ios dynamic library code injection - 23 nov 2016
TRANSCRIPT
![Page 1: iOS Dynamic Library Code Injection - 23 Nov 2016](https://reader033.vdocuments.net/reader033/viewer/2022042619/587a21361a28abb4238b79d5/html5/thumbnails/1.jpg)
Image from http://dyci.github.io/
iOS Dynamic Library Injection
- Kenneth Poon
![Page 2: iOS Dynamic Library Code Injection - 23 Nov 2016](https://reader033.vdocuments.net/reader033/viewer/2022042619/587a21361a28abb4238b79d5/html5/thumbnails/2.jpg)
•Technical Lead iOS Engineer @ PropertyGuru •Agile, Xtreme Programming, Tests •XCUITest+Gherkin (July 2016)
![Page 3: iOS Dynamic Library Code Injection - 23 Nov 2016](https://reader033.vdocuments.net/reader033/viewer/2022042619/587a21361a28abb4238b79d5/html5/thumbnails/3.jpg)
Agenda
• Short story of me engaging in PokemonGo
• Game plan for creating iOS Mod Apps
• Demo of Code Injection
![Page 4: iOS Dynamic Library Code Injection - 23 Nov 2016](https://reader033.vdocuments.net/reader033/viewer/2022042619/587a21361a28abb4238b79d5/html5/thumbnails/4.jpg)
Trying to beat the game
6 Aug 2016
- 9 am Discovered PokemonGo is live
- 12 pm Started Location Spoofing
A Week Later
- Built my own location spoof Mac App
- Integration Go Radar Api
- Requires Direct XCode-Device Wired Connection
![Page 5: iOS Dynamic Library Code Injection - 23 Nov 2016](https://reader033.vdocuments.net/reader033/viewer/2022042619/587a21361a28abb4238b79d5/html5/thumbnails/5.jpg)
Trying to beat the game
![Page 6: iOS Dynamic Library Code Injection - 23 Nov 2016](https://reader033.vdocuments.net/reader033/viewer/2022042619/587a21361a28abb4238b79d5/html5/thumbnails/6.jpg)
How to install this PokemonGo Mod?
http://pokemongohacks.me/
![Page 7: iOS Dynamic Library Code Injection - 23 Nov 2016](https://reader033.vdocuments.net/reader033/viewer/2022042619/587a21361a28abb4238b79d5/html5/thumbnails/7.jpg)
How to install this PokemonGo Mod?
Mod Ipa
Cydia Impactor
• Cydia Impactor is a tool that resigns and install apps onto devices
• Works with non-jailbroken devices
• Downloadable at http://www.cydiaimpactor.com/
Apple Dev Account
Non-JB
![Page 8: iOS Dynamic Library Code Injection - 23 Nov 2016](https://reader033.vdocuments.net/reader033/viewer/2022042619/587a21361a28abb4238b79d5/html5/thumbnails/8.jpg)
How to install this PokemonGo Mod?
DEMO
![Page 9: iOS Dynamic Library Code Injection - 23 Nov 2016](https://reader033.vdocuments.net/reader033/viewer/2022042619/587a21361a28abb4238b79d5/html5/thumbnails/9.jpg)
Hmmm Whats That?
![Page 10: iOS Dynamic Library Code Injection - 23 Nov 2016](https://reader033.vdocuments.net/reader033/viewer/2022042619/587a21361a28abb4238b79d5/html5/thumbnails/10.jpg)
Concepts - Code Injection
Investigative To Introduce Behaviour Change
• Code Injection Attacks Examples- SQL Injection / XML Injection- HTML Script / Command Injection
![Page 11: iOS Dynamic Library Code Injection - 23 Nov 2016](https://reader033.vdocuments.net/reader033/viewer/2022042619/587a21361a28abb4238b79d5/html5/thumbnails/11.jpg)
Concepts - Dynamic Library / Binary
• XCode compiles Apps statically • Highlights Compilation Errors for codes in project that
cannot be statically linked • During Build Phase, Xcode links project with external
binaries and perform necessary checks. • However at packaging phase, Xcode does not
guarantee all dependencies will be available during run time
dyld: Library not loaded: @rpath/libswift_stdlib_core.dylib
![Page 12: iOS Dynamic Library Code Injection - 23 Nov 2016](https://reader033.vdocuments.net/reader033/viewer/2022042619/587a21361a28abb4238b79d5/html5/thumbnails/12.jpg)
Concepts - Dynamic Library / Binary
![Page 13: iOS Dynamic Library Code Injection - 23 Nov 2016](https://reader033.vdocuments.net/reader033/viewer/2022042619/587a21361a28abb4238b79d5/html5/thumbnails/13.jpg)
Concepts - Dynamic Library / Binary• Static Library - a unit of code linked at compile time.
[Cant use this]
• Dynamic library - a unit of code and/or assets linked at runtime that may change [We can use this]
• Load Dylib command needs to be executed on the .ipa package before the final package/signing of the app
![Page 14: iOS Dynamic Library Code Injection - 23 Nov 2016](https://reader033.vdocuments.net/reader033/viewer/2022042619/587a21361a28abb4238b79d5/html5/thumbnails/14.jpg)
Non-JB
Game plan for creating iOS Mod Apps
Cydia Impactor
Apple Dev Account
Original Ipa
Custom Dylib
Patched Ipa
Patched Ipa+ Patching
You may need to download cracked from 3rd Party content providers like www.iphonecake.com
![Page 15: iOS Dynamic Library Code Injection - 23 Nov 2016](https://reader033.vdocuments.net/reader033/viewer/2022042619/587a21361a28abb4238b79d5/html5/thumbnails/15.jpg)
Dynamic Library Injection
DEMO
https://github.com/depoon/iOSDylibInjectionDemo