Scribd Logo
Upload

Welcome to Scribd!

  • iOS Security Exam - Eu

    Uploaded by

    kehicaw
    9 views6 pages
    This document contains 10 questions regarding iOS security. It asks about iOS architecture, file encryption, jailbreaking, artifacts in files and directories, application analysis, reversing, and testing. Specifically, it asks about the iOS hardware encryption, key sizes, filesystem, passcodes, jailbreak types, unsafe functions to replace, application automation testing, Mach-O binary headers, PIE flags, SQLite databases, and challenges with dynamic analysis like input-related encryption.

    Original Description:

    Original Title

    iOS_Security_Exam.eu

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document contains 10 questions regarding iOS security. It asks about iOS architecture, file encryption, jailbreaking, artifacts in files and directories, application analysis, reversing, and testing. Specifically, it asks about the iOS hardware encryption, key sizes, filesystem, passcodes, jailbreak types, unsafe functions to replace, application automation testing, Mach-O binary headers, PIE flags, SQLite databases, and challenges with dynamic analysis like input-related encryption.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    9 views6 pages

    iOS Security Exam - Eu

    Uploaded by

    kehicaw
    This document contains 10 questions regarding iOS security. It asks about iOS architecture, file encryption, jailbreaking, artifacts in files and directories, application analysis, reversing, and testing. Specifically, it asks about the iOS hardware encryption, key sizes, filesystem, passcodes, jailbreak types, unsafe functions to replace, application automation testing, Mach-O binary headers, PIE flags, SQLite databases, and challenges with dynamic analysis like input-related encryption.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 6

    AJUELOS Emmanuel eajuelos@aforp.

    eu
    iOS Security Exam
    MSI 11 AFORP

    Question 1: iOS Architecture

    a. Is iOS based on ARM 32/64 or CISC architecture. Explain by drawing the iOS architecture?
    b. What is the size of encryption keys?
    c. What is stored in Security Enclave and unique?

    Question 2: iOS File Data Encryption

    a. Most files are individual encrypted with unique key. Where this key is stored? Explain your
    answer.
    b. What is the filesystem used?

    Figure 2. Hardware Encryption

    c. What type of Passcodes used by iOS?


    d. What is iOS Keybags?

    Question 3: iOS Jailbreaking

    a. Describe the different types of Jailbreaks?


    b. Why Users Jailbreak?
    c. In the following figure 3 what is the evidence of Jailbreak? Explain.

    Figure 3. Jailbreak Evidence

    Question 4: Artifacts on OS X Systems

    The following figure 4 is the file located in ~/Library/Preferences/com.apple.iPod.plist:


    AJUELOS Emmanuel eajuelos@aforp.eu
    iOS Security Exam
    MSI 11 AFORP

    Figure 4. com.apple.iPod.plist file

    a. Explain all artifacts in the figure 4?

    Question 5: iOS Backups UDID Directory

    The following figure 5.1 is the file Info.plist in UDID Directory:

    Figure 5.1. Info.plist file

    a. Explain all artifacts in the figure 5.1?


    b. By using a tool called mbdbls.py we get the following Figure 5.2. Explain the output of this
    tool?

    Figure 5.2. Manifest.mbdb file


    AJUELOS Emmanuel eajuelos@aforp.eu
    iOS Security Exam
    MSI 11 AFORP

    Question 6: iOS Preferences & Configuration

    a. In the file with extension plist we found Device Information. What is the name of this file?
    Give a example of this file with device information.
    b. Give an example of contents in Locakdown directory.
    c. Can we find about SIM cards and othe mobile operators like ICCID numbers?

    Question 7: iOS Native App Analysis

    a. The following functions are dangerous (see Figure 7.1). What is your proposal to replace
    them by safe functions?

    Figure 7.1. Unsafe functions

    b. What is iOS Application Automation Testing?

    Question 8: iOS Native App Reversing

    a. Explain the following flags used to protect iOS application runtime protection features, as
    shown in the figure 8.1:

    Figure 8.1. Mach-o binary header

    b. Why we need to use PIE flag


    c. With witch Otool option we got this display as shown in figire 7.3:
    AJUELOS Emmanuel eajuelos@aforp.eu
    iOS Security Exam
    MSI 11 AFORP

    Figure 8.2. Mach-o mnemonics

    d. Explain the following figure 8.3 :

    Figure 8.3. Otool option -l

    Question 9: iOS Testing

    a. Explain the following code: (figure 9.1)

    Figure 9.1. UI testing


    b. Describes in details the iOS Trustjacking attack?
    c. Is the TrustJacking attack confined to WiFi only?
    d. The figure 9.2 shows several databases in iOS file system. Describe each database in details?

    Figure 9.2. iOS databases

    Question 10: iOS Dynamic Analsys

    a. Dynamic analysis of iOS applications is facing lots of challenges. One challenge is that
    encryption is input-related, so that some data should be provided. iOS Applications are GUI-
    rich, and most of input areas are of UITextField com-ponent, and sometimes _les should be
    provided as input, so manual work isinevitable during test. Explain how we can use API
    Hooking techniques to misuse cryptogaphic features of iOS.
    b. iOS Keychain natively is a SQLite database saved at /private/var/Keychains/keychain-2. When
    using a took called keychain-dumper, what artifacts can we find?
    AJUELOS Emmanuel eajuelos@aforp.eu
    iOS Security Exam
    MSI 11 AFORP

    ANSWERS
    AJUELOS Emmanuel eajuelos@aforp.eu
    iOS Security Exam
    MSI 11 AFORP

    You might also like