did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9781118204122

iOS Hacker's Handbook

by ; ; ; ; ;
  • ISBN13:

    9781118204122

  • ISBN10:

    1118204123

  • Edition: 1st
  • Format: Paperback
  • Copyright: 2012-05-08
  • Publisher: Wiley

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $44.99 Save up to $15.75
  • Rent Book $29.24
    Add to Cart Free Shipping Icon Free Shipping

    TERM
    PRICE
    DUE
    USUALLY SHIPS IN 24-48 HOURS
    *This item is part of an exclusive publisher rental program and requires an additional convenience fee. This fee will be reflected in the shopping cart.

Supplemental Materials

What is included with this book?

Summary

This book discusses the internals of iOS. It explains how the operating system works, security risks associated with it, how it can be used in the Enterprise, and the overall security architecture of the operating system. It explains how vulnerabilities can be found in it, exploits developed for it, and rootkits and other payloads developed for it. There is no other book that comes close to covering iOS on this level and the book is written by a panel of some of the world's leading experts in iOS. Overview iOS Security Architecture iOS vulnerability hunting and exploit writing iOS enterprise and encryption How iOS jailbreaks work Specifically, the book will cover: iOS in the Enterprise , Encryption, Code signing and memory protections, Sandboxing, iPhone Fuzzing, Exploitation , ROP payloads, Rootkits, Kernel Debugging and Exploitation, Jailbreaking , Baseband attacks

Author Biography

Charlie Miller is Principal Research Consultant at Accuvant Labs and a four-time CanSecWest Pwn20wn winner. Dionysus Blazakis is an expert on iOS and OS X sandbox security mechanisms. Dino Dai Zovi is coauthor of The Mac Hackers Handbook and a popular conference speaker. Stefan Esser is a PHP security expert and leading researcher of iOS security topics. Vincenzo Iozzo is an independent security researcher focused on Mac OS X and smartphones. Ralf-Philipp Weinmann holds a PhD in cryptography and has an extensive security background.

Table of Contents

Introductionp. xv
iOS Security Basicsp. 1
iOS Hardware/Device Typesp. 2
How Apple Protects the App Storep. 2
Understanding Security Threatsp. 3
Understanding iOS Security Architecturep. 5
The Reduced Attack Surfacep. 5
The Stripped-Down iOSp. 6
Privilege Separationp. 6
Code Signingp. 7
Data Execution Preventionp. 7
Address Space Layout Randomizationp. 8
Sandboxingp. 8
A Brief History of iOS Attacksp. 9
Libtiffp. 9
Fun with SMSp. 10
The Ikee Wormp. 10
Storm8p. 11
SpyPhonep. 12
Pwn2Own2010p. 13
Jailbreakme.com 2 ("Star")p. 13
Jailbreakme.com 3 ("Saffron")p. 14
Summaryp. 14
iOS in the Enterprisep. 15
iOS Configuration Managementp. 16
Mobile Configuration Profilesp. 16
iPhone Configuration Utilityp. 18
Creating a Configuration Profilep. 18
Installing the Configuration Profilep. 20
Updating Profilesp. 25
Removing Profilesp. 25
Applications and Provisioning Profilesp. 26
Mobile Device Managementp. 26
MDM Network Communicationp. 27
Lion Server Profile Managerp. 28
Setting Up Profile Managerp. 29
Creating Settingsp. 35
Enrolling Devicesp. 38
Summaryp. 45
Encryptionp. 47
Data Protectionp. 47
Data Protection APIp. 48
Attacking Data Protectionp. 51
Attacking User Passcodesp. 51
iPhone Data Protection Toolsp. 55
Installation Prerequisitesp. 55
Building the Ramdiskp. 58
Booting Ramdiskp. 61
Brute-Force Attacking Four-Digit Passcodesp. 62
Dumping Keychainp. 64
Dumping Data Partitionp. 65
Decrypting Data Partitionp. 66
Summaryp. 68
Code Signing and Memory Protectionsp. 69
Understanding Mandatory Access Controlp. 70
AMFI Hooksp. 71
AMFI and execvp. 72
How Provisioning Worksp. 74
Understanding the Provisioning Profilep. 74
How the Provisioning File Is Validatedp. 77
Understanding Application Signingp. 78
Inside Entitlementsp. 79
How Code Signing Enforcement Worksp. 80
Collecting and Verifying Signing Informationp. 80
How Signatures Are Enforced on Processesp. 84
How the iOS Ensures No Changes Are Made to Signed Pagesp. 88
Discovering Dynamic Code Signingp. 89
Why MobileSafari Is So Specialp. 89
How the Kernel Handles JITp. 91
Attacking Inside MobileSafarip. 94
Breaking Code Signingp. 95
Altering iOS Shellcodep. 96
Using Meterpreter on iOSp. 101
Gaining App Store Approvalp. 103
Summaryp. 104
Sandboxingp. 107
Understanding the Sandboxp. 108
Sandboxing Your Appsp. 109
Understanding the Sandbox Implementationp. 116
Understanding User Space Library Implementationp. 117
Into the Kernelp. 121
Implementing TrustedBSDp. 121
Handling Configuration from User Spacep. 123
Policy Enforcementp. 125
How Profile Bytecode Worksp. 126
How Sandboxing Impacts App Store versus Platform Applicationsp. 133
Summaryp. 137
Fuzzing iOS Applicationsp. 139
How Fuzzing Worksp. 139
The Recipe for Fuzzingp. 141
Mutation-Based ("Dumb") Fuzzingp. 141
Generation-Based ("Smart") Fuzzingp. 142
Submitting and Monitoring the Test Casesp. 143
Fuzzing Safarip. 144
Choosing an Interfacep. 144
Generating Test Casesp. 144
Testing and Monitoring the Applicationp. 145
Adventures in PDF Fuzzingp. 148
Quick Look Fuzzingp. 153
Fuzzing with the Simulatorp. 155
Fuzzing MobileSafarip. 158
Selecting the Interface to Fuzzp. 158
Generating the Test Casep. 158
Fuzzing and Monitoring MobileSafarip. 158
PPT Fuzzing Funp. 160
SMS Fuzzingp. 162
SMS Basicsp. 163
Focusing on the Protocol Data Unit Modep. 165
Using PDUspyp. 167
Using User Data Header Informationp. 167
Working with Concatenated Messagesp. 168
Using Other Types of UDH Datap. 169
Generation-Based Fuzzing with Sulleyp. 170
SMS iOS Injectionp. 175
Monitoring SMSp. 177
SMS Bugsp. 182
Summaryp. 184
Exploitationp. 185
Exploiting Bug Classesp. 186
Object Lifetime Vulnerabilitiesp. 186
Understanding the iOS System Allocatorp. 188
Regionsp. 188
Allocationp. 189
Deallocationp. 189
Taming the iOS Allocatorp. 190
Tools of the Tradep. 190
Learning Alloc/Dealloc Basicsp. 191
Exploiting Arithmetic Vulnerabuitiesp. 195
Exploiting Object Lifetime Issuesp. 198
Understanding TCMallocp. 200
Large Object Allocation and Deallocationp. 201
Small Object Allocationp. 201
Small Object Deallocationp. 202
Taming TCMallocp. 202
Obtaining a Predictable Heap Layoutp. 202
Tools for Debugging Heap Manipulation Codep. 204
Exploiting Arithmetic Vulnerabilities with TCMalloc - Heap Feng Shuip. 206
Exploiting Object Lifetime Issues with TCMallocp. 211
ASLR Challengesp. 211
Case Study: Pwn20wn 2010p. 213
Testing Infrastructurep. 217
Summaryp. 218
Return-Oriented Programmingp. 219
ARM Basicsp. 220
iOS Calling Conventionp. 220
System Calls Calling Conventionp. 221
ROP Introductionp. 222
ROP and Heap Bugsp. 224
Manually Constructing a ROP Payloadp. 225
Automating ROP Payload Constructionp. 230
What Can You Do with ROP on iOS?p. 232
Testing ROP Payloadsp. 232
Examples of ROP Shellcode on iOSp. 235
Exfiltrate File Content Payloadp. 235
Using ROP to Chain Two Exploits (JailBreakMe v3)p. 242
Summaryp. 247
Kernel Debugging and Exploitationp. 249
Kernel Structurep. 249
Kernel Debuggingp. 250
Kernel Extensions and IOKit Driversp. 256
Reversing the IOKit Driver Object Treep. 257
Finding Vulnerabilities in Kernel Extensionsp. 261
Finding Vulnerabilities in IOKit Driversp. 264
Attacking through Device Propertiesp. 265
Attacking through External Traps and Methodsp. 266
Kernel Exploitationp. 269
Arbitrary Memory Overwritep. 269
Patching a Vulnerability into the Kernelp. 270
Choosing a Target to Overwritep. 271
Locating the System Call Tablep. 272
Constructing the Exploitp. 273
Uninitialized Kernel Variablesp. 274
Kernel Stack Buffer Overflowsp. 279
Kernel Heap Buffer Overflowsp. 285
Kernel Heap Zone Allocatorp. 286
Kernel Heap Feng Shuip. 291
Detecting the State of the Kernel Heapp. 293
Exploiting the Kernel Heap Buffer Overflowp. 294
Summaryp. 296
Jailbreakingp. 297
Why Jailbreak?p. 298
Jailbreak Typesp. 298
Jailbreak Persistencep. 299
Tethered Jailbreaksp. 299
Untethered Jailbreaksp. 299
Exploit Typep. 300
Bootrom Levelp. 300
iBoot Levelp. 300
Userland Levelp. 301
Understanding the Jailbreaking Processp. 301
Exploiting the Bootromp. 302
Booting the Ramdiskp. 303
Jailbreaking the Filesystemp. 303
Installing the Untethering Exploitp. 304
Installing the AFC2 Servicep. 305
mstalling Base Utilitiesp. 306
Application Stashingp. 307
Bundle Installationp. 307
Post-Installation Processp. 309
Executing Kernel Payloads and Patchesp. 309
Kernel State Reparationp. 309
Privilege Escalationp. 310
Kernel Patchingp. 312
security.mac.proc_enforcep. 312
cs_enforcement_disable (kernel)p. 313
cs_enforcement_disable (AMFI)p. 314
PE_i_can_has_debuggerp. 315
vm_map_enterp. 316
vm_map_protectp. 318
AMFI Binary Trust Cachep. 319
Task_for_pid 0p. 320
Sandbox Patchesp. 322
Clearing the Cachesp. 324
Clean Returnp. 324
Summaryp. 325
Baseband Attacksp. 327
GSM Basicsp. 329
Setting up OpenBTSp. 331
Hardware Requiredp. 331
OpenBTS Installation and Configurationp. 332
Closed Configuration and Asterisk Dialing Rulesp. 335
RTOSes Underneath the Stacksp. 335
Nucleus PLUSp. 336
ThreadXp. 337
REX/OKL4/Iguanap. 337
Heap Implementationsp. 338
Dynamic Memory in Nucleus PLUSp. 338
Byte Pools in ThreadXp. 340
The Qualcomm Modem Heapp. 341
Vulnerability Analysisp. 342
Obtaining and Extracting Baseband Firmwarep. 343
Loading Firmware Images into IDA Prop. 344
Application/Baseband Processor Interfacep. 345
Stack Traces and Baseband Core Dumpsp. 345
Attack Surfacep. 346
Static Analysis on Binary Code Like it's 1999p. 347
Specification-Guided Fuzz Testingp. 348
Exploiting the Basebandp. 348
A Local Stack Buffer Overflow: AT+XAPPp. 348
The ultrasn0w Unlockp. 350
An Overflow Exploitable Over the Airp. 356
Summaryp. 362
Appendix Referencesp. 365
Indexp. 369
Table of Contents provided by Ingram. All Rights Reserved.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program