objection - runtime mobile exploration
•
3 recomendaciones•1,976 vistas
Slides for 0xcon 2017 talk about objection by @leonjza.
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Similar a objection - runtime mobile exploration
Similar a objection - runtime mobile exploration (20)
Más de SensePost
Más de SensePost (20)
Último
Último (7)
objection - runtime mobile exploration
- 1. 0xcon 2017 📱objection RUNTIME MOBILE EXPLORATION
- 3. 0xcon 2017
- 4. 0xcon 2017
- 6. 0xcon 2017 - Ole André Vadla Ravnås (@oleavr) - dynamic instrumentation toolkit - injects chrome v8 (or duktape) into process - instrumentation done using JavaScript - basically magic (no really.) frida
- 7. 0xcon 2017 ‘embedded mode’ (recently added fully autonomous mode)
- 8. 0xcon 2017 demo(native function hooking)
- 10. 0xcon 2017 @implementation JailbreakDetection +(BOOL) isJailbroken { NSFileManager *fm = [NSFileManager defaultManager]; if ([fm fileExistsAtPath:@"/bin/bash"]) { return YES; } return NO; } @end
- 11. 0xcon 2017 var JailbreakDetection = ObjC.classes.JailbreakDetection; Interceptor.attach( JailbreakDetection.isJailbroken.implementation, { onEnter: function (args) { // }, onLeave: function (retval) { retval.replace(0x0); } });
- 12. 0xcon 2017 demo(jailbreak detection simulation/bypass)
- 13. 0xcon 2017 lets… inject arbitrary code
- 15. 0xcon 2017 📱objection bundled it up, and called it… (object)inject(ion)
- 16. 0xcon 2017 - python3, installable with pip3 - bundles ios and android hooks - ’compiles’ hooks with Jinja2 - can import arbitrary Frida scripts - do not need a jailbroken / rooted device internals
- 18. 0xcon 2017 demo(exploring the filesystem)
- 19. 0xcon 2017 demo(ssl pinning bypass)
- 20. 0xcon 2017 demo(class method monitoring)
- 21. 0xcon 2017 - dump process/module memory - interact with iOS keychain - bypass touchid* - monitor iOS pasteboard - extract iOS binary cookies and lots more!