1
00:00:00,720 --> 00:00:03,889
‫-: Hi. Within this lecture we're going to see

2
00:00:03,889 --> 00:00:06,900
‫some of the cool things that we can do when

3
00:00:06,900 --> 00:00:09,600
‫we jail break iOS devices.

4
00:00:09,600 --> 00:00:12,987
‫Okay? So right now I'm in my jail broken device

5
00:00:12,987 --> 00:00:17,100
‫and I'm going to open the CD app that I have talked

6
00:00:17,100 --> 00:00:20,040
‫about before because we're going to download couple

7
00:00:20,040 --> 00:00:25,040
‫of things that we can use often in this kind of situation.

8
00:00:26,160 --> 00:00:31,050
‫So once you open CD app, you may encounter some kind

9
00:00:31,050 --> 00:00:36,050
‫of an update and I suggest you do the updates, okay?

10
00:00:36,660 --> 00:00:40,050
‫And then search for whatever you're looking for.

11
00:00:40,050 --> 00:00:41,670
‫So if you come over here

12
00:00:41,670 --> 00:00:45,469
‫to the fourth tab where you can see the installed apps

13
00:00:45,469 --> 00:00:50,469
‫on your iPad or iPhone you're gonna come across

14
00:00:51,030 --> 00:00:54,393
‫with tools that you haven't seen before because

15
00:00:54,393 --> 00:00:58,440
‫I assume this is the first time you're doing jail breaking.

16
00:00:58,440 --> 00:01:03,440
‫Okay? So as you can see, we can actually see a lot

17
00:01:03,690 --> 00:01:07,590
‫of tools that that is already installed

18
00:01:07,590 --> 00:01:12,590
‫in our iPad or iPhone and they are actually very helpful.

19
00:01:13,020 --> 00:01:15,840
‫But again, we are going to need some more

20
00:01:15,840 --> 00:01:19,380
‫in order to complete reverse engineering sections.

21
00:01:19,380 --> 00:01:22,335
‫Okay? So let me show you what are those.

22
00:01:22,335 --> 00:01:26,767
‫So first of all, we want to SSH, we want to connect

23
00:01:26,767 --> 00:01:31,767
‫to our iPad and just run some comments afterward.

24
00:01:32,550 --> 00:01:36,600
‫So I'm going to search for SSH like this

25
00:01:36,600 --> 00:01:39,461
‫and you will see a lot of results already.

26
00:01:39,461 --> 00:01:43,740
‫So I believe SSH is already installed over here.

27
00:01:43,740 --> 00:01:48,330
‫Like yeah, you see open SSH is already installed for me.

28
00:01:48,330 --> 00:01:52,178
‫Okay? So if it's not installed for you,

29
00:01:52,178 --> 00:01:55,833
‫you can come over here and search for open SSH

30
00:01:55,833 --> 00:02:00,833
‫in the search bar and then you can just click on it.

31
00:02:01,530 --> 00:02:04,800
‫And on the right hand side, on the upper right

32
00:02:04,800 --> 00:02:07,890
‫hand side there is a button called modify.

33
00:02:07,890 --> 00:02:09,150
‫You can just click on it,

34
00:02:09,150 --> 00:02:13,380
‫you can just install it, and then start running it.

35
00:02:13,380 --> 00:02:15,630
‫So I'm gonna show you how to use it, don't worry.

36
00:02:15,630 --> 00:02:20,100
‫Just install the open SSH, then we will be good to go.

37
00:02:20,100 --> 00:02:23,100
‫And of course there are other tools as well

38
00:02:23,100 --> 00:02:25,380
‫but this is one of the most important ones

39
00:02:25,380 --> 00:02:30,010
‫because again this will let us connect to our iPad

40
00:02:30,010 --> 00:02:34,950
‫and run some comments within our own MacBook.

41
00:02:34,950 --> 00:02:38,190
‫So this is a very powerful tool, okay?

42
00:02:38,190 --> 00:02:40,050
‫We're gonna use it a lot.

43
00:02:40,050 --> 00:02:43,143
‫So make sure you find open SSH and install it.

44
00:02:44,040 --> 00:02:49,040
‫And then later on we are going to need other tools as well.

45
00:02:49,080 --> 00:02:53,940
‫Like one of them is Cycript.

46
00:02:53,940 --> 00:02:58,556
‫So it's spelled like this, C Y C, okay.

47
00:02:58,556 --> 00:03:00,753
‫And this is it Cycript.

48
00:03:01,692 --> 00:03:05,537
‫And the owner of this tool pronounces this

49
00:03:05,537 --> 00:03:06,370
‫as script and rest of the world pronounces this Cycript.

50
00:03:11,250 --> 00:03:14,790
‫So whatever you want to do, you can just do it.

51
00:03:14,790 --> 00:03:16,650
‫Just click on install

52
00:03:16,650 --> 00:03:20,910
‫and make sure Cycript is installed on your iPad or iPhone.

53
00:03:20,910 --> 00:03:23,520
‫So this is a tool that we are going to use for

54
00:03:23,520 --> 00:03:28,170
‫app manipulation during iOS reverse engineering sections.

55
00:03:28,170 --> 00:03:30,965
‫Okay? So these are the essential tools

56
00:03:30,965 --> 00:03:34,837
‫but I'm gonna show you some other tools as well

57
00:03:34,837 --> 00:03:37,198
‫cause they can be very handy

58
00:03:37,198 --> 00:03:41,925
‫in kind when it comes to browsing, for example

59
00:03:41,925 --> 00:03:46,925
‫as you can see, I have an app over here called Filza.

60
00:03:47,130 --> 00:03:49,590
‫So this is a file browser app.

61
00:03:49,590 --> 00:03:52,890
‫But rather than browsing the downloaded files or something

62
00:03:52,890 --> 00:03:56,700
‫you can browse everything inside your iPad.

63
00:03:56,700 --> 00:03:59,730
‫Just let me open the Filza and show you what I mean.

64
00:03:59,730 --> 00:04:04,110
‫Now we get to see the root files as well since we are root

65
00:04:04,110 --> 00:04:07,332
‫since we are the administrator of this device.

66
00:04:07,332 --> 00:04:10,920
‫So I can actually wonder around

67
00:04:10,920 --> 00:04:15,180
‫in any application or any folder that I want like this

68
00:04:15,180 --> 00:04:19,200
‫you can go to root folder, you can go to system folders

69
00:04:19,200 --> 00:04:23,790
‫you can see every file and folder the iPad

70
00:04:23,790 --> 00:04:28,530
‫or iOS uses in order to operate like this.

71
00:04:28,530 --> 00:04:32,157
‫You don't get to see them in non jail broken devices,

72
00:04:32,157 --> 00:04:35,880
‫but if you have jail broken device, your administrator

73
00:04:35,880 --> 00:04:39,270
‫and you can do whatever you want with it.

74
00:04:39,270 --> 00:04:44,270
‫So make sure you download the SSH and Cycript and Filza.

75
00:04:46,590 --> 00:04:50,490
‫And I'm gonna show you how to SSH into your iPad.

76
00:04:50,490 --> 00:04:52,590
‫So I'm going to open my terminal, okay?

77
00:04:52,590 --> 00:04:56,670
‫You can just do that by hitting command space on your Mac

78
00:04:56,670 --> 00:04:58,410
‫and search for terminal.

79
00:04:58,410 --> 00:05:01,290
‫And I'm going to make this a little bit bigger

80
00:05:01,290 --> 00:05:03,676
‫so you can see it in a better way.

81
00:05:03,676 --> 00:05:08,676
‫So you can do that in your view on menu over here.

82
00:05:09,300 --> 00:05:14,300
‫Okay, so let me do this couple of times more.

83
00:05:14,640 --> 00:05:18,090
‫Yeah, I believe now it's much better.

84
00:05:18,090 --> 00:05:22,230
‫So we are going to SSH into the iPad.

85
00:05:22,230 --> 00:05:24,450
‫So it's fairly easy to do.

86
00:05:24,450 --> 00:05:28,050
‫It's just one command SSH, okay?

87
00:05:28,050 --> 00:05:33,050
‫And you just write the username and then hit an at

88
00:05:33,390 --> 00:05:37,080
‫and then write the IP address of the iPad.

89
00:05:37,080 --> 00:05:39,540
‫So this is where it gets critical.

90
00:05:39,540 --> 00:05:42,274
‫So your host machine, your MacBook

91
00:05:42,274 --> 00:05:46,980
‫and your iPad should have the same internet connection.

92
00:05:46,980 --> 00:05:50,940
‫They should have, they should have been connected

93
00:05:50,940 --> 00:05:54,390
‫to the same router on your house,

94
00:05:54,390 --> 00:05:57,270
‫on your work, whatever it is, it doesn't matter

95
00:05:57,270 --> 00:06:00,750
‫but they should be on the same location.

96
00:06:00,750 --> 00:06:03,630
‫So if you go to your wifi, okay?

97
00:06:03,630 --> 00:06:06,210
‫And if you click on this blue button

98
00:06:06,210 --> 00:06:09,177
‫you can see your local IP address

99
00:06:09,177 --> 00:06:14,177
‫which is 192.168.1.31 for me.

100
00:06:14,280 --> 00:06:18,157
‫Okay? So this is how you find your device's

101
00:06:18,157 --> 00:06:20,490
‫local IP address.

102
00:06:20,490 --> 00:06:24,690
‫Another find, another way to find it is actually going

103
00:06:24,690 --> 00:06:28,290
‫into the administrator settings of your router.

104
00:06:28,290 --> 00:06:31,770
‫Like this 1, 9, 2, 1, 6, 8, 1 1.

105
00:06:31,770 --> 00:06:34,740
‫This points to the router okay?

106
00:06:34,740 --> 00:06:39,600
‫And in the router administrator panel like this

107
00:06:39,600 --> 00:06:43,110
‫you can find all the local IPs assigned

108
00:06:43,110 --> 00:06:46,560
‫to different kind of devices in your home.

109
00:06:46,560 --> 00:06:51,560
‫Like as you can see, my iPad has 192.168.1.31.

110
00:06:51,840 --> 00:06:54,270
‫Of course this is a little bit trickier,

111
00:06:54,270 --> 00:06:59,190
‫so make sure you find the local IP address on your iPad.

112
00:06:59,190 --> 00:07:02,430
‫So once you hit enter, if you're on the same network

113
00:07:02,430 --> 00:07:06,540
‫it will find the iPad and it'll ask you for a password.

114
00:07:06,540 --> 00:07:09,720
‫So I'm going to show you what a password is right now,

115
00:07:09,720 --> 00:07:12,330
‫I just type my password I'm in

116
00:07:12,330 --> 00:07:15,180
‫and my password is different from yours.

117
00:07:15,180 --> 00:07:17,511
‫But your password will be the same

118
00:07:17,511 --> 00:07:22,230
‫with everyone that is doing this jail breaking thing.

119
00:07:22,230 --> 00:07:23,190
‫And it's not safe.

120
00:07:23,190 --> 00:07:24,960
‫We are going to change it soon.

121
00:07:24,960 --> 00:07:27,180
‫So let me show you what I mean.

122
00:07:27,180 --> 00:07:31,170
‫If you go to Google and if you search for password

123
00:07:31,170 --> 00:07:33,540
‫for jail broken iOS devices

124
00:07:33,540 --> 00:07:35,814
‫like jail break password, okay

125
00:07:35,814 --> 00:07:38,659
‫jail break route password for example,

126
00:07:38,659 --> 00:07:42,210
‫then you're going to see the same result

127
00:07:42,210 --> 00:07:44,670
‫in many of the websites.

128
00:07:44,670 --> 00:07:45,720
‫So this is it.

129
00:07:45,720 --> 00:07:47,808
‫This is Alpine, okay?

130
00:07:47,808 --> 00:07:51,450
‫A L P I N E.

131
00:07:51,450 --> 00:07:56,070
‫So make sure you write this and hit enter, Alpine.

132
00:07:56,070 --> 00:07:59,130
‫That's how you connect to your SSH,

133
00:07:59,130 --> 00:08:01,680
‫that's how we connect your device, okay?

134
00:08:01,680 --> 00:08:04,200
‫And then we are gonna change it

135
00:08:04,200 --> 00:08:05,894
‫because this is the same,

136
00:08:05,894 --> 00:08:10,620
‫same password for everyone and it's not safe.

137
00:08:10,620 --> 00:08:12,820
‫You can be hacked pretty easily

138
00:08:12,820 --> 00:08:16,290
‫if someone knows your IP address

139
00:08:16,290 --> 00:08:19,470
‫and if someone knows that you are iPad

140
00:08:19,470 --> 00:08:22,050
‫or iPhone is jail broken.

141
00:08:22,050 --> 00:08:25,648
‫So I'm going to write pass WD here

142
00:08:25,648 --> 00:08:29,730
‫once I'm inside of my iPad, okay?

143
00:08:29,730 --> 00:08:32,970
‫So after connection, just write pass WD

144
00:08:32,970 --> 00:08:35,146
‫and it'll ask you for your new password.

145
00:08:35,146 --> 00:08:38,190
‫Just write a password and hit enter.

146
00:08:38,190 --> 00:08:42,690
‫It'll not appear on your screen like this, but it's typing.

147
00:08:42,690 --> 00:08:45,150
‫Just retype it and hit enter

148
00:08:45,150 --> 00:08:47,910
‫and your password will be changed.

149
00:08:47,910 --> 00:08:50,880
‫And make sure you complete the step again

150
00:08:50,880 --> 00:08:54,240
‫because Alpine is valid for everyone

151
00:08:54,240 --> 00:08:56,253
‫and it's not very safe.

152
00:08:57,180 --> 00:09:00,690
‫And if your own tool for jail breaking

153
00:09:00,690 --> 00:09:03,480
‫suggests otherwise like something different

154
00:09:03,480 --> 00:09:05,100
‫than Alpine, then of course

155
00:09:05,100 --> 00:09:08,400
‫you should give that password over here.

156
00:09:08,400 --> 00:09:13,400
‫So I'm inside my iPad, as you can see I ran LS command

157
00:09:13,530 --> 00:09:18,360
‫and I see some modules or some kind of folders over here.

158
00:09:18,360 --> 00:09:21,060
‫If I run PWD, I will see I'm in the route.

159
00:09:21,060 --> 00:09:25,270
‫Then I'm gonna go out of the route and I'm going to run LS.

160
00:09:25,270 --> 00:09:28,470
‫And as you can see, I'm inside of the home folder.

161
00:09:28,470 --> 00:09:30,120
‫Right now I'm nowhere.

162
00:09:30,120 --> 00:09:33,030
‫I can just see the files and folders.

163
00:09:33,030 --> 00:09:36,718
‫Of course we can see them in Filza as well.

164
00:09:36,718 --> 00:09:40,870
‫But we will do so much different things

165
00:09:40,870 --> 00:09:43,350
‫on terminal later on.

166
00:09:43,350 --> 00:09:46,896
‫For example, I can try to go into applications folder

167
00:09:46,896 --> 00:09:49,307
‫I can try to run LS

168
00:09:49,307 --> 00:09:54,307
‫and here is an app, for example, model player app.

169
00:09:54,630 --> 00:09:59,040
‫So I get to see every file, every folder

170
00:09:59,040 --> 00:10:01,920
‫and I get to see them on the Filza as well.

171
00:10:01,920 --> 00:10:03,917
‫But again, we are going to use Cycript.

172
00:10:03,917 --> 00:10:05,880
‫We are going to use other tools

173
00:10:05,880 --> 00:10:08,730
‫in order to manipulate the apps,

174
00:10:08,730 --> 00:10:11,517
‫in order to make reverse engineering

175
00:10:11,517 --> 00:10:14,040
‫in a better way and stuff.

176
00:10:14,040 --> 00:10:15,981
‫So there a lot of things

177
00:10:15,981 --> 00:10:20,610
‫that you can do with jail broken devices.

178
00:10:20,610 --> 00:10:23,640
‫If this is the first time that you're doing this,

179
00:10:23,640 --> 00:10:25,530
‫I believe this is the first time

180
00:10:25,530 --> 00:10:27,090
‫that you are actually seeing

181
00:10:27,090 --> 00:10:28,800
‫your own files and folders

182
00:10:28,800 --> 00:10:31,743
‫even though you own the device.

183
00:10:32,610 --> 00:10:35,430
‫So if I run exit it will just log out

184
00:10:35,430 --> 00:10:37,470
‫and close the connection.

185
00:10:37,470 --> 00:10:40,023
‫Then if I want to connect one more time

186
00:10:40,023 --> 00:10:43,260
‫then I will run the same thing SSH route

187
00:10:43,260 --> 00:10:46,620
‫at IP address and it will ask me for my password.

188
00:10:46,620 --> 00:10:48,450
‫And remember, we changed the password

189
00:10:48,450 --> 00:10:51,510
‫so make sure you give your new one.

190
00:10:51,510 --> 00:10:54,414
‫So this is how you jail break iOS devices

191
00:10:54,414 --> 00:10:57,236
‫and this is how you work with them.

192
00:10:57,236 --> 00:10:59,217
‫So far so good.

193
00:10:59,217 --> 00:11:01,560
‫We are going to do the rest

194
00:11:01,560 --> 00:11:03,748
‫of the things like app manipulation

195
00:11:03,748 --> 00:11:07,440
‫and stuff in the iOS reverse engineering section.

196
00:11:07,440 --> 00:11:09,690
‫So I'm going to leave this as it is.

197
00:11:09,690 --> 00:11:13,770
‫I'm going to move on to Android devices and routing process.

198
00:11:13,770 --> 00:11:15,153
‫See you in the next one.