Hi. I’m Prateek Gianchandani.

Security Researcher. Mountaineer. Diver.

How to distribute IPA file for jailbroken devices

So i have been getting a few queries on how to create an IPA file from Xcode and distribute it for jailbroken devices. Here is how i did it for Damn Vulnerable iOS App.

First we need to run the application using Xcode on the device. This requires a valid provisioning profile. I am doing this on Xcode 5.x but on the previous versions of Xcode, it was possible to run the application on the device without a valid provisioning profile.

Once the application is installed on the device, copy the .app folder from the device on your system.

2

Read on →

ios

IOS Dev - Encrypting images and saving them in App Sandbox

One of the requirements in my latest project was to encrypt an image and save it on the device in the application’s sandbox, then decrypt is during runtime and upload it to the server. I looked at the documentation for Apple’s CommonCrypto Framework, but it was taking me plenty of time to implement it so instead i decided to use some wrappers that would get the job done for me. I found the RNCryptor library on Github that uses AES encrypton. It was pretty simple to implement it. First, download the files from its github url and include all the files that are relevant to you present inside the RNCryptor folder on your project. In my case, i just imported all of them for now.

1

Then use the following code to encrypt the image.

1
2
3
4
5
6
7
8
9
10
11
//  Code for encrypting and saveing image 
    UIImage *imageToEncrypt = [UIImage imageNamed:@"SomeImage"];
    NSString  *imagePath = [NSHomeDirectory() stringByAppendingPathComponent:@"Documents/encryptedImage.png"];

    NSData *data = UIImagePNGRepresentation(fetchedImage);
    NSError *error;
    NSData *encryptedData = [RNEncryptor encryptData:data
                                        withSettings:kRNCryptorAES256Settings
                                            password:@"ABC123"
                                               error:&error];
   [encryptedData writeToFile:imagePath atomically:YES];

Note that encryting and decrypting the image requires a passcode (ABC123). To decrypt the image, use the following code ..

1
2
3
4
5
6
7
 //  Code for loading image by decryption
    NSString  *imagePath = [NSHomeDirectory() stringByAppendingPathComponent:@"Documents/encryptedImage.png"];
    NSData *encryptedData = [NSData dataWithContentsOfFile:imagePath];
    NSData *decryptedData = [RNDecryptor decryptData:encryptedData
                                        withPassword:@"ABC123"
                                               error:&error];
    UIImage *image = [UIImage imageWithData:decryptedData];

See, its pretty simple. If you have any questions, let me know in the comments secton below and i will get back to you.


ios

IOS Dev - Storing Info in Keychain with NSUserDefaults like syntax

Recently, i decided to improve the security of one of my applications by storing some of the information that i was previously saving in NSUserDefaults in the Keychain. Basically, this doesn’t make that much of a difference if your device is jailbroken. However, if your device is not jailbroken then it is possible to fetch the information saved by NSUserDefaults but not from the Keychain. This is because NSUserDefaults saves the information in an unencrypted format in a plist file inside the application sandbox which can be easily fetched. It can also be fetched from an iTunes backup. Hence, saving info in the Keychain adds an extra layer of security in that case.

I started looking for some Keychain Wrappers and bumped into this amazing library from Github named PDKeychainBindingsController. I found it ridiculously simple to use.

Read on →

ios

What to expect from the new iPhone (5S/5C) - Rumor roundup

The smartphone world is buzzing about rumors for the new Iphone. The new Iphone is rumored to be launched on September 10 in an event in San Francisco, which means that the invitations for the event would be sent to the press sometime around September 3. This time, Apple is reported to be releasing two models of iPhone, one is the iPhone 5s and the other a cheaper variant, reportedly named as the iPhone 5C. Here is a complete rumor roundup from multiple sources about the next generation iPhone.

Fingerprint Sensor

There is absolutely no doubt regarding the fact that the new iPhone will come with a biometric fingerprint sensor.Code for biometric scanning has already been discovered in the beta versions of IOS 7 (by Hamza Sood) released to developers.

Read on →

ios

IOS 7 Beta 3 : Some bugs that i want Apple to Fix !

So i have had IOS 7 on my iPhone 5 since the day it was released at WWDC 2013. Since then, i have seen a number of bugs being fixed with the coming beta versions. However, there are some bugs that are still there, easily reproducible and not fixed yet !

The black Background bug.

To reproduce this, you need to have only one app running. Make sure you are on this app and double tap the home button.

Read on →

iOS Application security Part 5 – Advanced Runtime analysis and manipulation using Cycript (Yahoo Weather App)

In the previous article, we learnt how to setup Cycript on your idevice, hook into a running process and obtain information about its properties in runtime. In this article, we will look at some advanced runtime analysis techniques. We will look at how we can obtain information about a particular class (methods, instance variables) and modify them at runtime.

Finding methods for a particular class

Let’s say we are analyzing the flow of an app during its runtime. It would be really good to know what are the methods being called in a particular view controller or in a particular class. Since Cycript is a blend of Objective-C and Javascript, we can write a function that has both Objective-C and Javscript syntax. We can define functions in the interpreter and use them anytime we want to find out some particular information. A good source for finding such code snippets is available here and we will be using most of the code snippets from here for this article.

First of all, lets make sure we are hooked into the running process.

1

Read on →

ios

Pagination in Restkit 0.2 using RKPaginator

Restkit 0.2 supports pagination through a class called RKPaginator. It has all the necessary methods for supporting pagination properly and efficiently.

The first step is to define the properties required for pagination.

1
2
3
4
//Properties required for pagination
@property (nonatomic,strong) RKPaginator *paginator;
@property (nonatomic,strong) NSMutableArray *objects;
@property (nonatomic,assign) BOOL isPaginatorLoading;

Also make sure to define the url path for your request. The parameters after : denotes the attributes of the RKPaginator object. For e.g, in the below path, instead of :currentPage, the value that will be passed is the currentPage attribute of the paginator object. The two attributes that are necessarily required are perPage and currentPage.

1
#define kUrlStringForPagination @"/ios-pagination/?dummy_variable=dummyVariable&page=:currentPage&per_page=:perPage&dummy_variable2=dummyVariable2"
Read on →