1
00:00:00,270 --> 00:00:02,460
‫Instructor: Hi, within this section,

2
00:00:02,460 --> 00:00:07,110
‫we're going to focus on iOS reverse engineering process.

3
00:00:07,110 --> 00:00:10,800
‫So as I have told you in the beginning of this course,

4
00:00:10,800 --> 00:00:15,800
‫you will need a MacBook or MacOS for this section,

5
00:00:15,810 --> 00:00:18,660
‫and also on top of that, you will need

6
00:00:18,660 --> 00:00:22,230
‫a jailbroken iOS device as well.

7
00:00:22,230 --> 00:00:25,020
‫However, this is for only practice.

8
00:00:25,020 --> 00:00:28,830
‫So if you don't have any MacBook or any MacOS

9
00:00:28,830 --> 00:00:31,320
‫operating device or if you don't have

10
00:00:31,320 --> 00:00:33,810
‫any jailbroken iOS device,

11
00:00:33,810 --> 00:00:37,650
‫then just don't skip this section, okay?

12
00:00:37,650 --> 00:00:41,070
‫I really suggest you just watch it and take notes

13
00:00:41,070 --> 00:00:43,680
‫because not only we are going to

14
00:00:43,680 --> 00:00:47,160
‫learn about iOS reverse engineering in this section,

15
00:00:47,160 --> 00:00:51,450
‫but also we're going to see some very important concepts

16
00:00:51,450 --> 00:00:55,230
‫for all reverse engineering and for all

17
00:00:55,230 --> 00:00:59,970
‫ethical hacking subjects as well, such as assembly,

18
00:00:59,970 --> 00:01:03,180
‫such as hexadecimal, such as binary,

19
00:01:03,180 --> 00:01:06,060
‫and some other terms as well.

20
00:01:06,060 --> 00:01:09,060
‫So if you are looking to be an ethical hacker

21
00:01:09,060 --> 00:01:13,260
‫or cyber security analyst, and if you're looking to

22
00:01:13,260 --> 00:01:17,040
‫focus on mobile applications or mobile devices,

23
00:01:17,040 --> 00:01:20,250
‫this section is a must for you.

24
00:01:20,250 --> 00:01:22,740
‫So if you have a jailbroken device

25
00:01:22,740 --> 00:01:25,500
‫and if you have a Mac, then it's very good

26
00:01:25,500 --> 00:01:28,290
‫so you get to practice what we are gonna do

27
00:01:28,290 --> 00:01:31,080
‫within the section, but if you don't, don't worry,

28
00:01:31,080 --> 00:01:32,760
‫just watch it.

29
00:01:32,760 --> 00:01:35,640
‫Okay, just watch the section and take notes.

30
00:01:35,640 --> 00:01:40,230
‫Here you can see I have two folders on my desktop.

31
00:01:40,230 --> 00:01:42,780
‫So these are apps that I have written

32
00:01:42,780 --> 00:01:44,850
‫for this specific section.

33
00:01:44,850 --> 00:01:49,850
‫And these apps actually detect if your device is jailbroken.

34
00:01:51,300 --> 00:01:54,060
‫So if your device is jailbroken,

35
00:01:54,060 --> 00:01:58,110
‫you must encounter some apps that are trying to understand

36
00:01:58,110 --> 00:02:00,600
‫if you're on Jailbroken device or not.

37
00:02:00,600 --> 00:02:03,540
‫And if you are, if they detect it,

38
00:02:03,540 --> 00:02:07,830
‫they may prevent you from using their app.

39
00:02:07,830 --> 00:02:10,080
‫So there are security reasons for that.

40
00:02:10,080 --> 00:02:13,650
‫Okay, if you have administrator privileges

41
00:02:13,650 --> 00:02:18,480
‫in your iOS device, then you can see all the details

42
00:02:18,480 --> 00:02:21,270
‫of that app, like you can go to the data folder,

43
00:02:21,270 --> 00:02:25,200
‫you can try to understand what's going on inside of the app,

44
00:02:25,200 --> 00:02:29,010
‫and most of the app producers do not want that.

45
00:02:29,010 --> 00:02:33,180
‫So as you can see, we have two options, one for Objective C

46
00:02:33,180 --> 00:02:34,710
‫and one for Swift.

47
00:02:34,710 --> 00:02:37,680
‫And I'm going to share the link with you as well.

48
00:02:37,680 --> 00:02:41,610
‫So we're going to download this folders from here

49
00:02:41,610 --> 00:02:46,320
‫like this Objective C version, and Swift version as well.

50
00:02:46,320 --> 00:02:51,320
‫And we're going to actually try and bypass this detection

51
00:02:53,190 --> 00:02:54,600
‫throughout this section.

52
00:02:54,600 --> 00:02:58,260
‫So make sure you download those folders

53
00:02:58,260 --> 00:03:01,020
‫and just double click on it and just double click

54
00:03:01,020 --> 00:03:03,693
‫on the project file to open it.

55
00:03:04,530 --> 00:03:09,530
‫And actually, there are some IPA files that I have created

56
00:03:09,840 --> 00:03:12,420
‫inside of these folders as well.

57
00:03:12,420 --> 00:03:16,200
‫So you don't have to open these files

58
00:03:16,200 --> 00:03:19,350
‫and run it on your simulator, right?

59
00:03:19,350 --> 00:03:21,990
‫Because we are not interested in the source code

60
00:03:21,990 --> 00:03:23,280
‫at this point.

61
00:03:23,280 --> 00:03:28,280
‫As we were doing in the Android reverse engineering section,

62
00:03:28,830 --> 00:03:32,040
‫we are only interested in the final product.

63
00:03:32,040 --> 00:03:35,940
‫So final product in here is the IPA folder

64
00:03:35,940 --> 00:03:37,290
‫which you can see over here.

65
00:03:37,290 --> 00:03:40,350
‫So this is detect jail IPA folder

66
00:03:40,350 --> 00:03:43,770
‫and again, detect jail Swift IPA folder.

67
00:03:43,770 --> 00:03:46,620
‫So you can find the latest version,

68
00:03:46,620 --> 00:03:49,680
‫like latest product of this project

69
00:03:49,680 --> 00:03:53,130
‫over here and over there once you download those.

70
00:03:53,130 --> 00:03:56,520
‫And in fact, you don't even need to see the source code.

71
00:03:56,520 --> 00:04:00,240
‫Okay, you don't even need to know the source code

72
00:04:00,240 --> 00:04:03,870
‫because in real life, you won't know the source code,

73
00:04:03,870 --> 00:04:05,970
‫you will only get the IPA

74
00:04:05,970 --> 00:04:10,440
‫for security testing or for kind of penetration testing.

75
00:04:10,440 --> 00:04:13,710
‫And then you're going to have to work with it.

76
00:04:13,710 --> 00:04:16,350
‫So that's exactly what we are going to do

77
00:04:16,350 --> 00:04:17,730
‫within this section.

78
00:04:17,730 --> 00:04:21,930
‫We're going to install those IPAs in our jailbroken device

79
00:04:21,930 --> 00:04:23,610
‫and we're going to test to see if

80
00:04:23,610 --> 00:04:25,680
‫they detect our jail breaking

81
00:04:25,680 --> 00:04:28,050
‫and they will detect most of the time.

82
00:04:28,050 --> 00:04:32,850
‫And then we're going to try and bypass this jail breaking

83
00:04:32,850 --> 00:04:36,990
‫detection to understand reverse engineering,

84
00:04:36,990 --> 00:04:41,223
‫to understand app manipulation in iOS as well.

85
00:04:42,180 --> 00:04:45,600
‫So make sure you download both of these applications,

86
00:04:45,600 --> 00:04:48,450
‫both of these followers on your computer.

87
00:04:48,450 --> 00:04:52,050
‫And the first thing that you should do is to install IPAs

88
00:04:52,050 --> 00:04:54,360
‫on your jailbroken device.

89
00:04:54,360 --> 00:04:56,820
‫So you have seen how to do that

90
00:04:56,820 --> 00:04:59,460
‫in rooting and jail breaking section,

91
00:04:59,460 --> 00:05:02,340
‫but if you have missed it for some reason,

92
00:05:02,340 --> 00:05:05,190
‫then I'm just going to show you how it's done.

93
00:05:05,190 --> 00:05:08,970
‫I'm going to connect my iPad, which is a jail broken iPad,

94
00:05:08,970 --> 00:05:13,260
‫and then I'm going to use Cydia Impactor to install this IPA

95
00:05:13,260 --> 00:05:14,790
‫on my iPad.

96
00:05:14,790 --> 00:05:17,550
‫So this is my iPad over here, okay.

97
00:05:17,550 --> 00:05:21,170
‫And as you can see, this is a very old version, like 9.3,

98
00:05:22,050 --> 00:05:24,570
‫and I suggest you do the same,

99
00:05:24,570 --> 00:05:26,790
‫if you want to jailbreak some device,

100
00:05:26,790 --> 00:05:30,120
‫make sure it's kind of an old device

101
00:05:30,120 --> 00:05:33,330
‫so that when it's a warranty expires,

102
00:05:33,330 --> 00:05:35,460
‫it won't be a problem for you.

103
00:05:35,460 --> 00:05:39,060
‫Don't do jail breaking with your daily devices.

104
00:05:39,060 --> 00:05:42,060
‫So if you have missed the section for jail breaking

105
00:05:42,060 --> 00:05:43,740
‫and if you want to do it right now,

106
00:05:43,740 --> 00:05:45,690
‫just go back and watch it

107
00:05:45,690 --> 00:05:48,780
‫because it's very easy, actually, you can't do it in

108
00:05:48,780 --> 00:05:52,893
‫like a 30 minutes or something, by downloading some IPAs.

109
00:05:53,760 --> 00:05:58,560
‫And now, we're going to install those IPAs on our iPad.

110
00:05:58,560 --> 00:06:01,920
‫And in order to do that, I'm going to use Impactor.

111
00:06:01,920 --> 00:06:05,880
‫So Impactor is Cydia impactor, actually, this is an app

112
00:06:05,880 --> 00:06:09,750
‫that we can use to upload IPAs

113
00:06:09,750 --> 00:06:13,260
‫to the devices that are connected to our MacBook

114
00:06:13,260 --> 00:06:16,350
‫via USB or via USB-C.

115
00:06:16,350 --> 00:06:19,380
‫So if you haven't downloaded it yet,

116
00:06:19,380 --> 00:06:24,300
‫just go to cydiaimpactor.com, like this, okay.

117
00:06:24,300 --> 00:06:28,020
‫You can easily download Cydia Impactor from this website

118
00:06:28,020 --> 00:06:29,520
‫and install it.

119
00:06:29,520 --> 00:06:32,760
‫This is a very small tool, but it's a very useful tool.

120
00:06:32,760 --> 00:06:36,360
‫You use that to upload IPAs to your devices

121
00:06:36,360 --> 00:06:39,780
‫even if they are not jailbroken, okay?

122
00:06:39,780 --> 00:06:44,700
‫You can upload any IPA to any iOS device using this tool.

123
00:06:44,700 --> 00:06:46,380
‫So this is a very good tool.

124
00:06:46,380 --> 00:06:48,660
‫Make sure you download it anyhow

125
00:06:48,660 --> 00:06:50,970
‫and you will use it eventually

126
00:06:50,970 --> 00:06:55,020
‫if you're looking into learning this stuff, okay?

127
00:06:55,020 --> 00:06:57,180
‫So I'm going to download it and show it to you

128
00:06:57,180 --> 00:07:01,590
‫because it's already 20 megabytes, so it won't even

129
00:07:01,590 --> 00:07:02,940
‫take our time.

130
00:07:02,940 --> 00:07:05,520
‫So double click on it once it's done

131
00:07:05,520 --> 00:07:08,790
‫and make sure you just drag the Impactor

132
00:07:08,790 --> 00:07:11,610
‫to your applications folder and that's it.

133
00:07:11,610 --> 00:07:13,620
‫So that's how you install it, okay?

134
00:07:13,620 --> 00:07:15,630
‫And once you connect your device

135
00:07:15,630 --> 00:07:18,000
‫like I have connected my iPad,

136
00:07:18,000 --> 00:07:21,900
‫it will show up on the Impactor over here, okay?

137
00:07:21,900 --> 00:07:26,160
‫Like this, and then you can drag and drop any IPA

138
00:07:26,160 --> 00:07:31,160
‫to the Cydia Impactor to upload that IPA onto your device.

139
00:07:32,550 --> 00:07:36,300
‫So when you do that, it will ask for some kind of password,

140
00:07:36,300 --> 00:07:38,760
‫and this is your Apple ID password,

141
00:07:38,760 --> 00:07:42,090
‫but you shouldn't give your own Apple ID password,

142
00:07:42,090 --> 00:07:43,920
‫I'm gonna show you how.

143
00:07:43,920 --> 00:07:46,830
‫So let me just bring in my IPA.

144
00:07:46,830 --> 00:07:49,470
‫I'm gonna start with Objective C by the way,

145
00:07:49,470 --> 00:07:51,480
‫just make sure you follow along.

146
00:07:51,480 --> 00:07:55,680
‫I'm going to take this detect jail IPA

147
00:07:55,680 --> 00:07:58,260
‫and copy it on my desktop,

148
00:07:58,260 --> 00:08:02,220
‫and then drag and drop it on the Cydia Impactor app.

149
00:08:02,220 --> 00:08:06,150
‫It will ask me for my iTunes email login.

150
00:08:06,150 --> 00:08:09,870
‫So this is where people get suspicious as I've said before,

151
00:08:09,870 --> 00:08:11,250
‫but if you have missed it,

152
00:08:11,250 --> 00:08:15,930
‫you can actually give your own Apple ID over here

153
00:08:15,930 --> 00:08:19,410
‫and then we will generate a one-time password to use

154
00:08:19,410 --> 00:08:23,160
‫for this purpose only, so it will be perfectly safe.

155
00:08:23,160 --> 00:08:25,920
‫And Cydia Impactor does not store any password,

156
00:08:25,920 --> 00:08:29,040
‫they just send them only to the Apple.

157
00:08:29,040 --> 00:08:33,030
‫But in order to be sure, and in order to be perfectly safe,

158
00:08:33,030 --> 00:08:36,030
‫we will follow the Apple guidelines over here.

159
00:08:36,030 --> 00:08:39,990
‫So Apple suggests if we are using a third party application

160
00:08:39,990 --> 00:08:43,500
‫like that and if we have to give our password

161
00:08:43,500 --> 00:08:48,500
‫in cases like this, then we have to go to appleid.apple.com.

162
00:08:49,680 --> 00:08:53,790
‫This is where we can log in with our own Apple ID, okay,

163
00:08:53,790 --> 00:08:55,920
‫with giving our own password.

164
00:08:55,920 --> 00:08:59,610
‫And then, it will create some page for us,

165
00:08:59,610 --> 00:09:01,650
‫you will see in a minute.

166
00:09:01,650 --> 00:09:06,650
‫So let me give my two factor authentication number, okay.

167
00:09:07,290 --> 00:09:09,180
‫It will show us a page

168
00:09:09,180 --> 00:09:13,230
‫in which we can generate some app specific passwords.

169
00:09:13,230 --> 00:09:15,810
‫So you can see that over here,

170
00:09:15,810 --> 00:09:19,440
‫and once we click on that, it will just create a password

171
00:09:19,440 --> 00:09:21,750
‫that I can use with third party apps.

172
00:09:21,750 --> 00:09:26,190
‫And even if somebody gets hold on this,

173
00:09:26,190 --> 00:09:29,010
‫we can delete it, okay, after we use it,

174
00:09:29,010 --> 00:09:32,640
‫and they cannot log into your iCloud account

175
00:09:32,640 --> 00:09:37,640
‫by using this password, and this is just for our use

176
00:09:38,070 --> 00:09:42,120
‫and for third party apps only.

177
00:09:42,120 --> 00:09:47,120
‫So let me just copy this and I'm going to pass this

178
00:09:47,550 --> 00:09:51,510
‫in my iPad, in my Cydia Impactor, okay?

179
00:09:51,510 --> 00:09:53,520
‫So let me just minimize this

180
00:09:53,520 --> 00:09:55,473
‫and come over here and paste it.

181
00:09:56,670 --> 00:10:00,180
‫I'm going to give my email first and then hit enter,

182
00:10:00,180 --> 00:10:03,270
‫and paste the password and then say okay.

183
00:10:03,270 --> 00:10:08,270
‫Once I do that, it will upload the IPA file to my desktop,

184
00:10:09,990 --> 00:10:12,420
‫not my desktop, my iPad,

185
00:10:12,420 --> 00:10:15,510
‫and it asks me to choose a profile,

186
00:10:15,510 --> 00:10:17,370
‫for a reason, I have two,

187
00:10:17,370 --> 00:10:20,760
‫most probably because I have a developer account as well.

188
00:10:20,760 --> 00:10:21,593
‫And here you go.

189
00:10:21,593 --> 00:10:26,593
‫Now we see the detect jail application on my iPad like this.

190
00:10:26,610 --> 00:10:31,050
‫So this is how you actually install this detect jail

191
00:10:31,050 --> 00:10:32,937
‫to your jailbroken device.

192
00:10:32,937 --> 00:10:36,930
‫And if you come over here, as you can see there is a page

193
00:10:36,930 --> 00:10:40,020
‫and it says that, test to go to second screen.

194
00:10:40,020 --> 00:10:42,000
‫So think this application

195
00:10:42,000 --> 00:10:45,630
‫as some kind of CTF like capture the flag.

196
00:10:45,630 --> 00:10:49,470
‫And all we want to do in this capture the flag

197
00:10:49,470 --> 00:10:52,140
‫is to go to the second screen.

198
00:10:52,140 --> 00:10:54,720
‫But since we are in jailbroken device,

199
00:10:54,720 --> 00:10:58,470
‫once we hit test, it will say Jailbreak, Hacker,

200
00:10:58,470 --> 00:11:01,230
‫and it won't take us to the second screen.

201
00:11:01,230 --> 00:11:04,980
‫So it's a very basic challenge, right?

202
00:11:04,980 --> 00:11:08,400
‫All we want to do is to go to second screen,

203
00:11:08,400 --> 00:11:10,950
‫and of course, you can find some other ways

204
00:11:10,950 --> 00:11:12,510
‫to do that as well.

205
00:11:12,510 --> 00:11:15,030
‫But what we are going to do throughout the section

206
00:11:15,030 --> 00:11:17,280
‫is to understand how we can

207
00:11:17,280 --> 00:11:21,390
‫actually manipulate this function, manipulate this method

208
00:11:21,390 --> 00:11:24,180
‫so that this app will think

209
00:11:24,180 --> 00:11:28,230
‫that our jailbroken device is not actually jailbroken.

210
00:11:28,230 --> 00:11:30,990
‫So we're going to do that and we are going to

211
00:11:30,990 --> 00:11:34,500
‫learn the basics of app manipulation

212
00:11:34,500 --> 00:11:39,240
‫and the reverse engineering of iOS as well.

213
00:11:39,240 --> 00:11:43,110
‫So make sure you download this detection app and make sure

214
00:11:43,110 --> 00:11:44,790
‫you upload it to your device,

215
00:11:44,790 --> 00:11:48,300
‫and make sure if you don't have any device or MacOS,

216
00:11:48,300 --> 00:11:51,753
‫just stick to it and watch everything in this section.