So, in today's video, following up the results of the poll I made on Twitter, I will teach you how to bypass in-app locks by using reverse engineering / run-time modification for iOS apps. The idea is simple, we have a training app called DVIA (Damn Vulnerable iOS App) that contains a lot of security challenges. Our goal is to bypass some of the locks inside the application by using the device, rather than using the computer. Of course, to know what we need to patch, we're going to use Hopper (or IDA on Windows) on the computer in order to make a bigger picture of how the lock we're trying to bypass is implemented.
After we get the idea on how the arm assembly looks like, and what is the implementation of the JailbreakDetection lock, we move along to the device (of course, it has to be Jailbroken) and we do what is called – method swizzling. This involves patching a method (a function) directly on the running binary. To do that, we use two great tools already available for free in Cydia: Cycript (Script) and TOP.
Top gives us an insight on the running processes and their process ID (PID) that we'll need for hooking Cycript in, and Cycript allows us to modify a method's behavior on the running application.
Combined, these methods represents the basics you need to learn iOS Application Reverse Engineering and Hacking.
DVIA is a test app created especially for such things (hacker's training), and therefore you are not breaking any laws. Happy reversing!
Cycript Documentation: //www.cycript.org
ARM Assembly Documentation: //goo.gl/pMyauP
How to Start iOS Hacking | Reverse Engineering With Radare2:
Other iOS Hacking Tutorials: //goo.gl/6tYk1n
About the registers: //goo.gl/ofAkq7