#IOS

  1. Apple’s use of Swift in iOS 11.1 and macOS 10.13.1

    A year ago I analyzed how many built-in apps in iOS 10.1 and macOS 10.12 were using Swift: Apple’s use of Swift in iOS 10.1 and macOS 10.12. How many built-in apps are using Swift in iOS 11.1 and macOS 10.13.1? Let’s find it out! Tool to detect binaries using Swift Last year I explained how to write a script that loops through all the files of a folder and print the paths of binaries using Swift.
    [Read More]
  2. Swift: Banning force unwrapping optionals

    Swift Optionals and force unwrapping The Swift programming language supports optional types, which handle the absence of a value. An optional represents two possibilities: Either there is a value and you can unwrap the optional to access that value, or there isn’t a value at all. Here is how you can declare an optional variable in Swift: var myOptionalString: String? The myOptionalString variable can contain a string value or nil.
    [Read More]
  3. Facebook.app for iOS [v. 88.0] cleans up duplicates

    This post follows up the Analysis of the Facebook.app for iOS [v. 87.0]. The version 88.0 of the Facebook.app has now been released: As you can see from the smaller download size, the duplicated resources have been removed. This is confirmed by looking at the app content using GrandPerspective: Only some really small resources escaped the cleanup. The ‘FBFacecastTipJarResources’ resources are indeed still duplicated. Example: Facebook.app/Frameworks/FBSharedFramework.framework/FBFacecastTipJarResources/tip3b.json.gz Facebook.app/Frameworks/FBSharedFramework.framework/tip3b.json.gz
    [Read More]
  4. Analysis of the Facebook.app for iOS [v. 87.0]

    6 months ago I analyzed the version 66.0 of the Facebook.app for iOS: https://blog.timac.org/2016/1018-analysis-of-the-facebook-app-for-ios The version 66.0 was a 165 MB app on an iPad Air 2 (64-bit). It was a monolithic app with its main binary being more than 100 MB. The version 87.0 is now available: 253 MB on the same iPad Air 2 with only 64-bit code. In just 6 months, the Facebook.app size grew by 88 MB!
    [Read More]
  5. Deobfuscating libMobileGestalt keys

    /usr/lib/libMobileGestalt.dylib is a private library which provides an API to retrieve the capabilities of the iOS device, as well as some runtime information: system version, build version, device type, current status of the airplane mode, … The implementation is similar to a key-value database. The library exposes a simple function to retrieve the value for a specified key: id MGCopyAnswer(NSString *inKey); When calling this method with a key, it returns the associated value stored in the database, or nil if the key does not exist.
    [Read More]
  6. mach_portal: Improve amfid patch to support fat binaries

    Ian Beer did an incredible work with his iOS 10.1.1 exploit. The mach_portal proof of concept gives you a root shell on iOS 10.1.1. You can read more about it here: https://bugs.chromium.org/p/project-zero/issues/detail?id=965 While playing with it, I discovered that the amfid patch was only supporting thin arm64 binaries. I did not find a fix online so here is my solution. amfid patch In this PoC amfid is patched to allow any signatures and entitlements.
    [Read More]
  7. Testing if an arbitrary pointer is a valid Objective-C object

    Let’s say you pick a random pointer. Can we know if it points to a valid Objective-C object? Of course without crashing… Well there is no simple solution. In this post I give a solution for 64-bit architectures. The code provided has only been tested on macOS 10.12.1 and iOS 10.1.1 with the modern Objective-C runtime. There is not much documentation available on this subject. There is one article written in 2010 by Matt Gallagher but the content is outdated and not working properly anymore.
    [Read More]
  8. Apple’s use of Swift in iOS 10.1 and macOS 10.12

    Swift has been announced at the WWDC 2014, more than 2 years ago. Most of the sample code projects from Apple are now written in Swift. But does Apple use Swift in iOS 10.1 and macOS 10.12.1? How to detect if a binary is using Swift? A naïve approach would be to check if an app contains the Swift libraries in its Frameworks folder: libswiftCore.dylib, libswiftFoundation.dylib, … Here is the content of the Frameworks folder of the MRT.
    [Read More]
  9. Analysis of the Facebook.app for iOS

    Did you ever wonder why the Facebook.app for iOS is such a big download? This post tries to give some answers. The version 66.0 (released on 7 October 2016) was analyzed on an iPad Air 2 (64-bit). Here is what you see when downloading Facebook on an iPad Air 2: App content A scan of the content of the Facebook app using GrandPerspective gives already a good overview:
    [Read More]
  10. Accessing the Temperature Unit setting in iOS 10

    In iOS 10 Apple added a new dedicated setting for Temperature Unit in the Settings.app under General > Language & Region > Temperature Unit . It lets you switch your preferred unit between Fahrenheit and Celsius: Sadly Apple did not provide a public API for third party apps. Here is how you can access this preference in your app: You first need to expose the NSLocaleTemperatureUnit NSLocaleKey: FOUNDATION_EXPORT NSLocaleKey const NSLocaleTemperatureUnit; You can now print the temperature unit.
    [Read More]