Skip to content

MASTG-DEMO-0094: Use of the Deprecated UIWebView

Download MASTG-DEMO-0094 IPA Open MASTG-DEMO-0094 Folder Build MASTG-DEMO-0094 IPA

Sample

The following sample demonstrates the use of UIWebView.

MastgTest.swift
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
import SwiftUI
import UIKit
import WebKit

struct MastgTest {
  @inline(never) @_optimize(none)
  public static func mastgTest(completion: @escaping (String) -> Void) {
    DispatchQueue.main.async {
      // Build the alert
      completion("Showing WebView for 2s...")
      // 1. Create the WebView
      DispatchQueue.main.asyncAfter(deadline: .now() + 1){
        let webView = UIWebView()
        webView.loadRequest(URLRequest(url: URL(string: "https://owasp.org")!))

        // 2. Create a UIViewController to hold the WebView
        let viewControllerToPresent = UIViewController()
        viewControllerToPresent.view = webView
        // Present from the topmost view controller
        if let presenter = topViewController() {
          presenter.present(viewControllerToPresent, animated: true, completion: {})
        } else {
          completion("Failed to present web view (no active view controller).")
        }
      }
    }
  }

//   Finds the currently visible view controller to present from
  private static func topViewController(
    base: UIViewController? = {
      let scenes = UIApplication.shared.connectedScenes
        .compactMap { $0 as? UIWindowScene }
      let keyWindow = scenes
        .flatMap { $0.windows }
        .first { $0.isKeyWindow }
      return keyWindow?.rootViewController
    }()
  ) -> UIViewController? {
    if let nav = base as? UINavigationController {
      return topViewController(base: nav.visibleViewController)
    }
    if let tab = base as? UITabBarController {
      return topViewController(base: tab.selectedViewController)
    }
    if let presented = base?.presentedViewController {
      return topViewController(base: presented)
    }
    return base
  }
}

Steps

  1. Unzip the app package and locate the main binary file ( Exploring the App Package), which in this case is ./Payload/MASTestApp.app/MASTestApp.
  2. Open the app binary with radare2 (iOS) with the -i option to run the script.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
e asm.bytes=false
e scr.color=false
e asm.var=false

?e List all uses of the 'UIWebView' class:

f~UIWebView

?e

?e List all xrefs to the 'UIWebView' class:

axt @ 0x100010108

?e

?e Code snippet that contains the xref to 'UIWebView':

pd 10 @ 0x100004514

1
2
#!/bin/bash
r2 -q -i uiwebview.r2 -A MASTestApp > output.txt

Observation

The output contains a reference to UIWebView used from the sym.MASTestApp.MastgTest.mastg.completion__1 function.

output.txt
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
List all uses of the UIWebView class:
0x100010108 8 reloc.UIWebView

List all xrefs to the 'UIWebView' class:
sym.MASTestApp.MastgTest.mastg.completion__1 0x100004514 [DATA:r--] ldr x0, reloc.UIWebView

Code snippet that contains the xref to 'UIWebView':
           0x100004514      ldr x0, [x8, 0x108]                       ; [0x100010108:4]=231
                                                                      ; reloc.UIWebView ; void *arg0
           0x100004518      bl sym.imp.objc_allocWithZone             ; void *objc_allocWithZone(void *arg0)
           0x10000451c      adrp x26, sym.__METACLASS_DATA__TtC10MASTestAppP33_9471609302C95FC8EC1D59DD4CF2A2DB19ResourceBundleClass ; 0x100010000
           0x100004520      ldr x1, [x26, 0x90]                       ; [0x100010090:4]=0xb0d9 ; reloc.fixup.init
                                                                      [21] -rw- section size 112 named 21.__DATA.__objc_selrefs ; char *selector
           0x100004524      bl sym.imp.objc_msgSend                   ; void *objc_msgSend(void *instance, char *selector)
           0x100004528      mov x21, x0
           0x10000452c      adrp x8, sym.imp.swift_deallocObject      ; 0x10000a000
           0x100004530      add x8, x8, 0xc90                         ; 0x10000ac90 ; "https://owasp.org"
           0x100004534      sub x8, x8, 0x20
           0x100004538      orr x1, x8, 0x8000000000000000

Evaluation

The test fails because the app uses the deprecated UIWebView class.