Objective-C/iOS reverse engineering for hidden features

phyrrus9 · 03-03-2018, 05:29 AM

So, I stumbled across an article while I was about to fall asleep about digging for hidden features while doing some iOS app reverse engineering (on app store apps). This article is specifically about the very recent discovery of Instagram's (not yet even announced) video calling feature. I advise people check it out, it sheds a lot of light on how some of the hackery goes on. Note, these Cycript hacks are really useful when probing for new jailbreak stuff as well. Of course, you need a jailbreak to use it, but many of us have our own private jailbreaks that we use for our own development and don't want to burn (these holes tend to remain open for years at a time), and so we often use these jailbreaks and some code injection to find potential new jailbreaks.

Please do read the article though, it's at the very least an interesting look into the enigma of iOS, and especially the cryptography behind it....for your reference, here's how secure it is:
The entire disk is encrypted with a system key
under that, each partition is encrypted with its own key
under that, the user data directory is encrypted with the user key
each application is cryptographically signed with the developer's key
the developer's key is signed with Apple's CA key
the application binary is encrypted to prevent exactly this from going on
the application's memory is encrypted to prevent things like the intel bugs from being useful.

these features are what makes iOS the most secure operating system in the modern era, among others.

Link: https://medium.com/@guilhermerambo/how-i...4d7085da57

mothered · 03-03-2018, 06:06 AM

The underlying encryption seems like an overkill, but very Impressive I might add.

The article Is quite detailed, so (as time permits) I'll go through It later today or early tomorrow.

phyrrus9 · 03-03-2018, 02:47 PM

(03-03-2018, 06:06 AM)mothered Wrote: The underlying encryption seems like an overkill, but very Impressive I might add.

The article Is quite detailed, so (as time permits) I'll go through It later today or early tomorrow.

You'd think so, but all of it was added by simple necessity. These levels of encryption are what prevents the government (and Apple) from reading your data, even with physical access or by using a cloud backup. Not even apple has the user or system keys.

mothered · 03-04-2018, 02:50 AM

(03-03-2018, 02:47 PM)phyrrus9 Wrote:
(03-03-2018, 06:06 AM)mothered Wrote: The underlying encryption seems like an overkill, but very Impressive I might add.

The article Is quite detailed, so (as time permits) I'll go through It later today or early tomorrow.

You'd think so, but all of it was added by simple necessity. These levels of encryption are what prevents the government (and Apple) from reading your data, even with physical access or by using a cloud backup. Not even apple has the user or system keys.

I certainly agree with you here. Although I mentioned of an overkill, It wasn't Implied In a negative manner.

I always operate In a complex environment, and an overkill Is part of that equation. For example, I have all USB sticks, external HDDs encrypted with BitLocker. In that, sits an encrypted volume created with VeraCrypt. Inside the VeraCrypt encrypted volume sits "another" encrypted volume, again via VeraCrypt. Ultimately, there's 3 levels of encryption (and the same amount of authentication) to access my data.

Good luck to anyone attempting to grab my files.

phyrrus9 · 03-04-2018, 03:10 AM

(03-04-2018, 02:50 AM)mothered Wrote:
(03-03-2018, 02:47 PM)phyrrus9 Wrote:
(03-03-2018, 06:06 AM)mothered Wrote: The underlying encryption seems like an overkill, but very Impressive I might add.

The article Is quite detailed, so (as time permits) I'll go through It later today or early tomorrow.

You'd think so, but all of it was added by simple necessity. These levels of encryption are what prevents the government (and Apple) from reading your data, even with physical access or by using a cloud backup. Not even apple has the user or system keys.

I certainly agree with you here. Although I mentioned of an overkill, It wasn't Implied In a negative manner.

I always operate In a complex environment, and an overkill Is part of that equation. For example, I have all USB sticks, external HDDs encrypted with BitLocker. In that, sits an encrypted volume created with VeraCrypt. Inside the VeraCrypt encrypted volume sits "another" encrypted volume, again via VeraCrypt. Ultimately, there's 3 levels of encryption (and the same amount of authentication) to access my data.

Good luck to anyone attempting to grab my files.

I always admired these massively overkill setups. I'm honestly really happy that Apple decided to make it mainstream like this. The same sort of protection exists for MacOS as well (though it's not forced on like it is for iOS). FileVault can be set up all the way to the extent of every file having its own key.

mothered · 03-04-2018, 09:13 AM

(03-04-2018, 03:10 AM)phyrrus9 Wrote: FileVault can be set up all the way to the extent of every file having its own key.

Now this Is music to my ears (so to speak).

Despite the somewhat Inconvenience of accessing each file with a dedicated/segregated key, the security Is well and truly worth It.

phyrrus9 · 03-04-2018, 05:02 PM

(03-04-2018, 09:13 AM)mothered Wrote:
(03-04-2018, 03:10 AM)phyrrus9 Wrote: FileVault can be set up all the way to the extent of every file having its own key.

Now this Is music to my ears (so to speak).

Despite the somewhat Inconvenience of accessing each file with a dedicated/segregated key, the security Is well and truly worth It.

filevault handles it automatically, it happens without the user even noticing. the NVMe drives are fast enough to handle the data overhead. most users that configure it that way use the same passphrase for every file though, but you don't have to (you'd just be prompted for a password if it isn't in the keyring)

mothered · 03-05-2018, 04:01 AM

(03-04-2018, 05:02 PM)phyrrus9 Wrote: most users that configure it that way use the same passphrase for every file though, but you don't have to (you'd just be prompted for a password if it isn't in the keyring)

In my case, I don't like the Idea of authenticating with the same credentials for each device and/or file.

If one (password) Is known, the others are exposed which sort of defeats the purpose of the entire encryption. Yes It's an Inconvenience using dedicated authentication, but as mentioned, an overkill (within reason) Is well worth It's Implementation. Those who operate otherwise, It's good they have the option to configure It with the same passphrase.

Blink · 03-05-2018, 08:25 AM

(03-04-2018, 05:02 PM)phyrrus9 Wrote:
(03-04-2018, 09:13 AM)mothered Wrote:
(03-04-2018, 03:10 AM)phyrrus9 Wrote: FileVault can be set up all the way to the extent of every file having its own key.

Now this Is music to my ears (so to speak).

Despite the somewhat Inconvenience of accessing each file with a dedicated/segregated key, the security Is well and truly worth It.

filevault handles it automatically, it happens without the user even noticing. the NVMe drives are fast enough to handle the data overhead. most users that configure it that way use the same passphrase for every file though, but you don't have to (you'd just be prompted for a password if it isn't in the keyring)

How do you do that? I don't see many options in System Preferences, and fdesetup doesn't seem to have a way to do that...

Synthx · 03-05-2018, 03:18 PM

This actually seems extremely interesting. I would love to maybe try this out someday.