O'Reilly logo

Mobile Application Penetration Testing by Vijay Kumar Velu

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 7. Full Steam Ahead – Attacking iOS Applications

To look at a system fault as a bug or vulnerability depends on the assessor's attitude.

This chapter will give you a step-by-step guide to analyzing, attacking, and reverse engineering iOS apps in general. We will take what we have already set up with LLDB, oTool, Hopper, and class-dump-z into a trifecta for simple reverse engineering tasks. We will walk through how to use tools in order to instrument potentially sensitive and vulnerable API calls. We will also look at how to exploit the lack of binary protections with Cycript and Snoop-IT. Finally, the chapter will cover some obscure tasks, such as performing heap dumps with debuggers in order to recover sensitive items such as passwords ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required