MASTG-TECH-0065: Reverse Engineering iOS Apps

iOS reverse engineering is a mixed bag. On the one hand, apps programmed in Objective-C and Swift can be disassembled nicely. In Objective-C, object methods are called via dynamic function pointers called "selectors", which are resolved by name during runtime. The advantage of runtime name resolution is that the names must remain intact in the final binary, making the disassembly more readable. Unfortunately, this also means that the disassembler provides no direct cross-references between methods, making it challenging to construct a flow graph.

References

• [#miller] - Charlie Miller, Dino Dai Zovi. The iOS Hacker's Handbook. Wiley, 2012 - https://www.wiley.com/en-us/iOS+Hacker%27s+Handbook-p-9781118204122
• [#levin] Jonathan Levin. Mac OS X and iOS Internals: To the Apple's Core. Wiley, 2013 - http://newosxbook.com/MOXiI.pdf

Tests

MASTG-TEST-0317: Broken Symmetric Encryption Modes MASTG-TEST-0313: References to APIs for Preventing Keyboard Caching of Text Fields MASTG-TEST-0321: Hardcoded HTTP URLs MASTG-TEST-0323: Uses of Low-Level Networking APIs for Cleartext Traffic