![]() ![]() On the right side, i can see UIAlertView in the code section whereas the left section shows a string named adminPage. After scrolling down for a bit, we arrive at this block. It is obvious that somewhere within this function there is a check for whether the username and password are correct or not and authenticate or disallow the user. You can see that the flow of the function can lead to different blocks of code depending on specific conditions. Scroll down in the function disassembly on the right side. If you want to switch to the previous view, you can press Space again. This is a better way of examining the disassembly as it also helps us in understanding the flow of the function. The view will change to something like this. To view this in sort of a graphical format, double click on the function name in the functions window and press Space. You will be shown the dissassembly for this function on the right side. Once you have found it, double click on it. Now search for the function loginButtonTapped. Choose any function from the list of functions and press Ctrl+F. In IDA Pro, you can see a functions window on the left. We also know that the method whose logic was changed was -(IBAction)loginButtonTapped:(id)sender We had already modified the logic of this application using GDB in Part 22. You will see the disassembled code like this.Ĭoming back to the application, we know that the application has a login page like the one shown below. ![]() Now drag and drop the application binary on the IDA pro icon. This is the binary that we will provide to IDA Pro. Inside this folder, you will find the application binary with the name GDB-Demo. Go inside the folder GDB-Demo.app (this is the application bundle) by right clicking on it and choosing the option Show Package contents. Use the command open DirectoryName and this will open the directory in Finder. Using the command ls -al will give you the last modified date of these folders. ![]() Once you are in this directory, you have to find your application folder. In my case, the location is /Users/Prateek/Library/Application Support/iPhone Simulator 6.1/Applications/. This will generate an application directory inside the folder /Users/$username/Library/Application Support/iPhone Simulator/$ios version of simulator/Applications/. ake sure the application builds successfully and that it installs propery on the simulator. Now open Xcode and run the GDB-Demo application that you had just downloaded using simulator. ![]() The demo version of IDA Pro supports both these architectures, however in this tutorial we are going to compile the application on i386 architecture (i.e on a simulator) to save the effort of copying the application binary from the device to our computer. Please note that when you run an application on the simulator using Xcode, the code is compiled for the i386 architecture, whereas when you run the application on a device using Xcode, it is compiled for the ARM architecture. Once it is downloaded, open it up and choose the option Go which just opens up IDA without any preselected binary. IDA Pro is a pretty awesome multi-processor disassembler and debugger. The first thing you need to do is install the demo version of IDA Pro from their website. In this article, we are going to permanently patch this check so we are always authenticated. If you remember, we had found a way to change the logic of the method that gets called when Login was tapped and hence bypassed the login authentication check. In this article, we will be using the same application GDB-Demo that we had used in Part 22 of this series. Once the binary is patched, you can then run it on a jailbroken device with the changed logic. So you don't have to repeat the same process over and over again. Once a change has been made in the application's binary, its permanent. This is where patching the application is useful. However, using Cycript or GDB is a bit of a pain as one has to do repeat the same process everytime after you restart the application. All of these things have been done to serve a purpose, which is to make the application do what we want. In the previous applications we have looked at how we can hijack method implementations during runtime using Cycript, and even change the logic of the code rather than changing the complete implementation using GDB. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |