O'Reilly logo

Hacking and Securing iOS Applications by Jonathan Zdziarski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Compromising Devices and Injecting Code

As you’ve learned, the redsn0w tool boots its own custom code to install third-party software and apply any patches to the operating system that it needs. It does this whether or not the device’s owner has set a passcode lock on the device, and does not even need to know the passcode in order to jailbreak the device. While one might need the device’s passcode to access the GUI, all of the work being performed on the disk is done without authenticating the user on the device.

You’ll now learn how to use redsn0w to boot your own code, rather than redsn0w’s jailbreak code. By booting your own code, you’ll get an idea of how an attacker might access a stolen (or “borrowed”) device quickly to copy data, inject malware, or perform any other number of attacks.

Theoretically, you could write your own jailbreaking application, as the source code is widely available. Since an entire book could be written on this topic alone, however, the redsn0w application will be used throughout this book to inject your custom code, for convenience. Many other jailbreaking tools could also be substituted in the examples, with little modification. Jailbreaking tools do all of the hard work of manipulating the device’s boot sequence in order to boot custom code. Since the techniques to do this frequently change, it makes sense to leave it up to these tools to do the low level work, and focus on attacking your application. In the real world, an attacker may craft her own ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required