Timac
RSS Mastodon LinkedIn GitHub

    #IOS

    1. Deobfuscated libMobileGestalt keys (iOS 12)

      libMobileGestalt is a private library in iOS that describes the capabilities of the device: system version, build version, device type, device features, status of the airplane mode, … Apple obfuscates this information which makes it hard to know the capabilities of the device. In January 2017, I presented a method for Deobfuscating libMobileGestalt keys. At that time there were 673 known obfuscated keys and I managed to recover 564 out of the 673 keys (83%). Since this previous article, Apple has released 2 major iOS versions, and new obfuscated keys have been added. In this post I quickly recap what is libMobileGestalt and provide the updated list of recovered keys.
      [Read More]

    2. QuickLook plugin to visualize .car files (compiled Asset Catalogs)

      In a previous article, I reverse-engineered the .car file format used to store the compiled assets of an Asset Catalog. I also demonstrated how to create a tool to manually parse such files. While this tool can extract a lot of information, it is cumbersome to use if you want to quickly see all the assets contained in a car file.
      [Read More]

    3. Reverse engineering the .car file format (compiled Asset Catalogs)

      An Asset Catalog is an important piece of any iOS, tvOS, watchOS and macOS application. It lets you organize and manage the different assets used by an app, such as images, sprites, textures, ARKit resources, colors and data.
      [Read More]

    4. Apple’s use of Swift in iOS 12

      Two years ago I measured Apple’s use of Swift in iOS 10.1 and last year I counted how many applications were using Swift in iOS 11.1. This year I’m analyzing iOS 12, released by Apple this month.
      [Read More]

    5. Apple’s use of Swift in iOS 11.1 and macOS 10.13.1

      A year ago I analyzed how many built-in apps in iOS 10.1 and macOS 10.12 were using Swift: Apple’s use of Swift in iOS 10.1 and macOS 10.12. How many built-in apps are using Swift in iOS 11.1 and macOS 10.13.1? Let’s find it out!
      [Read More]

    6. Swift: Banning force unwrapping optionals

      In this article, I discuss the dangers of force unwrapping and how to avoid forced unwraps.
      [Read More]

    7. Facebook.app for iOS [v. 88.0] cleans up duplicates

      This post follows up the Analysis of the Facebook.app for iOS [v. 87.0].
      [Read More]

    8. Analysis of the Facebook.app for iOS [v. 87.0]

      In this article, I analyze the version 87.0 of the Facebook.app for iOS.
      [Read More]

    9. Deobfuscating libMobileGestalt keys

      /usr/lib/libMobileGestalt.dylib is a private library which provides an API to retrieve the capabilities of the iOS device, as well as some runtime information: system version, build version, device type, current status of the airplane mode, …
      [Read More]

    10. mach_portal: Improve amfid patch to support fat binaries

      Ian Beer did an incredible work with his iOS 10.1.1 exploit. The mach_portal proof of concept gives you a root shell on iOS 10.1.1. You can read more about it here: https://bugs.chromium.org/p/project-zero/issues/detail?id=965 While playing with it, I discovered that the amfid patch was only supporting thin arm64 binaries. I did not find a fix online so here is my solution.
      [Read More]