Lightning Talk - Beyond The ‘Cript: Practical iOS Reverse Engineering

Presented at AppSec USA 2016, Oct. 13, 2016, 10:45 a.m. (10 minutes).

There is an app for everything these days. And if you are current on your Infosec news you know every new app comes with its own vulnerabilities. One class of bugs has been relatively easy to find, with frameworks becoming increasingly available to help. 

But more and more developers are hardening their apps against common issues using jailbreak detection and best practices, and some of the easy issues are starting to dry up.

Luckily for the top testers, there is another class of bug that can still (and only) be found with deeper knowledge of iOS and its underlying assembly code.

The aim of this talk is to build a bridge between the mundane methodologies and vulnerabilities that everyone can find (and that are now being defended against), and a new approach that finds additional bugs that require assembly knowledge to discover. 

The talk looks at the fundamentals of reversing, a primer on iOS architecture, binary patching, reversing MACH-0 binaries, and ends with some real-world examples involving jailbreak detection.


Presenters:

  • Michael Allen - Security Consultant - IOActive, Inc
    Michael E. Allen is a security consultant at IOActive with more than ten years of experience in the Information Security industry. His primary interests are in programming, exploit development, and reverse engineering. Mr. Allen has extensive skills in design, implementation, enhancement, testing, maintenance, and support of a myriad of software instances. He's adept in both testing software, as well as assisting development teams with the implementation of software protection mechanisms.

Links:

Similar Presentations: