 4"#G#'E $
7#1-((#" 1#&'( $X$,A#7
• ]'2&%#2J E0 EAQ$"E $' $7G$',#7 $7G#"6$"J
8/17/2019 Breaking Secure Mobile Applications - BSides
33/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
!&'$"J U"0E#,50'6
3'5cB#1-((&'(
• m' &m+ EA# 4"0,#66 6E$E-6 ,$' 1# T-#" -6&'( 6J6,E2
•
IA# PT_DENY_ATTACH ^$( ,$' $260 1# 6#E
8/17/2019 Breaking Secure Mobile Applications - BSides
34/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
!&'$"J U"0E#,50'6
3'5cB#1-((&'(
• +#G#"$2 ,0@@0' &@42#@#'E$50'6 N0" 3'7"0&7 $442&,$50'6
• Bf/ A$6 EA# Debug.isDebuggerConnected ,2$66
• 8$' $260 1# "#$7 7&"#,E2J N"0@ EA# Bf/ G&$ :jH "$EA#" EA$' -6&'(
EA# 3UH
•
I&@&'( EA"#$7 #_#,-50'
8/17/2019 Breaking Secure Mobile Applications - BSides
35/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
!&'$"J U"0E#,50'6
9-'5@# I$@4#" U"0E#,50'
• K"$@#Q0"%6 2&%# 8J7&$ +-16E"$E# @$%# A00%&'( 0N EA# m1O#,5G#c8
0" B$2G&% "-'5@#6 E"&G&$2
•
3220Q6 $' $7G#"6$"J 0" @$2Q$"# E0 &'G0%# 0" @07&NJ &'E#"'$2@#EA076
– !J4$66 6#,-"&EJ ,0'E"026
– C#$%[+E#$2 6#'6&5G# 7$E$
• K$&"2J -'&T-# 6&E-$50' EA$E $ 7#G#204#" ,$''0E E"-6E EA#&" 0Q'
"-'5@#
8/17/2019 Breaking Secure Mobile Applications - BSides
36/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
!&'$"J U"0E#,50'6
9-'5@# I$@4#" U"0E#,50'
• 3X#@4E6 E0 7#E#"@&'# QA#EA#" N-',50'6 A$G# 1##' A00%#7 $E
"-'5@#
•
+#G#"$2 E"&,%6 N0" &m+ EA$E ,$' A#24 &7#'5NJ "-'5@# E$@4#"&'(P1-E J#E E0 6## $'JEA&'( N0" 3'7"0&7 Bf/ gEA&6 70#6'RE @#$' &E
70#6'RE #_&6Eo!i
8/17/2019 Breaking Secure Mobile Applications - BSides
37/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
!&'$"J U"0E#,50'6
9-'5@# I$@4#" U"0E#,50'
• 8A#,% e= ` f$2&7$5'( EA# 60-",# &@$(# 20,$50'
• IA# 20,$50'6 N0" 7J2&16 Q&EA EA# +Bl @#EA076 &6 $ a'&E# 6#E 0N
7&"#,E0"` – [-6"[2&1
– [+J6E#@[C&1"$"J[K"$@#Q0"%6
– [+J6E#@[C&1"$"J[U"&G$E#K"$@#Q0"%6
–
[+J6E#@[C&1"$"J[3,,#66&1&2&EJ – [+J6E#@[C&1"$"J[I#_EH'4-E
• Dladdr E$%#6 $ N-',50' 40&'E#" $'7 "#E-"'6 7#E$&26 0' EA#
60-",# &@$(#
8/17/2019 Breaking Secure Mobile Applications - BSides
38/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
!&'$"J U"0E#,50'6
9-'5@# I$@4#" U"0E#,50'
• 9#E"G# EA# &@$(# '$@# $'7 ,0@4$"# &E E0 %'0Q' G$2-#6
8/17/2019 Breaking Secure Mobile Applications - BSides
39/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
!&'$"J U"0E#,50'6
9-'5@# I$@4#" U"0E#,50'
• 8A#,% e;` +,$' N0" @$2&,&0-6 2&1"$"
• 8J7&$ +-16E"$E# $'7 8J,"&4E Q&22 &'O#,E $ 7J2&1 &' E0 EA# 4"0,#66
QA#' &E 2$-',A#6
• HER6 4066&12# E0 &E#"$E# EA# 2&6E 0N 20$7#7 2&1"$" $'7 6#$",A N0"
,0@@0' O$&21"#$% $660,&$E#7 2&1"$" 6-,A $6 *+-16E"$E#. $'7
*,J,"&4E.
8/17/2019 Breaking Secure Mobile Applications - BSides
40/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
!&'$"J U"0E#,50'6
9-'5@# I$@4#" U"0E#,50'
• V#E $ 2&6E 0N 2&'%#7 2&1"$" $'7 6,$' N0" O$&21"#$% 6E"&'(6
8/17/2019 Breaking Secure Mobile Applications - BSides
41/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
!&'$"J U"0E#,50'6
9-'5@# I$@4#" U"0E#,50'
• 8A#,% en` 8A#,% N0" 8J7&$ +-16E"$E# 4$E,A#6
• W_$@&'&'( EA# ,07# g6## SubstrateHookFunctionARMi Q#
,$' 6## QA$E &E 70#6`
• I"$@402&'# &6 &'6#"E#7P O-@46 E0 $' $1602-E# $77"#66
–
27" 4,P w4,P cx
8/17/2019 Breaking Secure Mobile Applications - BSides
42/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
!&'$"J U"0E#,50'6
m1N-6,$50'
• 3X#@4E6 E0 ,0@42&,$E# "#G#"6# #'(&'##"&'( 1J @$%&'( &E 7&v,-2E
0" ,0@42#_ E0 -'7#"6E$'7
•
m1N-6,$50' EJ4&,$22J $,AG#6 EA&6 1J 70&'( 60@# 0" $22 0N EA#N0220Q&'( g$'7 @0"#oi`
– m16,-"# '$@#6 0N ,2$66#6P a#276 $'7 @#EA076
– H'6#"E 10(-6 ,07#
–
/07&NJ EA# ,0'E"02 ^0Q – +-165E-50' 0N &'6E"-,50'6
• 3'7"0&7 ,0@#6 Q&EA U"0V-$"7 N0" "#2#$6# 1-&276P 22G@c01N-6,$E0"
&6 $' 04#'60-",# '$5G# ,07# #T-&G$2#'E
7
8/17/2019 Breaking Secure Mobile Applications - BSides
43/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
8$6# +E-7J ey
344 U"0E#,50' U"07-,E
• 9#GQ#7 $ 1&'$"J 4"0E#,50' 602-50' N0" $ G#'70"
• ]'N0"E-'$E#2J Q0"% 4#"N0"@#7 -'7#" jB3 Sg
• IA# 602-50' Q0"%#7 1J #@1#77&'( 6&@&2$" 4"0E#,50'6 E0 EA06#
7#6,"&1#7P &',2-7&'( "-'5@# E$@4#"&'(P ,A#,%6-@ 4"0E#,50' #E,
E0 CCf/ H9
• IA# 4"0E#,50'6 Q0"%#7 $' 0'&0' $'7 #$,A 0'# '##7#7 E0 1#
4#$2#7 0z 0'# $E $ 5@#P 6E$"5'( Q&EA EA# &'E#("&EJ ,A#,%6-@@&'(
7
8/17/2019 Breaking Secure Mobile Applications - BSides
44/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
8$6# +E-7J ey
344 U"0E#,50' U"07-,E
• U$E,A&'( EA# 1&'$"J $'7 E"&((#"&'( $ ,"$6A 2#$7 -6 E0 a'7 60@#
#_$@42#6 0N EA# G$2&7$50' "0-5'# N"0@ EA# ,$22 6E$,%
•
9#G#"6&'( 60@# 0N EA#6# N-',50'6 Q# N0-'7 $ ,0@@0'7#'0@&'$E0"P EA#J $22 ,$22#7 srand()
• H' EA#0"JP &E 6A0-27 1# 4066&12# E0 &7#'5NJ $22 0N EA#
,A#,%6-@@&'( N-',50'6 1J ,"066 "#N#"#',#6 E0 srand()
8 + 7 ey
8/17/2019 Breaking Secure Mobile Applications - BSides
45/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
8$6# +E-7J ey
344 U"0E#,50' U"07-,E
•
HB3UJEA0' E0 EA# "#6,-#o
8 2 &
8/17/2019 Breaking Secure Mobile Applications - BSides
46/47
D ; /B+#, 80'6-25'( CE7F 322 "&(AE6 "#6#"G#7F
80',2-6&0'6
mG#"GQ
• +#,-"# 70#6'RE $2Q$J6 @#$' 6#,-"#
• !&'$"J 4"0E#,50'6 $"#'RE $ 6&2G#" 1-22#Eo
• U"0E#,50'6 '##7 E0 1# 2$J#"#7
r { 3
8/17/2019 Breaking Secure Mobile Applications - BSides
47/47
r { 3
IA$ER6 $22 N02%6o
r]W+IHmj+Z
• !"#$"%`
– AX4`[[QQQF@76#,F,0F-%
–
AX4`[[120(F@76#,F,0F-%
– AX46`[[(&EA-1F,0@[@76#,"#6#$",A
• &'()$#`
– 70@&'&, w$Ex @76#, w70Ex ,0 w70Ex -%
•
*+$,%-.
?70@,A#22
?/B+#,C$16