1
00:00:00,330 --> 00:00:02,190
‫Instructor: Hi, within this lecture,

2
00:00:02,190 --> 00:00:04,290
‫we are going to learn a very good tool,

3
00:00:04,290 --> 00:00:06,330
‫called Cycript or Cycript

4
00:00:06,330 --> 00:00:09,030
‫and we're going to see how we can leverage this tool,

5
00:00:09,030 --> 00:00:11,700
‫in order to bypass this jailbreak,

6
00:00:11,700 --> 00:00:15,570
‫in order to manipulate the app in a way that we want.

7
00:00:15,570 --> 00:00:18,030
‫So before we start using this tool,

8
00:00:18,030 --> 00:00:20,070
‫first of all we have to make sure,

9
00:00:20,070 --> 00:00:24,150
‫that the Cycript is installed in our jail broken device.

10
00:00:24,150 --> 00:00:25,740
‫And in order to do that,

11
00:00:25,740 --> 00:00:28,680
‫of course I'm going to open my Cydia app,

12
00:00:28,680 --> 00:00:30,570
‫like we have done before

13
00:00:30,570 --> 00:00:33,664
‫and I'm going to download Cycript.

14
00:00:33,664 --> 00:00:38,280
‫So maybe you have skipped the previous sections,

15
00:00:38,280 --> 00:00:40,590
‫about routing or jail breaking.

16
00:00:40,590 --> 00:00:42,870
‫So that's what we use.

17
00:00:42,870 --> 00:00:46,050
‫The Cydia is what we use in order to download

18
00:00:46,050 --> 00:00:49,380
‫and install third party apps, okay?

19
00:00:49,380 --> 00:00:52,277
‫Rather than using app store itself.

20
00:00:52,277 --> 00:00:54,900
‫So make sure you open the Cydia app

21
00:00:54,900 --> 00:00:55,950
‫and it should be there,

22
00:00:55,950 --> 00:00:59,048
‫if you're using a jail broken device, okay?

23
00:00:59,048 --> 00:01:04,048
‫And make sure you follow along with me to install Cycript.

24
00:01:05,910 --> 00:01:10,380
‫So over here we see the installed applications,

25
00:01:10,380 --> 00:01:14,280
‫on our iPad or our iPhone.

26
00:01:14,280 --> 00:01:18,600
‫So maybe Cycript has pre-installed for you,

27
00:01:18,600 --> 00:01:21,600
‫maybe it hasn't, it really doesn't matter.

28
00:01:21,600 --> 00:01:23,940
‫Just come over here to search bar

29
00:01:23,940 --> 00:01:26,610
‫and search for Cycript, okay?

30
00:01:26,610 --> 00:01:31,380
‫And it's spelled like this CYC, okay?

31
00:01:31,380 --> 00:01:33,540
‫And then as you can see,

32
00:01:33,540 --> 00:01:37,170
‫it appears at the bottom of this page, this one.

33
00:01:37,170 --> 00:01:39,356
‫So the creator of this tool,

34
00:01:39,356 --> 00:01:43,290
‫spells or pronounces this as script,

35
00:01:43,290 --> 00:01:46,230
‫but the rest of the world pronounces this Cycript,

36
00:01:46,230 --> 00:01:48,150
‫so I'm gonna go for Cycript

37
00:01:48,150 --> 00:01:50,580
‫and as you can see it's installed for me,

38
00:01:50,580 --> 00:01:54,390
‫if you just hit on this modify or install button,

39
00:01:54,390 --> 00:01:56,520
‫it can install it for you

40
00:01:56,520 --> 00:01:59,520
‫and I'm going to reinstall it so that you can see,

41
00:01:59,520 --> 00:02:03,570
‫what you are going to see when you do that, okay?

42
00:02:03,570 --> 00:02:06,600
‫And as you can see, it's still installing.

43
00:02:06,600 --> 00:02:08,850
‫Now it'll just install it and reboot it

44
00:02:08,850 --> 00:02:11,569
‫and it'll be ready for our use.

45
00:02:11,569 --> 00:02:14,580
‫So what does this tool do?

46
00:02:14,580 --> 00:02:17,070
‫It allows us to connect to the app,

47
00:02:17,070 --> 00:02:20,520
‫connect to our jail broken device

48
00:02:20,520 --> 00:02:24,180
‫and then to the app and try to get the information,

49
00:02:24,180 --> 00:02:26,100
‫out of that related app

50
00:02:26,100 --> 00:02:29,700
‫and try to execute some commands on that app,

51
00:02:29,700 --> 00:02:33,930
‫try to read the data and manipulate the data as well.

52
00:02:33,930 --> 00:02:35,790
‫So this is a very useful tool,

53
00:02:35,790 --> 00:02:39,480
‫if you want to manipulate the apps in an easy way,

54
00:02:39,480 --> 00:02:42,120
‫rather than just going for hex editing,

55
00:02:42,120 --> 00:02:47,070
‫which is very hard to do, you can go for the Cycript, okay?

56
00:02:47,070 --> 00:02:50,550
‫So once you see this restart springboard,

57
00:02:50,550 --> 00:02:52,860
‫you can just hit on the restart springboard

58
00:02:52,860 --> 00:02:55,110
‫and it will reboot it.

59
00:02:55,110 --> 00:02:58,350
‫And of course it's gonna take a little bit time,

60
00:02:58,350 --> 00:03:02,400
‫to reboot and then it'll be ready for your use.

61
00:03:02,400 --> 00:03:06,630
‫But make sure you install because it's very life saving tool

62
00:03:06,630 --> 00:03:09,557
‫and it's also very effective as well.

63
00:03:09,557 --> 00:03:12,840
‫You're going to see what I mean in a minute.

64
00:03:12,840 --> 00:03:16,680
‫And after your jail broken device reboots,

65
00:03:16,680 --> 00:03:18,658
‫just make sure you open it

66
00:03:18,658 --> 00:03:22,530
‫and actually make sure you install the SSH as well.

67
00:03:22,530 --> 00:03:25,380
‫If you have skipped the jail broken section,

68
00:03:25,380 --> 00:03:28,470
‫just go to that section where we talk about routing

69
00:03:28,470 --> 00:03:32,220
‫and jail breaking and then install SSH as well.

70
00:03:32,220 --> 00:03:35,310
‫So I'm going to delete this Detect Jail IPA from here

71
00:03:35,310 --> 00:03:38,340
‫because we have done a lot of installing and stuff,

72
00:03:38,340 --> 00:03:40,680
‫so I'm going to just reinstall it,

73
00:03:40,680 --> 00:03:44,880
‫I'm going to just upload it to my iPad, okay?

74
00:03:44,880 --> 00:03:47,100
‫I'm not gonna change anything over here.

75
00:03:47,100 --> 00:03:51,450
‫It's the same IPA that we have been working on,

76
00:03:51,450 --> 00:03:54,690
‫but I just want to make sure that it's fresh

77
00:03:54,690 --> 00:03:57,330
‫and it's working, okay?

78
00:03:57,330 --> 00:04:00,300
‫So let me go to Appleid.apple.com.

79
00:04:00,300 --> 00:04:02,790
‫So I'm not explaining this because by now,

80
00:04:02,790 --> 00:04:04,890
‫I believe you know how this works.

81
00:04:04,890 --> 00:04:07,200
‫I'm going to use Impactor,

82
00:04:07,200 --> 00:04:12,200
‫in order to upload this to my iPad, okay?

83
00:04:12,450 --> 00:04:16,170
‫So let me just give this two factor authentication.

84
00:04:16,170 --> 00:04:18,690
‫Even though I say remember me every time,

85
00:04:18,690 --> 00:04:21,030
‫it doesn't remember, I dunno why.

86
00:04:21,030 --> 00:04:24,630
‫So let me create a password for this app.

87
00:04:24,630 --> 00:04:28,650
‫So I'm gonna call this test six and here you go,

88
00:04:28,650 --> 00:04:30,120
‫here is my password,

89
00:04:30,120 --> 00:04:33,720
‫I'm just going to bring this down and say okay

90
00:04:33,720 --> 00:04:38,720
‫and it will just actually upload this IPA to my iPad.

91
00:04:40,830 --> 00:04:42,270
‫So here you go.

92
00:04:42,270 --> 00:04:45,180
‫Now I believe we are ready to use it.

93
00:04:45,180 --> 00:04:49,080
‫Now once you install the Cycript or Cycript

94
00:04:49,080 --> 00:04:51,330
‫and once you install your IPA,

95
00:04:51,330 --> 00:04:53,550
‫now you're ready to rock and roll.

96
00:04:53,550 --> 00:04:56,880
‫But before we do that, let me assure you,

97
00:04:56,880 --> 00:04:59,580
‫that this is working, as you can see it works.

98
00:04:59,580 --> 00:05:01,710
‫So I haven't changed anything.

99
00:05:01,710 --> 00:05:05,987
‫So it still detects that I'm using a jail broken device.

100
00:05:05,987 --> 00:05:09,780
‫So let me move this over here

101
00:05:09,780 --> 00:05:12,600
‫and we're gonna have to SSH into our iPad

102
00:05:12,600 --> 00:05:14,590
‫or jail broken iPhone.

103
00:05:14,590 --> 00:05:19,230
‫So remember how you can SSH into your iPad.

104
00:05:19,230 --> 00:05:22,930
‫So if you haven't seen your local IP address,

105
00:05:22,930 --> 00:05:26,610
‫from your own iPad, you can find it,

106
00:05:26,610 --> 00:05:31,610
‫from your local router administrator board as well,

107
00:05:31,890 --> 00:05:35,190
‫by typing 192,168,11

108
00:05:35,190 --> 00:05:38,670
‫or you are gonna have to call your internet provider,

109
00:05:38,670 --> 00:05:43,670
‫to ask how you can reach your administrator panel, okay?

110
00:05:44,880 --> 00:05:47,160
‫But once you reach it, you can see,

111
00:05:47,160 --> 00:05:51,570
‫every local IP in your house and every device as well.

112
00:05:51,570 --> 00:05:53,940
‫So let me show you how this works.

113
00:05:53,940 --> 00:05:55,590
‫If I go to my home network,

114
00:05:55,590 --> 00:06:00,590
‫I can see all the devices and allocated IP addresses

115
00:06:00,750 --> 00:06:03,870
‫and as you can see my iPad is actually using,

116
00:06:03,870 --> 00:06:07,170
‫192, 168, 131 over here

117
00:06:07,170 --> 00:06:11,250
‫and you can see that inside of the iPad or iPhone as well,

118
00:06:11,250 --> 00:06:15,660
‫I have shown you how to find this information before,

119
00:06:15,660 --> 00:06:17,250
‫so I'm gonna cut this quick,

120
00:06:17,250 --> 00:06:21,270
‫I'm going to just SSH into this IP address.

121
00:06:21,270 --> 00:06:25,710
‫So these are all connected to the same network by the way.

122
00:06:25,710 --> 00:06:28,590
‫So let me give my password and here you go.

123
00:06:28,590 --> 00:06:31,140
‫I'm inside of my iPad right now.

124
00:06:31,140 --> 00:06:35,670
‫Now I can write and execute some commands in my iPad,

125
00:06:35,670 --> 00:06:37,440
‫using this terminal.

126
00:06:37,440 --> 00:06:38,940
‫So here we go.

127
00:06:38,940 --> 00:06:43,620
‫What we want to do over here is to run the Cycript command.

128
00:06:43,620 --> 00:06:47,700
‫So we are going to have to switch to the Cycript shell.

129
00:06:47,700 --> 00:06:50,610
‫So in order to do that I'm going to run Cycript

130
00:06:50,610 --> 00:06:54,109
‫and let me bring this up so we can follow it along.

131
00:06:54,109 --> 00:06:58,890
‫So make sure your detect jail application is working,

132
00:06:58,890 --> 00:07:00,234
‫like this, okay?

133
00:07:00,234 --> 00:07:03,896
‫If it's not working, just click on it and open it

134
00:07:03,896 --> 00:07:08,400
‫and then just run the Cycript-P for process

135
00:07:08,400 --> 00:07:12,570
‫and you're gonna have to write the name of this IPA,

136
00:07:12,570 --> 00:07:15,390
‫which is detect jail, okay?

137
00:07:15,390 --> 00:07:16,800
‫Like this.

138
00:07:16,800 --> 00:07:20,340
‫And once you do that, it will run Cycript,

139
00:07:20,340 --> 00:07:21,780
‫against this detect jail

140
00:07:21,780 --> 00:07:26,760
‫and now you can actually run some Cycript code.

141
00:07:26,760 --> 00:07:28,470
‫So here we go.

142
00:07:28,470 --> 00:07:32,940
‫And once we run and execute some Cycript code,

143
00:07:32,940 --> 00:07:37,320
‫it will execute it using the information of the app.

144
00:07:37,320 --> 00:07:41,340
‫For example, if I run something like this UI app,

145
00:07:41,340 --> 00:07:44,580
‫we can see the UI application values

146
00:07:44,580 --> 00:07:47,490
‫and it really doesn't make any sense right now,

147
00:07:47,490 --> 00:07:50,700
‫but if I add something to it like this UI app,

148
00:07:50,700 --> 00:07:53,340
‫that key window, okay?

149
00:07:53,340 --> 00:07:56,040
‫Dot root view controller,

150
00:07:56,040 --> 00:07:59,970
‫So root view controller means the first view controller,

151
00:07:59,970 --> 00:08:04,020
‫first screen that we see when we run this app,

152
00:08:04,020 --> 00:08:06,990
‫so as you can see it's named view controller,

153
00:08:06,990 --> 00:08:08,790
‫if it was named something else,

154
00:08:08,790 --> 00:08:11,880
‫then we would have seen this over here.

155
00:08:11,880 --> 00:08:13,710
‫Now we get the view controller

156
00:08:13,710 --> 00:08:17,610
‫and we have seen there is a second view controller,

157
00:08:17,610 --> 00:08:19,650
‫in the assembly code as well.

158
00:08:19,650 --> 00:08:22,260
‫So we are certain that there are,

159
00:08:22,260 --> 00:08:24,480
‫two view controllers in this app

160
00:08:24,480 --> 00:08:26,970
‫and now we're inside of the first one

161
00:08:26,970 --> 00:08:29,100
‫and we want to go to the second one,

162
00:08:29,100 --> 00:08:32,370
‫in order to capture the flag and see the values,

163
00:08:32,370 --> 00:08:35,695
‫inside of the second view controller, okay?

164
00:08:35,695 --> 00:08:39,660
‫So the main thing that I want to manipulate in this app,

165
00:08:39,660 --> 00:08:42,630
‫is the function that is being called,

166
00:08:42,630 --> 00:08:45,330
‫when the test button is clicked, right?

167
00:08:45,330 --> 00:08:48,450
‫So I don't know that function yet.

168
00:08:48,450 --> 00:08:52,290
‫So there are a couple of ways to understand that function

169
00:08:52,290 --> 00:08:57,000
‫and understand which function are actual present in this app

170
00:08:57,000 --> 00:08:59,610
‫and which function is doing what.

171
00:08:59,610 --> 00:09:04,500
‫So first of all, you can try to do that within Cycript

172
00:09:04,500 --> 00:09:07,740
‫and you can run JavaScript code in Cycript,

173
00:09:07,740 --> 00:09:12,630
‫in order to understand the available methods.

174
00:09:12,630 --> 00:09:17,250
‫I'm gonna show you very good documentation for that.

175
00:09:17,250 --> 00:09:20,220
‫As you can see, there is a website called Cycript Tricks

176
00:09:20,220 --> 00:09:25,220
‫and you can reach it through iPhone.wiki.net, okay?

177
00:09:25,650 --> 00:09:30,650
‫And you can see there are a lot of efficient Cycript codes,

178
00:09:31,050 --> 00:09:34,110
‫very good Cycript codes in order to use,

179
00:09:34,110 --> 00:09:38,190
‫in your penetration tests like this getting methods,

180
00:09:38,190 --> 00:09:41,760
‫so as you can see there is something called getting methods

181
00:09:41,760 --> 00:09:46,470
‫and it apparently gives us the methods inside of this app.

182
00:09:46,470 --> 00:09:49,770
‫So I'm going to copy it and paste it over here.

183
00:09:49,770 --> 00:09:53,760
‫Assume that you don't know anything about JavaScript,

184
00:09:53,760 --> 00:09:57,600
‫you can just copy in a paste it from that website, okay?

185
00:09:57,600 --> 00:10:01,650
‫For useful methods and most of the time you can understand,

186
00:10:01,650 --> 00:10:03,990
‫what's going on just by looking at it.

187
00:10:03,990 --> 00:10:05,550
‫Maybe you cannot write it,

188
00:10:05,550 --> 00:10:08,820
‫but you can read it obviously if you know about Swift

189
00:10:08,820 --> 00:10:11,520
‫or if you know about Java, okay?

190
00:10:11,520 --> 00:10:14,220
‫As you can see there is something called print methods,

191
00:10:14,220 --> 00:10:18,240
‫it's a function, it takes some parameters like class name

192
00:10:18,240 --> 00:10:20,100
‫and if you give some class name,

193
00:10:20,100 --> 00:10:22,290
‫like view controller over here,

194
00:10:22,290 --> 00:10:27,290
‫it'll give the methods of that view controller in return.

195
00:10:28,110 --> 00:10:30,450
‫So I'm going to pass in view controller,

196
00:10:30,450 --> 00:10:35,220
‫as a parameter over here and I will try this print methods

197
00:10:35,220 --> 00:10:38,010
‫and as you can see, once I do that,

198
00:10:38,010 --> 00:10:42,450
‫it crashed and it didn't give me the available methods.

199
00:10:42,450 --> 00:10:45,510
‫So this sometimes happens

200
00:10:45,510 --> 00:10:49,091
‫and this sometimes happens for no reason at all

201
00:10:49,091 --> 00:10:53,250
‫and most of the time it works, okay?

202
00:10:53,250 --> 00:10:57,060
‫You get to see the methods inside of this app,

203
00:10:57,060 --> 00:10:59,010
‫but sometimes as you can see,

204
00:10:59,010 --> 00:11:03,210
‫it doesn't work even though I do it one more time,

205
00:11:03,210 --> 00:11:05,280
‫you will see that it won't work.

206
00:11:05,280 --> 00:11:08,340
‫So let me just call this one more time

207
00:11:08,340 --> 00:11:12,870
‫and I'm going to say view controller, okay?

208
00:11:12,870 --> 00:11:17,100
‫Maybe you see the methods right now, but I cannot see it,

209
00:11:17,100 --> 00:11:19,350
‫as you can see it crashes.

210
00:11:19,350 --> 00:11:22,350
‫So if something like this happens,

211
00:11:22,350 --> 00:11:25,410
‫then don't worry, 'cause there are a couple of other ways,

212
00:11:25,410 --> 00:11:28,890
‫to learn about available methods as well.

213
00:11:28,890 --> 00:11:32,430
‫For example, we still have our assembly code, right?

214
00:11:32,430 --> 00:11:35,340
‫We can try to get some hints and clues,

215
00:11:35,340 --> 00:11:38,310
‫out of that assembly code again.

216
00:11:38,310 --> 00:11:40,594
‫So here we go, it doesn't work.

217
00:11:40,594 --> 00:11:45,594
‫And I even closed down the Cycript for some reason.

218
00:11:46,140 --> 00:11:51,140
‫I believe I have hit command C for some reason by mistake,

219
00:11:51,510 --> 00:11:52,890
‫but it really doesn't matter,

220
00:11:52,890 --> 00:11:54,930
‫I can just call it one more time,

221
00:11:54,930 --> 00:11:56,310
‫but before we do that,

222
00:11:56,310 --> 00:11:59,640
‫I'm gonna go for hopper disassembler, okay?

223
00:11:59,640 --> 00:12:03,047
‫Let me open the hopper from scratch

224
00:12:03,047 --> 00:12:06,720
‫and let me deep dive into this a little bit more,

225
00:12:06,720 --> 00:12:10,830
‫so that maybe we can understand and get some more clues

226
00:12:10,830 --> 00:12:14,760
‫and hints regarding to our test button.

227
00:12:14,760 --> 00:12:19,427
‫So if you look at the left pane or labels,

228
00:12:20,760 --> 00:12:25,680
‫you can see there is something called test button function,

229
00:12:25,680 --> 00:12:28,530
‫let's see, we see the test button

230
00:12:28,530 --> 00:12:31,110
‫and the main thing to do over here,

231
00:12:31,110 --> 00:12:35,070
‫main idea is to search for test and I believe, yeah,

232
00:12:35,070 --> 00:12:38,070
‫this is called test clicked, okay?

233
00:12:38,070 --> 00:12:43,070
‫And most of the time developers will use the buttons name,

234
00:12:43,530 --> 00:12:45,690
‫in the functions like test button click,

235
00:12:45,690 --> 00:12:47,820
‫result button click, sent button click

236
00:12:47,820 --> 00:12:51,390
‫and so that you can understand where it's located.

237
00:12:51,390 --> 00:12:53,880
‫If you go to this diagram show,

238
00:12:53,880 --> 00:12:56,430
‫from the first tab or second tab,

239
00:12:56,430 --> 00:12:59,160
‫if you highlight the test button click,

240
00:12:59,160 --> 00:13:01,860
‫you can go over here to second tab,

241
00:13:01,860 --> 00:13:04,740
‫to understand it in a better way.

242
00:13:04,740 --> 00:13:08,820
‫So if you look at our, if you look at this diagram,

243
00:13:08,820 --> 00:13:11,280
‫then there are a couple of ways to go.

244
00:13:11,280 --> 00:13:15,690
‫It starts and then there are two ways to path.

245
00:13:15,690 --> 00:13:19,560
‫And over here it says that jail break hacker, okay?

246
00:13:19,560 --> 00:13:24,560
‫Like we are seeing right now, once we click it, okay?

247
00:13:24,570 --> 00:13:27,960
‫So this should be the case,

248
00:13:27,960 --> 00:13:30,750
‫where it understands that it detects,

249
00:13:30,750 --> 00:13:33,300
‫that the device is jail broken

250
00:13:33,300 --> 00:13:35,715
‫and over here we have another path

251
00:13:35,715 --> 00:13:40,715
‫and as you can see there is actually some kind of,

252
00:13:42,120 --> 00:13:45,660
‫two second VC Segway over here.

253
00:13:45,660 --> 00:13:48,600
‫So it takes us to second view controller

254
00:13:48,600 --> 00:13:51,270
‫and in fact we wanna go to that way,

255
00:13:51,270 --> 00:13:54,270
‫not the other way around, right?

256
00:13:54,270 --> 00:13:56,640
‫So if you search for a second view controller,

257
00:13:56,640 --> 00:13:59,745
‫you will see the second view controller over here.

258
00:13:59,745 --> 00:14:02,160
‫Now in a case like this,

259
00:14:02,160 --> 00:14:06,497
‫most of the time you can try to change the view controller,

260
00:14:06,497 --> 00:14:10,860
‫without having to tread in anything else like this.

261
00:14:10,860 --> 00:14:13,440
‫So I'm gonna show you how I'm gonna write,

262
00:14:13,440 --> 00:14:15,450
‫Cycript P detect jail

263
00:14:15,450 --> 00:14:16,530
‫and I'm going to say,

264
00:14:16,530 --> 00:14:20,940
‫UIapp.keywindow.rootviewcontroller, okay?

265
00:14:20,940 --> 00:14:21,773
‫Like this.

266
00:14:21,773 --> 00:14:23,100
‫And rather than calling this

267
00:14:23,100 --> 00:14:25,500
‫and getting the name of the view controller,

268
00:14:25,500 --> 00:14:29,420
‫I'm going to make this equal to second view controller,

269
00:14:29,420 --> 00:14:34,350
‫like that and you have to open one brace

270
00:14:34,350 --> 00:14:37,530
‫and make sure that second view controller,

271
00:14:37,530 --> 00:14:42,210
‫is spelled like this and write alloc and close the brace

272
00:14:42,210 --> 00:14:45,960
‫and then say init and close the other brace as well

273
00:14:45,960 --> 00:14:48,810
‫and then you can just hit enter.

274
00:14:48,810 --> 00:14:50,460
‫Now when you do that,

275
00:14:50,460 --> 00:14:53,310
‫it should take you to the second view controller.

276
00:14:53,310 --> 00:14:56,190
‫But again, as you can see, it doesn't.

277
00:14:56,190 --> 00:14:59,280
‫So it can be because of some bug

278
00:14:59,280 --> 00:15:04,170
‫or it can be because of some protection, but it can work.

279
00:15:04,170 --> 00:15:06,986
‫But in this, in our case, it doesn't work.

280
00:15:06,986 --> 00:15:11,986
‫So we have to find another way to go into the second screen,

281
00:15:12,210 --> 00:15:13,860
‫which is actually what I want,

282
00:15:13,860 --> 00:15:16,530
‫because it should be very easy,

283
00:15:16,530 --> 00:15:18,900
‫to change the view controller using this.

284
00:15:18,900 --> 00:15:22,110
‫But we are not looking for easiness over here,

285
00:15:22,110 --> 00:15:26,640
‫rather than easiness we are going to focus on this.

286
00:15:26,640 --> 00:15:29,640
‫As you can see there is some selector called,

287
00:15:29,640 --> 00:15:33,570
‫there is a function called isjailbroken over here.

288
00:15:33,570 --> 00:15:35,970
‫And it all starts with this

289
00:15:35,970 --> 00:15:39,090
‫and then it's just creates two paths,

290
00:15:39,090 --> 00:15:42,060
‫out of this isjailbroken selector.

291
00:15:42,060 --> 00:15:45,360
‫So what we really wanna do is to understand,

292
00:15:45,360 --> 00:15:49,830
‫how we can change this isjailbroken function,

293
00:15:49,830 --> 00:15:52,410
‫so that we don't see the left hand side,

294
00:15:52,410 --> 00:15:56,742
‫but we always end up at the right hand side, okay?

295
00:15:56,742 --> 00:16:01,742
‫So this is exactly what we are going to do using Cycript.

296
00:16:01,950 --> 00:16:04,230
‫However, this lecture is gone too far.

297
00:16:04,230 --> 00:16:05,820
‫So I'm going to stop here

298
00:16:05,820 --> 00:16:09,183
‫and continue within the next lecture.