如果你是一位具有坚实Objective-C基础的应用开发者，这本《iOS应用安全攻防(影印版)》绝对急你所需——你所在公司的iOS应用被攻击的可能性很大。这是因为恶意攻击者现在使用一系列工具采用大多数程序员想象不到的方式进行反向工程、跟踪和操纵应用。

这本书讲解了几种iOS的攻击手段，以及黑客们常用的工具和技术。你会从中学到保护你的应用的最佳方式，并且意识到像你的对手那样去理解和制定策略是多么重要。本书由扎德尔斯基(Zdziarski, J.)著。

Preface

1. Everything You Know Is Wrong

 The Myth of a Monoculture

 The iOS Security Model

 Components of the iOS Security Model

 Storing the Key with the Lock

 Passcodes Equate to Weak Security

 Forensic Data Trumps Encryption

 External Data Is at Risk, Too

 Hijacking Traffic

 Data Can Be Stolen...Quickly

 Trust No One, Not Even Your Application

 Physical Access Is Optional

 Summary

Part Ⅰ. Hacking

2. The Basics of Compromising iOS

 Why It's Important to Learn How to Break Into a Device

 Jailbreaking Explained

 Developer Tools

 End User Jailbreaks

 Jailbreaking an iPhone

 DFU Mode

 Tethered Versus Untethered

 Compromising Devices and Injecting Code

 Building Custom Code

 Analyzing Your Binary

 Testing Your Binary

 Daemon!zing Code

 Deploying Malicious Code with a Tar Archive

 Deploying Malicious Code with a RAM Disk

 Exercises

 Summary

3. Stealing the Filesystem

 Full Disk Encryption

 Solid State NAND

 Disk Encryption

 Where lOS Disk Encryption Has Failed You

 Copying the Live Filesystem

 The DataTheft Payload

 Customizing launchd

 Preparing the RAM disk

 Imaging the Filesystem

 Copying the Raw Filesystem

 The RawTheft Payload

 Customizing launchd

 Preparing the RAM disk

 Imaging the Filesystem

 Exercises

 The Role of Social Engineering

 Disabled Device Decoy

 Deactivated Device Decoy

 Malware Enabled Decoy

 Password Engineering Application

 Summary

4. Forensic Trace and Data Leakage

 Extracting Image Geotags

 Consolidated GPS Cache

 SQLite Databases

 Connecting to a Database

 SQLite Built-in Commands

 Issuing SQL Queries

 Important Database Files

 Address Book Contacts

 Address Book Images

 Google Maps Data

 Calendar Events

 Call History

 Email Database

 Notes

 Photo Metadata

 SMS Messages

 Safari Bookmarks

 SMS Spotlight Cache

 Safari Web Caches

 Web Application Cache

 WebKit Storage

 Voicemail

 Reverse Engineering Remnant Database Fields

 SMS Drafts

 Property Lists

 Important Property List Files

 Other Important Files

 Summary

5. Defeating Encryption

 Sogeti's Data Protection Tools

 Installing Data Protection Tools

 Building the Brute Forcer

 Building Needed Python Libraries

 Extracting Encryption Keys

 The KeyTheft Payload

 Customizing Launchd

 Preparing the RAM disk

 Preparing the Kernel

 Executing the Brute Force

 Decrypting the Keychain

 Decrypting Raw Disk

 Decrypting iTunes Backups

 Defeating Encryption Through Spyware

 The SpyTheft Payload

 Daemonizing spyd

 Customizing Launchd

 Preparing the RAM disk

 Executing the Payload

 Exercises

 Summary

6. Unobliterating Files

 Scraping the HFS Journal

 Carving Empty Space

 Commonly Recovered Data

 Application Screenshots

 Deleted Property Lists

 Deleted Voicemail and Voice Recordings

 Deleted Keyboard Cache

 Photos and Other Personal Information

 Summary

7. Manipulating the Runtime

 Analyzing Binaries

 The Mach-O Format

 Introduction to class-dump-z

 Symbol Tables

 Encrypted Binaries

 Calculating Offsets

 Dumping Memory

 Copy Decrypted Code Back to the File

 Resetting the cryptid

 Abusing the Runtime with Cycript

 Installing Cycript

 Using Cycript

 Breaking Simple Locks

 Replacing Methods

 Trawling for Data

 Logging Data

 More Serious Implications

 Exercises

 SpringBoard Animations

 Call Tapping...Kind Of

 Making Screen Shots

 Summary

8. Abusingthe Runtime Library

 Breaking Objective-C Down

 Instance Variables

 Methods

 Method Cache

 Disassembling and Debugging

 Eavesdropping

 The Underlying Objective-C Framework

 Interfacing with Objective-C

 Malicious Code Injection

 The CodeTheft Payload

 Injection Using a Debugger

 Injection Using Dynamic Linker Attack

 Full Device Infection

 Summary

9. Hijacking Traffic

 APN Hijacking

 Payload Delivery

 Removal

 Simple Proxy Setup

 Attacking SSL

 SSLStrip

 Paros proxy

 Browser Warnings

 Attacking Application-Level SSL Validation

 The SSLTheft Payload

 Hijacking Foundation HTTP Classes

 The POSTTheft Payload

 Analyzing Data

 Driftnet

 Building

 Running

 Exercises

 Summary

Part Ⅱ. Securing

10. Implementing Encryption

 Password Strength

 Beware Random Password Generators

 Introduction to Common Crypto

 Stateless Operations

 Stateful Encryption

 Master Key Encryption

 Geo-Encryption

 Geo-Encryption with Passphrase

 Split Server-Side Keys

 Securing Memory

 Wiping Memory

 Public Key Cryptography

 Exercises

11. Counter Forensics

 Secure File Wiping

 DOD 5220.22-M Wiping

 Objective-C

 Wiping SQLite Records

 Keyboard Cache

 Randomizing PIN Digits

 Application Screenshots

12. Securing the Runtime

 Tamper Response

 Wipe User Data

 Disable Network Access

 Report Home

 Enable Logging

 False Contacts and Kill Switches

 Process Trace Checking

 Blocking Debuggers

 Runtime Class Integrity Checks

 Validating Address Space

 Inline Functions

 Complicating Disassembly

 Optimization Flags

 Stripping

 They're Fun! They Roll! -funroll-loops

 Exercises

13. Jailbreak Detection

 Sandbox Integrity Check

 Filesystem Tests

 Existence of Jailbreak Files

 Size of/etc/fstab

 Evidence of Symbolic Linking

 Page Execution Check

14. Next Steps

 Thinking Like an Attacker

 Other Reverse Engineering Tools

 Security Versus Code Management

 A Flexible Approach to Security

 Other Great Books