O'Reilly logo

Hacking and Securing iOS Applications by Jonathan Zdziarski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 5. Defeating Encryption

Stealing data from many iOS devices has proven a relatively painless undertaking, especially with the many tools available in the open source community. For an attacker, the hard part is already done: the same techniques used for otherwise innocuous purposes, such as jailbreaking or unlock a device, can be retooled to break into a device and commit digital theft. The technical hurdles, such as exploiting the device’s boot loader and disabling the device’s security mechanisms, are already done for the attacker. Whether it’s a tool like redsn0w, which can automate the process of booting unsigned code, or the many distributions of cyanide, greenpois0n, blackra1n, or other tools available to do similar things, an attacker only need a little bit of code and some know-how to hijack a device.

Up to this point, you’ve been dealing primarily with data that is stored unencrypted. Any data stored using Apple’s protection class encryption has come across as unreadable. This chapter will demonstrate different techniques to extract encryption keys from a device and use them to decrypt passwords on the keychain, protection-class encrypted files, and raw disk. You’ll also learn an attack technique involving the equivalent of spyware, which can steal encrypted data without ever deducing the device’s passcode.

Sogeti’s Data Protection Tools

Sogeti is a 20,000 person strong corporation providing professional technology services, specializing in application management, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required