Timac

  1. Swift: Banning force unwrapping optionals

    In this article, I discuss the dangers of force unwrapping and how to avoid forced unwraps.
    [Read More]
  2. Facebook.app for iOS [v. 88.0] cleans up duplicates

    This post follows up the Analysis of the Facebook.app for iOS [v. 87.0].
    [Read More]
  3. Analysis of the Facebook.app for iOS [v. 87.0]

    In this article, I analyze the version 87.0 of the Facebook.app for iOS.
    [Read More]
  4. Deobfuscating libMobileGestalt keys

    /usr/lib/libMobileGestalt.dylib is a private library which provides an API to retrieve the capabilities of the iOS device, as well as some runtime information: system version, build version, device type, current status of the airplane mode, …
    [Read More]
  5. mach_portal: Improve amfid patch to support fat binaries

    Ian Beer did an incredible work with his iOS 10.1.1 exploit. The mach_portal proof of concept gives you a root shell on iOS 10.1.1. You can read more about it here: https://bugs.chromium.org/p/project-zero/issues/detail?id=965 While playing with it, I discovered that the amfid patch was only supporting thin arm64 binaries. I did not find a fix online so here is my solution.
    [Read More]
  6. Testing if an arbitrary pointer is a valid Objective-C object

    Let’s say you pick a random pointer. Can we know if it points to a valid Objective-C object? Of course without crashing… Well there is no simple solution. In this post I give a solution for 64-bit architectures. The code provided has only been tested on macOS 10.12.1 and iOS 10.1.1 with the modern Objective-C runtime.
    [Read More]
  7. Apple’s use of Swift in iOS 10.1 and macOS 10.12

    Swift has been announced at the WWDC 2014, more than 2 years ago. Most of the sample code projects from Apple are now written in Swift. But does Apple use Swift in iOS 10.1 and macOS 10.12.1?
    [Read More]
  8. Analysis of the Facebook.app for iOS

    Did you ever wonder why the Facebook.app for iOS is such a big download? This post tries to give some answers. The version 66.0 (released on 7 October 2016) was analyzed on an iPad Air 2 (64-bit).
    [Read More]
  9. Accessing the Temperature Unit setting in iOS 10

    In iOS 10 Apple added a new dedicated setting for Temperature Unit in the Settings.app under General > Language & Region > Temperature Unit . It lets you switch your preferred unit between Fahrenheit and Celsius:
    [Read More]
  10. Dump decrypted mach-o apps

    In a previous post CryptedHelloWorld: App with encrypted mach-o sections, I created a simple macOS app CryptedHelloWorld with its (__TEXT, __text) section encrypted. The section is decrypted by a constructor function. This post explains how to dump the decrypted app. A common way is to attach the app with a debugger (GDB, LLDB) and manually dump the decrypted memory to disk.
    [Read More]