iOS应用安全攻防:英文 (美)扎德尔斯基 著作 下载 pdf 百度网盘 epub 免费 2025 电子版 mobi 在线

本书讲解了几种iOS的攻击手段，以及黑客们常用的工具和技术。内容包括：了解黑客如何通过代码注入来使应用感染恶意软件、阻止攻击者劫持SSL会话和窃取数据流量等。

Preface

1. Everything You Know Is Wrong

The Myth of a Monoculture

The iOS Security Model

Components of the iOS Security Model

Storing the Key with the Lock

Passcodes Equate to Weak Security

Forensic Data Trumps Encryption

External Data Is at Risk, Too

Hijacking Traffic

Data Can Be Stolen...Quickly

Trust No One, Not Even Your Application

Physical Access Is Optional

Summary

Part Ⅰ. Hacking

2. The Basics of Compromising iOS

Why It's Important to Learn How to Break Into a Device

Jailbreaking Explained

Developer Tools

End User Jailbreaks

Jailbreaking an iPhone

DFU Mode

Tethered Versus Untethered

Compromising Devices and Injecting Code

Building Custom Code

Analyzing Your Binary

Testing Your Binary

Daemon!zing Code

Deploying Malicious Code with a Tar Archive

Deploying Malicious Code with a RAM Disk

Exercises

Summary

3. Stealing the Filesystem

Full Disk Encryption

Solid State NAND

Disk Encryption

Where lOS Disk Encryption Has Failed You

Copying the Live Filesystem

The DataTheft Payload

Customizing launchd

Preparing the RAM disk

Imaging the Filesystem

Copying the Raw Filesystem

The RawTheft Payload

Customizing launchd

Preparing the RAM disk

Imaging the Filesystem

Exercises

The Role of Social Engineering

Disabled Device Decoy

Deactivated Device Decoy

Malware Enabled Decoy

Password Engineering Application

Summary

4. Forensic Trace and Data Leakage

Extracting Image Geotags

Consolidated GPS Cache

SQLite Databases

Connecting to a Database

SQLite Built-in Commands

Issuing SQL Queries

Important Database Files

Address Book Contacts

Address Book Images

Google Maps Data

Calendar Events

Call History

Email Database

Notes

Photo Metadata

SMS Messages

Safari Bookmarks

SMS Spotlight Cache

Safari Web Caches

Web Application Cache

WebKit Storage

Voicemail

Reverse Engineering Remnant Database Fields

SMS Drafts

Property Lists

Important Property List Files

Other Important Files

Summary

5. Defeating Encryption

Sogeti's Data Protection Tools

Installing Data Protection Tools

Building the Brute Forcer

Building Needed Python Libraries

Extracting Encryption Keys

The KeyTheft Payload

Customizing Launchd

Preparing the RAM disk

Preparing the Kernel

Executing the Brute Force

Decrypting the Keychain

Decrypting Raw Disk

Decrypting iTunes Backups

Defeating Encryption Through Spyware

The SpyTheft Payload

Daemonizing spyd

Customizing Launchd

Preparing the RAM disk

Executing the Payload

Exercises

Summary

6. Unobliterating Files

Scraping the HFS Journal

Carving Empty Space

Commonly Recovered Data

Application Screenshots

Deleted Property Lists

Deleted Voicemail and Voice Recordings

Deleted Keyboard Cache

Photos and Other Personal Information

Summary

7. Manipulating the Runtime

Analyzing Binaries

The Mach-O Format

Introduction to class-dump-z

Symbol Tables

Encrypted Binaries

Calculating Offsets

Dumping Memory

Copy Decrypted Code Back to the File

Resetting the cryptid

Abusing the Runtime with Cycript

Installing Cycript

Using Cycript

Breaking Simple Locks

Replacing Methods

Trawling for Data

Logging Data

More Serious Implications

Exercises

SpringBoard Animations

Call Tapping...Kind Of

Making Screen Shots

Summary

8. Abusingthe Runtime Library

Breaking Objective-C Down

Instance Variables

Methods

Method Cache

Disassembling and Debugging

Eavesdropping

The Underlying Objective-C Framework

Interfacing with Objective-C

Malicious Code Injection

The CodeTheft Payload

Injection Using a Debugger

Injection Using Dynamic Linker Attack

Full Device Infection

Summary

9. Hijacking Traffic

APN Hijacking

Payload Delivery

Removal

Simple Proxy Setup

Attacking SSL

SSLStrip

Paros proxy

Browser Warnings

Attacking Application-Level SSL Validation

The SSLTheft Payload

Hijacking Foundation HTTP Classes

The POSTTheft Payload

Analyzing Data

Driftnet

Building

Running

Exercises

Summary

Part Ⅱ. Securing

10. Implementing Encryption

Password Strength

Beware Random Password Generators

Introduction to Common Crypto

Stateless Operations

Stateful Encryption

Master Key Encryption

Geo-Encryption

Geo-Encryption with Passphrase

Split Server-Side Keys

Securing Memory

Wiping Memory

Public Key Cryptography

Exercises

11. Counter Forensics

Secure File Wiping

DOD 5220.22-M Wiping

Objective-C

Wiping SQLite Records

Keyboard Cache

Randomizing PIN Digits

Application Screenshots

12. Securing the Runtime

Tamper Response

Wipe User Data

Disable Network Access

Report Home

Enable Logging

False Contacts and Kill Switches

Process Trace Checking

Blocking Debuggers

Runtime Class Integrity Checks

Validating Address Space

Inline Functions

Complicating Disassembly

Optimization Flags

Stripping

They're Fun! They Roll! -funroll-loops

Exercises

13. Jailbreak Detection

Sandbox Integrity Check

Filesystem Tests

Existence of Jailbreak Files

Size of/etc/fstab

Evidence of Symbolic Linking

Page Execution Check

14. Next Steps

Thinking Like an Attacker

Other Reverse Engineering Tools

Security Versus Code Management

A Flexible Approach to Security

Other Great Books

暂无相关内容，正在全力查找中

暂无出版社相关信息，正在全力查找中！

暂无相关书籍摘录，正在全力查找中！

在线阅读地址：iOS应用安全攻防:英文 (美)扎德尔斯基 著作在线阅读

在线听书地址：iOS应用安全攻防:英文 (美)扎德尔斯基 著作在线收听

在线购买地址：iOS应用安全攻防:英文 (美)扎德尔斯基 著作在线购买

暂无原文赏析，正在全力查找中！

编辑推荐

如果你是一位具有坚实Objective-C基础的应用开发者，这本《iOS应用安全攻防(影印版)》绝对急你所需——你所在公司的iOS应用被攻击的可能性很大。这是因为恶意攻击者现在使用一系列工具采用大多数程序员想象不到的方式进行反向工程、跟踪和操纵应用。

这本书讲解了几种iOS的攻击手段，以及黑客们常用的工具和技术。你会从中学到保护你的应用的很好方式，并且意识到像你的对手那样去理解和制定策略是多么重要。本书由扎德尔斯基(Zdziarski, J.)著。