#iOS

  1. mach_portal: Improve amfid patch to support fat binaries

    Ian Beer did an incredible work with his iOS 10.1.1 exploit. The mach_portal proof of concept gives you a root shell on iOS 10.1.1. You can read more about it here: https://bugs.chromium.org/p/project-zero/issues/detail?id=965 While playing with it, I discovered that the amfid patch was only supporting thin arm64 binaries. I did not find a fix online so here is my solution.
    [Read More]
  2. Testing if an arbitrary pointer is a valid Objective-C object

    Let’s say you pick a random pointer. Can we know if it points to a valid Objective-C object? Of course without crashing… Well there is no simple solution. In this post I give a solution for 64-bit architectures. The code provided has only been tested on macOS 10.12.1 and iOS 10.1.1 with the modern Objective-C runtime.
    [Read More]
  3. Apple’s use of Swift in iOS 10.1 and macOS 10.12

    Swift has been announced at the WWDC 2014, more than 2 years ago. Most of the sample code projects from Apple are now written in Swift. But does Apple use Swift in iOS 10.1 and macOS 10.12.1?
    [Read More]
  4. Analysis of the Facebook.app for iOS

    Did you ever wonder why the Facebook.app for iOS is such a big download? This post tries to give some answers. The version 66.0 (released on 7 October 2016) was analyzed on an iPad Air 2 (64-bit).
    [Read More]
  5. Accessing the Temperature Unit setting in iOS 10

    In iOS 10 Apple added a new dedicated setting for Temperature Unit in the Settings.app under General > Language & Region > Temperature Unit . It lets you switch your preferred unit between Fahrenheit and Celsius:
    [Read More]
  6. Blowfish operations with key size longer than 448 bits in macOS 10.11.5 / iOS 9.3.2

    Until macOS 10.11.4 and iOS 9.3.1 CommonCrypto/corecrypto supported Blowfish operations with key sizes longer than 448 bits. Starting with macOS 10.11.5 and iOS 9.3.2 this is no longer the case: the minimum and maximum key sizes are now enforced (respectively kCCKeySizeMinBlowfish 8 bytes and kCCKeySizeMaxBlowfish 56 bytes).
    [Read More]
  7. State Preservation and Restoration Debug Logs

    The State Preservation and Restoration system is well documented here: Preserving Your App’s Visual Appearance Across Launches. But what is not well known is that there is a secret preference to enable debug logs.
    [Read More]
  8. Identifying the type of build (Build, Archive) at compile time in Xcode

    Let’s say you want to have a different behavior in your app depending on whether you build it in Xcode or you perform an Archive. And you want this behavior to be done at compile time. Note that the use of different configurations is not what is wanted.
    [Read More]
  9. Checking if Reduced Motion is enabled on iOS 7

    Apple introduced in iOS 7.0.3 a setting to reduce motion ( http://support.apple.com/kb/HT5595 ) : Settings -> General -> Accessibility -> Reduce Motion Sadly there is no public API to know if the user enabled “Reduce motion”.
    [Read More]
  10. Detecting the iOS device hardware architecture (32-bit/64-bit)

    In a previous post I explained how to detect if an app runs in a 32-bit or 64-bit iOS Simulator. It was not explaining how to detect if an iOS app runs on a 32-bit or 64-bit iOS device. This post aims at giving a generic method that can detect all cases:
    [Read More]