zacon2 - iphone hackery - ross simpson
DESCRIPTION
Talk given at ZaCon2 on "iPhone Hackery" by Ross Simpson Date: 9 October 2010 Location: Johannesburg , South Africa Link to video: http://www.youtube.com/watch?v=Arr2Xs7w4HMTRANSCRIPT
![Page 1: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/1.jpg)
The iPhone Jailbreak
![Page 2: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/2.jpg)
The iPhone Jailbreak
What?
breaking out of the sandbox (Apple's restrictions)
![Page 3: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/3.jpg)
The iPhone Jailbreak
Why?
* 3rd party apps (Cydia)
* full access to filesystem (r00t access)
* 3G tethering
* change default behaviour of system software
![Page 4: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/4.jpg)
The iPhone Jailbreak
How?
* download an application, for your OS version
* use http://www.JailbreakMe.com (PDF exploit)
![Page 5: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/5.jpg)
The iPhone Jailbreak
r00t!
passwords for “root” and “mobile”user accounts are “alpine”...
Change them!
(mobile terminal)
![Page 6: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/6.jpg)
iPhone and WiFi
![Page 7: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/7.jpg)
iPhone and WiFi
eWiFi
* free (in Cydia)
* displays encryption methods on home screen
![Page 8: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/8.jpg)
iPhone and WiFi
eWiFi
* free (in Cydia)
* displays encryption methods on home screen
* easy “auto scan” (time/shake)
![Page 9: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/9.jpg)
iPhone and WiFi
WiFiFoFum
* free (in Cydia)
* no encryption methods on home screen :(
![Page 10: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/10.jpg)
iPhone and WiFi
WiFiFoFum
* free (in Cydia)
* no encryption methods on home screen :(
* displays community-contributed (public) APs
![Page 11: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/11.jpg)
iPhone and WiFi
WiFiFoFum
* free (in Cydia)
* no encryption methods on home screen :(
* displays community-contributed (public) APs
* radar to display locations of APs
![Page 12: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/12.jpg)
iPhone and WiFi
WiFiFoFum
* free (in Cydia)
* no encryption methods on home screen :(
* displays community-contributed (public) APs
* radar to display locations of APs
![Page 13: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/13.jpg)
Packet Capturing
![Page 14: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/14.jpg)
Packet Capturing
tcpdump
* free (in Cydia)
* packet analyzer
* http://www.tcpdump.org
![Page 15: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/15.jpg)
Packet Capturing
Pirni
* free (in Cydia)
* iPhone network sniffer
* console based
![Page 16: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/16.jpg)
Packet Capturing
Pirni Pro
* $1.99 (in Cydia)
* GUI based
* auto detects gateway
![Page 17: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/17.jpg)
Packet Capturing
Pirni Pro
* free (in Cydia)
* GUI based
* auto detects gateway
* RegEX searching
![Page 18: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/18.jpg)
Man In The Middle Attacks
![Page 19: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/19.jpg)
Man-in-the-Middle attacks
* easily scriptable
* awk+sed+grep = cookies
Pirni + bash
![Page 20: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/20.jpg)
Man-in-the-Middle attacks
* easily scriptable
* awk+sed+grep = cookies
* inject into mobile Safari
* easily scriptable
* awk+sed+grep = cookies
* inject into mobile Safari
Pirni + bash
![Page 21: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/21.jpg)
Packet Capturing
* easily scriptable
* awk+sed+grep = cookies
* inject into mobile Safari
* Profit!
Pirni + bash
![Page 22: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/22.jpg)
Packet Capturing
pirni-derv
* http://code.google.com/p/pirni-derv/
* console based
* sniffs for, and auto-injects, cookies
![Page 23: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/23.jpg)
Packet Capturing
pirni-derv
* http://code.google.com/p/pirni-derv/
* console based
* sniffs for, and auto-injects, cookies
* displays and logs rawtext passwords
![Page 24: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/24.jpg)
Penetration Testing
![Page 25: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/25.jpg)
Penetration Testing
nmap
* free (in Cydia)
* network scanner
![Page 26: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/26.jpg)
Penetration Testing
metasploit
* free (in Cydia)
* requires Ruby 1.8.6 (Cydia installs 1.9)
![Page 27: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/27.jpg)
Penetration Testing
S.E.T
* install APT 0.7 Strict (Cydia)
* manually install python
* manually install subversion
* svn check out SET
* agree to install “soup”
![Page 28: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/28.jpg)
Penetration Testing
nikto
* manually install perl (http://coredev.nl)
* manually install nikto (http://cirt.net/nikto2)
![Page 29: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/29.jpg)
Penetration Testing
aircrack-ng
* download + unzip binaries
* lots of broken links/zips
* broken version in Cydia
* no packet capturing
* only cracking
![Page 30: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/30.jpg)
Penetration Testing
PenTBox
* free (in Cydia)
* http://www.pentbox.net/
![Page 31: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/31.jpg)
Penetration Testing
THC-Hydra
* free (in Cydia)
* network login hacker
![Page 32: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/32.jpg)
Other l33t stuff
![Page 33: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/33.jpg)
Other l33t stuff
TV Out
* free (in Cydia)
* lets you connect your iPhone to a TV
* works with un-official TV Out cables
* multiple output modes / controls (eg: size)
![Page 34: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/34.jpg)
Other l33t stuff
Veency
* free (in Cydia)
* VNC server for iPhone
![Page 35: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/35.jpg)
Other l33t stuff
MyWi
* costs $19.99 (in Cydia)
* create an Access Point, sharing 3G (wifi/usb)
* transmit power settings (saves battery / security)
* bypass service provider fees
![Page 36: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/36.jpg)
Other l33t stuff
Fake location
* free (in Cydia)
* fakes your location in selected apps
* choose your location on a map
![Page 37: ZaCon2 - iPhone Hackery - Ross Simpson](https://reader033.vdocuments.mx/reader033/viewer/2022052418/5575c333d8b42a312a8b4b7b/html5/thumbnails/37.jpg)
Other l33t stuff
Fake location
* free (in Cydia)
* fakes your location in selected apps
* choose your location on a map
* steal Foursquare mayorships ;)
* social engineering (Twitter / Facebook Places)