Bypassing iOS application anti-debugging technique and jailbreak detection
- Alexandre Becholey
- Wednesday, March 15th, 6:00pm - 7:00pm
Mobile application penetration testing has become increasingly difficult. From a simple request as: "What is it possible to do with my app", it has evolved into the tests of specific aspects and features of the application. To be able to manipulate and play with these parts and the involved functions, a jailbroken iOS device is required. However, applications that have a focus on security usually won't run on a compromised device and will surely detect the jailbreak. A penetration tester needs now to be able to find and bypass the usually obfuscated parts of the application that execute the jailbreak detection mechanisms. There is no bullet-proof solution as it is a game of cat and mouse where the developers change the obfuscation techniques once the previous ones have been discovered. This talk will present recent jailbreak detection methods, propose techniques to find them in the binary and discuss possible ways to bypass them from a simple hook of a function to create script to patch the binary at runtime.
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.