Objectives

• Being able to assess or study an iOS application
• Being able to understand or explore most of iOS Userland components

Synopsis

During this training, we will dispense all the knowledge needed to study iOS applications to perform either a security assessment, or a comprehensive reverse engineering. We will focus on the latest versions of iOS (starting from 10). The training heavily relies on practice therefore numerous labs exercises will be done.

Target audience

• Reverse engineers interested in iOS
• Security engineers with no prior experience in iOS but who needs to assess apps or start studying the system.

Duration

3 days

Prerequisites

• Familiar with ARM assembly
• Familiar with operating system concepts
• Basic knowledge of Python

Exercises

• Binaries reversing
• Small tools writing

Modules

Module 1

• Introduction
• Lab setup
• Mach-O
  • Layout and loading of the Mach-O binary file format
• Objective-C
  • Syntax description
  • Static reverse engineering (Structures, runtime)
• Swift

Module 2

• Applications
  • Hierarchy, resources
  • App life cycle
  • Static and dynamic analysis
  • Review API usage (cryptography, key storage,…)

Module 3

• Dyld shared cache
  • Following the code through the libraries
• XPC
  • Follow and analyse iOS IPC