Apple might be the greatest evil born as a byproduct by the current capitalist system. Love them, loathe them they are here to stay. And so we continue to part 2 explaining the IOS application architecture. Like major Unix Distribution, the IOS Application (or compiled files) is archived in the IPA formats (Which is actually a zip format).
There are two ways to obtained the ipa files. If you are a developers then u can the particular ipa from the developer itself. Else the only way to obtained the ipa is by cracking the application itself. The Hackulo team has written a nice wiki explaining the whole process of decrypting the binary at runtime.
What is the strucutre of a IPA Files? Let's take a look at the Maybank2u Apps structure ..
As you can see the common structure of an mobile-web applicationIPA usually consist of:
Payload/
Payload/application.app
And a few Plist file. Plist is actually a property file which use DSO that can use to stored binary human-readable data .
So what can we find in an apps? A lot of stuff. Suppose we are interested in finding out how does an app aware that the IOS have been jailbreak or not? In the Maybank2u Apps if we explore the plugin folder:
What is the strucutre of a IPA Files? Let's take a look at the Maybank2u Apps structure ..
As you can see the common structure of an mobile-web applicationIPA usually consist of:
Payload/
Payload/application.app
And a few Plist file. Plist is actually a property file which use DSO that can use to stored binary human-readable data .
So what can we find in an apps? A lot of stuff. Suppose we are interested in finding out how does an app aware that the IOS have been jailbreak or not? In the Maybank2u Apps if we explore the plugin folder:
There's a javascript file called CheckRoot. However it doesn`t yield us too much how exactly the checking mechanism works. So what we can do is we can fire our IDA and load our Apps. Do take not that the APPs are compile in a Mach-O for Arm . So what we can do is in IDA is find the particular function that is correspond to the CheckRoot.
Click on the names will yield..
The Apps will check the existance of each file and return a 1 if exist.. Since we know that the application determine that jailbreak had occured if any of those file detected a Jailbreak Iphone can actually evade the detection by simply wriite off a hooking function to return each check as Bool 0 .
We will discuss it later on Part 3 or maybe 4..
No comments:
Post a Comment