https://hexplo.it/ Recent content on Hexploitable ~ Software Security Blog Hugo -- gohugo.io en-us All rights reserved - 2018 Sat, 20 Apr 2019 12:00:00 +0000 https://hexplo.it/cv/ Sat, 20 Apr 2019 12:00:00 +0000 https://hexplo.it/cv/ Please find a copy of my resume/CV here. https://hexplo.it/post/memscan-is-back/ Wed, 12 Oct 2016 20:47:08 +0000 https://hexplo.it/post/memscan-is-back/ MEMSCAN 1.4 So, admittedly it’s been a while since i’ve done anything with MEMSCAN. It’s been neglected for a couple of reasons. Firstly, I’ve been super busy inside and outside of Cigital. Secondly, many of the most recent iOS jailbreaks did not include the task_for_pid 0 patch, of which MEMSCAN is dependant on. The latter was true until the most recent Pangu jailbreak for 9.2-9.3.3 (arm64 only). Pangu included the necessary patch in the jailbreak, allowing MEMSCAN to work again. https://hexplo.it/post/ats-enforcement/ Wed, 10 Aug 2016 13:54:40 +0000 https://hexplo.it/post/ats-enforcement/ Application Transport Security Since HTTP is a plaintext protocol and therefore creates inherent security and privacy concerns when used by applications - Apple has decided that it is finally time to start treating the secure alternative, HTTPS, as the de facto web protocol for iOS mobile apps. At WWDC this year, Apple rightly pointed out that simply “enabling” HTTPS does not necessarily mean that you are secure. There are many ways in which HTTPS can be improperly configured resulting in the use of insecure connections. https://hexplo.it/post/security-updates-in-ios-10/ Fri, 24 Jun 2016 15:17:44 +0000 https://hexplo.it/post/security-updates-in-ios-10/ Apple recently announced iOS 10 which includes many security and privacy related changes. This article aims to talk about some of the significant changes since iOS 9. Network Security Since HTTP is a plaintext protocol and therefore creates inherent security and privacy concerns when used, Apple has now decided that it is finally time to start treating HTTPS as the de facto web protocol. At WWDC this year, Apple rightly pointed out that simply “enabling” HTTPS does not necessarily mean that you are secure. https://hexplo.it/post/recent-tool-contributions/ Tue, 24 Nov 2015 11:43:52 +0000 https://hexplo.it/post/recent-tool-contributions/ So recently I made a couple of minor contributions to online iOS tools. Whilst the contributions are tiny, it was my first experience of actually submitting merge requests to other tools. For this reason I thought I’d share them with you. 1. ipainstaller One of the changes introduced in iOS 8 was that applications are laid out differently on the device. Essentially, the application exists as multiple containers spread out across the /private/var/mobile/ directory. https://hexplo.it/post/integrating-touch-id/ Mon, 03 Aug 2015 09:30:54 +0000 https://hexplo.it/post/integrating-touch-id/ Image copyrights and trademarks belong exclusively to Apple. #What is Touch ID? Simply put, Touch ID is Apple’s fingerprint technology for iOS mobile devices. It allows consumers to unlock their phones and make purchases conveniently using their fingerprint(s). Furthermore, as of iOS version 8.0, Apple opened Touch ID up to developers by making APIs available for use in the SDK. ###Biometric opinions This post assumes you have performed your own risk assessment and are aware of the risks associated with biometric authentication technologies, and that you have decided that Touch ID is suitable for use in your application. https://hexplo.it/post/touch-unlock/ Thu, 19 Mar 2015 08:54:49 +0000 https://hexplo.it/post/touch-unlock/ It. Is. ALIVEEEEE. So for the last “very long time” some folks and I have been working hard in any second of spare time we could find to write an app called Touch Unlock. Basically, the app is available for all iOS devices which have Apple’s Touch ID hardware and allows you to lock and unlock your Mac via Bluetooth Low Energy. And the best thing? It is totally free, no strings attached. https://hexplo.it/post/memscan-arm64/ Mon, 16 Mar 2015 19:34:48 +0000 https://hexplo.it/post/memscan-arm64/ Hey all, First off, if you don’t know what MEMSCAN is, see the original post. So I’m pretty happy right now, I figured out why MEMSCAN was having some technical issues with certain apps. Originally I suspected that it was somehow something to do with Swift although this just didn’t make sense. After some time away from the code I suddenly realise what was up - I don’t handle ARM64. https://hexplo.it/post/securi-tay-iv/ Thu, 26 Feb 2015 20:10:58 +0000 https://hexplo.it/post/securi-tay-iv/ ##Securi-Tay IV So it’s that special time of year again when families come together. Well, the Abertay Hackers family does at least. Every year, the Abertay Hackers group run an information security conference called Securi-Tay, hosted at the University of Abertay, Dundee. Students and professionals from various different backgrounds descend on Dundee to listen to talented speakers, network with students and industry professionals and generally just have a good time (Scottish to English translation - enjoy the cheaper booze). https://hexplo.it/post/memscan-improvements/ Thu, 12 Feb 2015 21:51:32 +0000 https://hexplo.it/post/memscan-improvements/ #Improvements to MEMSCAN. First off, I want to say that I was pretty overwhelmed with the volume of attention MEMSCAN received when I initially blogged about it a little while ago. I really didn’t think it was that big of a deal. I started MEMSCAN for two reasons - there wasn’t anything out there which did /exactly/ what I wanted it to do and also because I wanted to move beyond reading C to actually trying to write some C of my own. https://hexplo.it/post/small-updates-to-successid/ Thu, 12 Feb 2015 21:32:51 +0000 https://hexplo.it/post/small-updates-to-successid/ #Touch ID reason text Today I made some small tweaks to SucccessID which some people have been asking for. It was a relatively simple fix, I’m not sure why I didn’t actually put the code in, in the first place. The Alertview shown by successID when Local Authentication API’s are invoked now displays the reason text, which is specified by the application you’re testing. #SuccessID prompts not appearing I experienced an issue the other day where for a specific app I was testing, the SuccessID prompts weren’t appearing. https://hexplo.it/post/substrate-android/ Mon, 01 Dec 2014 11:56:05 +0000 https://hexplo.it/post/substrate-android/ #UPDATE This post has since been updated and is available on John Kozyrakis’s blog here:- https://koz.io/android-substrate-c-hooking/ https://hexplo.it/post/substrate-hooking-native-code-iosandroid/ Mon, 01 Dec 2014 11:55:00 +0000 https://hexplo.it/post/substrate-hooking-native-code-iosandroid/ This post is the first of a two part walkthrough on hooking C functionality on iOS and Android concerning the use of substrate for hooking code on the two supported mobile platforms. The aim is to provide you with a start to finish demonstration of how you can hook C functions on Android and iOS. The Android post is written by John Kozyrakis. You can check it out here: https://hexplo.it/substrate-android/ https://hexplo.it/post/introducing-memscan/ Thu, 13 Nov 2014 14:06:05 +0000 https://hexplo.it/post/introducing-memscan/ ###MEMSCAN MEMSCAN is a utility for iOS which I’ve been working on in bits and pieces here and there. I wanted to be able to dump the memory of a given process or to search for certain bytes in memory and get back an address for those bytes. This can be particularly useful when you’re testing an application which uses PIE and the symbols are not available. Using this technique you can look up the method fingerprint (e. https://hexplo.it/post/passbook-business-cards/ Tue, 11 Nov 2014 14:17:04 +0000 https://hexplo.it/post/passbook-business-cards/ ###Introduction Apple’s passbook functionality has been around for a little while and gradually more and more of the services I use are adopting it, most airlines I fly with use it now, my coffee shops use it, etc. etc. Whilst that’s awesome, there are other cool and creative things you can do with Passbook as an individual though and it’s very easy! One neat trick you can do to impress your co-workers and clients is to create a Passbook business card. https://hexplo.it/post/successid-touchid-override-simulation/ Wed, 05 Nov 2014 09:20:20 +0000 https://hexplo.it/post/successid-touchid-override-simulation/ ####Updates - 12/FEB/2015 - Added reason text to alertview ###iOS 8 activity Over the past few weeks a lot has happened in the iOS jailbreaking community, PanguTeam dropped an iOS 8.0-8.1 jailbreak, developers frantically tried to iron out performance and stability issues and of course app devs began to update their tweaks and utilities. One of the many exciting things about an iOS 8 jailbreak for me is the ability to manipulate all of the new SDK additions, HomeKit, HealthKit, ApplePay, LocalAuthentication, etc. https://hexplo.it/post/escaping-the-csawctf-python-sandbox/ Mon, 22 Sep 2014 10:22:00 +0000 https://hexplo.it/post/escaping-the-csawctf-python-sandbox/ This weekend past, my colleague Alex Evans and I took a trip up to Scotland to go see a bunch of the Abertay Hackers crew. Alex was delivering a talk on password generation and storage, which was very well received. If you’re interested, John Steven’s delivery of the talk can be found here: OWASP AppSecUSA 2012 - Analyzing and Fixing Password Protection Schemes Whilst we were hanging out with the students, they mentioned that a bunch of them were getting together in the University on the Saturday to tackle the CSAW 2014 Capture The Flag event. https://hexplo.it/post/reflection-university-of-abertay/ Wed, 30 Apr 2014 15:33:00 +0000 https://hexplo.it/post/reflection-university-of-abertay/ A month or so ago I travelled back up to sunny, sunny, Scotland to visit my friends at Abertay University. I arranged to go deliver our vulnerability assessment workshop on the back of my then recent delivery to the University of Surrey. It’s always good to hang out with the @AbertayHackers crew and it’s great to see the level of passion that’s continuously growing throughout the group. The delivery of the workshop went unbelievably smooth thanks to the volume of feedback from the Surrey students. https://hexplo.it/post/exporting-pseudo-code-from-hopper/ Wed, 26 Feb 2014 21:18:16 +0000 https://hexplo.it/post/exporting-pseudo-code-from-hopper/ ###Introduction First off I want to start by saying that if any of you are interested in binary analysis, reverse engineering, or iOS/OSX thick client pen-testing then I recommend you pick up a copy of Hopper Disassembler. It’s only £50 and it’s awesome. It’s got everything you need to get started, it’s affordable and it has a python API to plug in your own scripts. I’ve been using Hopper as part of my assessments for the past while and the more I use it the more I love it. https://hexplo.it/post/reflection-university-of-surrey/ Wed, 26 Feb 2014 13:52:05 +0000 https://hexplo.it/post/reflection-university-of-surrey/ ###Overview As mentioned in my previous post, a colleague and myself took the train down to Surrey (Guildford) on Saturday to deliver a vulnerability assessment workshop to some Computing Science students @UniOfSurrey. We spent a full day with the students and all of them stayed right until the end so that is one positive right? The most impressive and awesome take home from the day was that several groups of students managed to get system access on the server yet had no prior vulnerability assessment knowledge. https://hexplo.it/post/vulnerabilityworkshop/ Thu, 20 Feb 2014 14:19:00 +0000 https://hexplo.it/post/vulnerabilityworkshop/ So I’ve been working on something pretty cool lately and I wanted to share some thoughts on it. TL;DR - I’m currently delivering a vulnerability assessment workshop at multiple UK universities with the aim of providing a realistic full day workshop on finding vulnerabilities, engaging with clients, and explaining the issues & guidance in a way that can be easily understood by the client. If you have contacts with, or you represent a university, please do get in touch with me at wiresharkGD@gmail. https://hexplo.it/about/ Sun, 20 Jan 2013 12:00:00 +0000 https://hexplo.it/about/ My name is Grant Douglas, I’m the Mobile Security Practice Director @Synopsys. I’ve spent a number of years looking at mobile security, specifically focusing on pentesting, code review, binary (& runtime) hardening, RASP evaluation, and more. I’ve worked on many static and dynamic testing/analysis tools - some public, some not. You can find some ramblings (in code form) on Github, and a few of them are in publications such as the Mobile App Hackers Handbook and iOS forensics.