During forensics investigation it’s sometimes needed to reverse engineer some suspicious piece of code. This section is a reverse engineering dive-in section.
This section is the collection of jailbreak exploits digested by me and described. There is a difference between the terms jailbreak and exploit.
During forensic analysis it’s not too rare to run into some suspicious application. In this article I’m going to learn to reverse engineer iOS applications.
There are several indicators that the executable is packed. Here they are (this list will be growing as I encounter new indicators):
Look at the strings fs strings and f in radare2 or rabin -zz Find xrefs for the strings of interest axt @ str.
Rabin2 rabin2 -I [progname] # main info about the prog rabin2 -z [progname] # the strings from the binary's data section rabin2 -zz [progname] # all strings from the binary rabin2 -zqq [progname] # strings only without additional info rabin2 -x iGoat-Swift # thin the binary R2 Info il # libs in use ii # or iiq to see imports r2 [progname] # launch radare2 > s main # seak main function and go to it > aa # find all strings > v # psedu GUI mode (Hex editor) > VV # graph mode > afvn user_input input # rename local var and all the places it was referenced # rename function > s function_old_name > afn function_new_name > c # show cursor in visual mode > afvd # print all local variables > u # back?