3/15/2023 0 Comments Hopper disassembler demo![]() ![]() Your jailbroken iPhone (I am using an old phone with iOS 14.1).These are the tools we will use to perform the analysis: Find the next function we want to use for ROP chain.Calculate the function addresses at runtime (ASLR enabled on iOS).Debug the binary to find interesting functions that we will jump to in the payload.Check the iOS crash logs to get the position of the link register (LR) so we can craft the payload.If you don’t know how to jailbreak your phone, please refer to unC0ver guide. Upload the iOS binary onto your jailbroken iOS via SFTP.We will go through each little step below in detail. Introduction to the binary we are exploitingīelow are the high-level step-through of what this blog post will cover.High level walk through of the steps we will take.This blog post is broken up into five sections, if you are familiar with my blog posts then this shouldn’t be a surprise. As such, I will be introducing you to buffer overflows and ROP chain attacks. The difference is this blog post will focus on exploiting iOS arm64 binaries and we will take what we learn from reversing the binary to perform two attacks. This blog post builds on Part 1’s knowledge of how to perform basic reversing on iOS apps. I have also included the source code on GitHub for all my evil cheaters out there!!! Don’t think for a second that I don’t know you exist :P.ĭownload the exercise binary “dontpopme” from Github here. ![]() Therefore, for this blog post/tutorial, I have compiled and built you an iOS binary that you can use and abuse. We will only be using FREE tools because I don’t like to spend money on nerd things.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |