O'Reilly logo

The Mac Hacker's Handbook by Dino Dai Zovi, Charlie Miller

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 11

Injecting, Hooking, and Swizzling

In Chapter 9, “Exploit Payloads,” we demonstrated a remote bundle-injection exploit payload. In this chapter, we show how to develop custom injectable bundles to perform mission logic using high-level languages such as C and Objective-C. This allows us to use any of the facilities or frameworks provided by Mac OS X in our attacks. We will begin by giving some background on Mach programming and describe the local bundle injector that can be used to develop injectable bundles for local and remote processes. We will also demonstrate function hooking and Objective-C method swizzling that allows us to override the behavior of the compromised process dynamically. In the course of explaining all of these topics, this chapter will demonstrate bundles to take snapshots with the user’s iSight camera, capture SSL traffic in Safari, and log iChats.

Introduction to Mach

To understand the injection tools in this chapter and the Mach-based rootkit techniques in the next one, you need at least a passing familiarity with Mach programming. We will cover some basic background here, but for a more in-depth treatment refer to Mac OS X Internals: A Systems Approach (Addison-Wesley, 2006) and Programming Under Mach (Addison-Wesley, 1993). As discussed in Chapter 1, “Mac OS X Architecture,” (and like its ancestor NeXTSTEP), Mac OS X uses a kernel based on both Mach and BSD. Whereas NeXSTSTEP’s kernel was a hybrid between Mach 2.5 and BSD 4.3, Mac OS X’s kernel ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required