Book - The Mobile Application Hacker's Handbook

Cycript Basics Usage Example OnYouriOSDevice:~ root# cycript -p BookExamples cy# cy# var hello = [[NSString alloc] initWithString:"Hello"]; @"Hello" cy# hello.length 5 cy# hello = [hello stringByAppendingString: " world"]; @"Hello world" cy# cy# function counter() { for(var i=0; i<5; i++) system.…

Book - Mobile Penetration Testing Part III

1. Reverse engineering Extract the class information Class-dump-z /private/var/mobile/Containers/Bundle/Application/<UUID>/iGoat.app NIN: class-dump-z不支持64bit。我们还是用class-dump吧。 还有一个叫 classdump-dyld Ref: iOS 使用 class-dump 分析 App 类信息 | 一朵西兰花 使用 Class-dump-z 和 Clutch 分析 iOS App - O’s World IOS安全–使用class-dump-z导出IOS应用类信息 class-dump class dump 是一个用于检查保存在 Mach-O…

Book - Mobile Penetration Testing Part II

Android Debug Bridge 需要先Enable USB Debugging. 位置: Settings - Developer Options 假如未发现Developer Options, 点 Settings - About Device - Build Number 七次. adb devices ➜ localstorage adb devices List of devices attached 192.168.56.101:5555 device ➜ localstorage adb -s 192.168.56.101:5555 shell –s to connect to…

Awesome RE

A curated list of awesome reversing resources taheyeh/awesome-reversing wtsxDev/reverse-engineering…

Book - Mobile Penetration Testing Part I

Architecture Android Android Runtime 两种: Dalvik VM (DVM) Android Runtime (ART) (Android Lollipop之后) DVM 由于性能关系, DVM 只会运行一次, 每一个新的 service 都是它的一个克隆, 控制克隆的是 system service - Zygote. 此外, DVM 会将多个(e.g. 1000) Java class 编译为一个.dex file. Zygote 当 Android 启动的时候, 它作为其中一个 process被最先开启. Starting UP a virtual machine Preloading the core…