The basis for the stability of any operating system is sharing access to important files, in which way to hide the computer robot, or simply “protect yourself from the fool.” Mac OS X, like all other *nix systems, protects implementations through access rights, groups and object owners. You can read about all the prices in the Mac OS X Terminal, and today’s talk is not so much about the protection as it is about the methods of doing it.

What is needed? It’s early or late, and any moneymaker Mac is faced with the need to adjust the system and other programs. Well, the leaders of hackintoshes are faced with this need every day. How can you bypass the tricky system of assigning access rights, so that you can change everything in the system for good measure?

The standard format for setting up Mac OS X and programs for it is PLIST. This is the primary text file that can be opened in the TextEdit text editor. Now you know that you have opened such a file, made all the necessary changes, and now you want to save it. Alas, that was not the case! Give me this mercy:

You only have one option - save the file here. Alas, this is a really rotten option. First of all, you will then not be able to copy the entire file to your output folder. The system simply will not allow you to overwrite the existing file (and that is why). Well, if you delete an old file and then copy the same folder as an edited copy, it will be copied, otherwise access rights will be violated. And this will threaten you with the most mysterious and indestructible glitches.

Therefore, we will look at a number of other options.

1) Editing via Terminal

The terminal provides the user with the ability to sign actions under the name of the root administrator. This means that you will have the most powerful computer file. We trust that there is no sense to press you about the insecurity of the visibility of such power;)

The Terminal itself has a number of editing features, such as commands nano and vi. It’s easier to get around with them quickly. From now on you will need to gain root administrator rights. Enter the command:

Then blindly enter the password and press Enter.

Now it’s enough to send:

nano way to the file

For example:

nano /Library/Preferences/SystemConfiguration/com.apple.Boot.plist

Or you can enter nano and a space, and then drag the file you want to edit to the Terminal window. Avoid pressing the Enter key. Working with a team works like this.

If you edit a file in this mode, you won’t be happy with it. Judge for yourself: no information is transferred to the mouse here, and you will have to move the cursor from the keyboard.

To exit nano, close Terminal or press Ctrl+X on your keyboard.

2) Launch a text editor with administrator rights

The other way is more elegant. You can use native Mac OS X programs to edit text, but not run as administrator. There is no fault with this type of cessation of access rights.

Launch the terminal, enter sudo -s that password. Then it will be necessary to introduce a bulky construction like:

/Applications/TextEdit.app/Contents/MacOS/TextEdit

Please note: through the Terminal you need to launch not the program itself (the file TextEdit.app), but the binary, located in the middle of the program, in a subfolder Contents/MacOS.

As a result, TextEdit can miraculously work with any files, just until the program is closed for the first time.

3) Third-party specialized programs

We cannot but recommend the text editor. This is a version of TextMate, which was developed by the programmer department, but will be useful for every Mac (and even more so for Hackintoshes). Up to your services - first formatting of text, work with various codes and smut - support for work with stolen files without additional fraud at the Terminals.

When saving a stolen file, TextMate prompts you to enter a password, and saves all changes without any problems.

However, the price is clearly not a good idea for TextMate. After the end of the 30-day trial, I will ask you 39 euros. Retailers are justified, pointing out the impersonality of the installed modules from the processing of various scripts and our programming:

Do you still notice the stench of the cross-country koristuvache? If the price doesn't bother you, you can get TextMate for a lower price.

Some iOS programs check the version of the operating system on the device. Recently, while testing some programs, I came across a similar error. Since the iOS version was lower than 7.1, the program was not installed, and the error was fixed.

This article will be reviewed by the following:

• Changing the iOS version in the SystemVersion.plist file.
• Changing the version of a plist file located in the software package.
• Useful iOS-ssl-Kill switch utility to bypass certificate validation.

Changing the iOS version of the SystemVersion.plist file

The iOS version can be changed (on a jailbroken device) in two simple steps by changing the specific value in the SystemVersion.plist file:

1. Connect to the jailbreak device using the SSH protocol (or vikorist ifile, available from Cydia) for viewing instead of the system directory.
2. You can change the "ProductVersion" value in the file "/System/Library/CoreServices/SystemVersion.plist".

Malyunok 1: Instead of the SystemVersion.plist file

This trick allows you to change the values ​​that appear in the "Settings/General/about" section. However, the method is only useful for additions such as checking the version of the SystemVersion.plist file. If after changing the version of the program it still seems to work, try another method.

Changing the version of a plist file located in the software package

Another method that allows you to change the version consists of three simple steps:

1. We rename the ipa file to .zip and unpack the archives.
2. You can change the "minimum iOS version" value in the info.plist file, which is located in the \Payload\appname.app folder.
3. We pack the archives and rename them back to IPA. [ Note: some programs check the "minimum iOS version" values ​​in other plist files included in the package].

Malyunok 2: Instead of the info.plist file

After changing plist files, the package signature is broken. To resolve this problem, you must register the IPA with the additional utility with this statistic.

Some programs check the iOS version during installation. If a user installs a program using iTunes or xcode, vikoryst or IPA, the version of iOS running on the device is checked, and if the version is lower, it is necessary to fix it.

Figure 3: Trouble that occurs when installing programs via xcode

A similar verification also costs a bunch of money:

1. We rename the .ipa file to .zip and the .app folder.
2. We copy the .app folder to where the iOS program is installed (/root/application) using any SFTP client (for example, WinSCP).
3. We connect to the device via SSH, go to the folder where IPA is installed, and then set the launch rights for the .app folder (chmod -R 755 or chmod -R 777). An alternative way is to right-click on folder.app in WinSCP and change the directory permissions by setting the permissions.
4. After restarting the iOS device, the program will be successfully installed.

Malyunok 4: Establishing new rights for the directory

Bypassing certificate validation

Some programs verify the certificate to proxify traffic using an additional utility on the Burp installation. Provide the program's binary file with a tightly-wired client certificate. The server verifies this certificate, and if the validation fails soon, the error occurs. The report about this can be read in my other article, co-authored by Steve Kern.

Sometimes it is important to remove the certificate from the program and install it as a proxy. An alternative is to use the ios-ssl-kill-switch utility. ios-ssl-kill-switch goes to the Secure Transport API (lowest level) and turns on certificate verification. Most of the revisions are based on NSURLConnection in general. More details can be found.

Verification of the certificate costs a lot of money:

1. Install the kill-ssl-switch utility.
2. All stale packages may be installed behind.
3. You can restart the device or restart the SpringBoard using the advanced command "killall-HUP SpringBoard".
4. We install the Disable Certificate Validation option in the “Settings/SSL Kill Switch” section.
5. We restart the program, after which the traffic must be transferred successfully.

Certificate pinning involves the process of linking to the API, which completes the certificate's validation and permanently verifies the “truth” during the verification process. The MobilesSubstrate framework is ideal for this task. There are a number of other useful utilities for enabling binding, such as Trustme and Snoop-it.

Figure 5: Certificate verification procedure in SSL Kill Switch

Why are you too lazy to rummage around in the store? Cydia, and find the required answers, then it is certain that you can solve your problem by simply changing the settings files iPhone.

About little tweaks iOS, how you can create your own skin for Jailbreak, here and below. Everything described below has been verified on iOS 5.

What do we need:

iPhone or iPad with an open file system (split by Jailbreak)

iFile program (can be purchased from the Cydia Store)
Vlasna, nothing more, the Plist editor has already been added to iFile.

Change files Plist- the evil is the same, which can be used to create the skin of the Jailbreak.

1. Turn on the panoramic camera in the iPhone

For whom you need to go to the folder

open the file com.apple.mobileslideshow.plist.

200?"200px":""+(this.scrollHeight+5)+"px");"> DiskSpaceWasLow

Add after:

200?"200px":""+(this.scrollHeight+5)+"px");"> EnableFirebreak

The test function should be enabled when the camera is initially configured. The scope of the resulting panorama is also not very clear, unless you need a panorama on the iPhone without installing third-party programs, then this tweak is for you.

2. Enable the selected text auto-correction panel

Idemo to the same folder
var/mobile/Library/Preferences/
and open the file com.apple.keyboard.plist And we add this row:

200?"200px":""+(this.scrollHeight+5)+"px");"> KeyboardAutocorrectionListsYES

If you can’t find out the file in any important way, try searching in
Library/Preferences/.

3. Screensaver on iPad and iPhone

Some stores have a branded screensaver on their iDevices. If you don't care about the battery, there is a special setup for its installation.
Go to the folder:
/var/stash/Applications/DemoApp/
You can edit the Info.plist file.
Let's change it to the code:

200?"200px":""+(this.scrollHeight+5)+"px");"> SBAppTags
hidden

key hidden on the key visible.

Now we place the file with the Demo.mov screensaver in the folder
var/mobile/

After ReSpring, everything can be earned.

4. Enable Cydia's multitasking support

Everyone knows that they can only switch to another program, Cydia, modestly seeming to forget everything. There is a solution for this problem. For this we go to:
/var/stash/Applications/Cydia.app/
editable for file Info.plist rows:

200?"200px":""+(this.scrollHeight+5)+"px");"> UIApplicationExitsOnSuspend

changing the key true to false. Re-arrange the device and voila, Cydia will remember your remaining position in the menu.

5. Increased buffering for 720p videos in the standard YouTube add-on

We open the next file:
/System/Library/CoreServices/SpringBoard.app/N81AP.plist
Changeable

200?"200px":""+(this.scrollHeight+5)+"px");"> 720p

on

200?"200px":""+(this.scrollHeight+5)+"px");"> 720p

and re-engineer iPhone, iPad.

6. Change the text on the lock screen

Regardless of the fact that there is such a setting in Springtomize, you don’t want to put any tweets, so we go to iFile and opens:

System/library/CoreServices/SpringBoard.app/English.lproj/SpringBoard.strings
You can edit the offensive key:

"AWAY_LOCK_LABEL" = "slide to unlock"

7. Get continuous support for Wi-Fi connection

Sometimes a bug occurs, causing the battery to discharge quickly, iPad or else iPhone I'll be in a dream. This is indicated through the fact that it always shows the connection status before the cutoff. If you are faced with such a problem, you need to work in such a way that the iPhone does not constantly lose its balance - that is, adjusting it.

Let's go to:
/System/Library/LaunchDaemons/
and renamed com.apple.apsd.plist V com.apple.apsd.plist%, we re-arrange the device.

So, the treated substances can create skin without any complications. For this purpose, simply create a backup copy of your iPhone, iPad, then you can change it with the iBackupBot program, after which you need to update your iOS device with the backup.

And that’s not all, the leaf will be admired for discovering new tweets. Subscribe and set your nutrition lower, apparently.

If you don’t know the answer to your question, or it didn’t work out for you, and there is no obvious solution in the comments below, ask through ours. It’s simple, simple, and doesn’t require registration. You will find references to your other foods in the section.

Join us

You did a good job, and your program is in the App Store!

• Save your business records?
• Are you making future purchases?
• Don’t you want to show off your know-how?

Let us think about the security of your code and data! We are interested in pouring into the test supplement. In this article we’ll talk about data security, and in the future we’ll move on to the code.

Disclaimer

The lesson here is not to make you a hacker, but to show how evil people can fool you. The article is missing some information that is necessary for any real application on the device. Tormenting simulator (before speech, it’s not legal ).

Disclaimer due to translation: a lot of “leading” has been removed from the original text and sent to Hollywood (and so on). Low key explanations have been added.

Otje

Any program is not safe! If you really want to know your weaknesses, then you will find them. There is no guaranteed way to avoid attacks. Please don't let the extra money go. There are amazing ways to get past hackers. (According to the author’s opinion, he’s getting tired, and the stink will go to sleep and look for a light video, yeah). Note Prov.)

Let's get started

We need:
1. Utility class-dump-z;
2. Proxies for improvement along the way, for example Charles (the trial version comes with annoying notifications and charges a maximum of 30 benefits per session). In the comments before the release of the article, please provide an alternative to Charles-Burpsuite.

If you are creative in the process, I will walk you through the script. Reveal: a new program for iPad has been released - “Meme Collector”. Everyone deserves it. They whispered in your ear that the purchases were going to extract a significant amount of pennies from you.

Zagalom Vi decided to remove paid content (memi) without costs. There are a few straight lines where you can fall, and let’s talk about them – and about common methods of protection.

A little forgiveness

After the end of this lesson, we initially allowed some forgiveness in the test project. For example, “purchasing” game currency is not a regular in-app purchase, but a fake request to StoreKit (everything is downloaded locally on the device).

What's up to what? "Map" program (application mapping)

Let's take a look at the program from the height of the bird's flight! Why should one be timid at the sight of a koristuvach? What is its basic structure?

Key linking “raises the stakes” for a hacker. The criminals will not be able to steal anything if the device is blocked.

Tim is no less, I can’t rely on just one keychain! I axis why. Keychaining is supported by Apple. (Well, you’ve already figured it all out, right?) The information in it is encrypted with the accountant’s password, which is simply a 4-digit digital code. This means that a brute force attack will take twenty minutes. Once you know the password, it’s easy to squeeze the entire keychain.

• Encrypt your data! Key linking is safe, but it is a priority for hackers, so they break in the first place. (We don’t say anything about jailbroken devices - there are utilities for them that can be shown instead of Key Rings.) Make life easier for hackers, no matter how much: encrypt data with help CommonCrypto API, which is included in the stock of the standard Security Framework (butt).
• Do not write the encryption key to the program. A long row in the data section is of potential interest to a hacker. And I said: if the registration key is closed in the addendum, the evildoer can put him in the middle, compromising the data of all the personal programs! Easily generate a unique encryption key on your device.
• Control the code! Specifically, be aware of the possibility of a hacker vikorizing your code for their own purposes. Your encryption/decryption method can be the best solution. Otherwise, hackers will take the host and use your decryption method to get your encrypted data. You will learn this from another part of this tutorial (coming post).
• What exactly needs to be saved? If an attacker can prank, modify and destroy your binaries, just ask yourself: is this information really needed to be saved on your device?

Merezha: testing for penetration

Hackers also like to protect themselves as an additional means of interaction with the network. The best way to find out if the robot is running on the device is to search for URLs in the binary.

While in the folder of the bundle (Meme Collector.app), type at the terminal:

Strings "Meme Collector"
Stay, where are the shoes! The strings command goes through the binary sections and displays all data elements in similar rows. Filters out noise:

Strings "Meme Collector" | grep http
Oh, well, axis, one row:

Http://version1.api.memegenerator.net/Generator_Select_ByUrlNameOrGeneratorID
It seems that at any moment the add-on will go to the meme generator at this URL. As a hacker, you would like to investigate the right side of the network traffic of programs. Why do we need a border monitor that will scan all the input and output records?

Charles, fortune-telling on the cob of statistics is a great option for such investigation. Vantage yogo, since they haven’t given it away yet. Install and run.

Please note that Charles can catch interconnections with the iOS simulator (by launching “Maps”, or in Safari by typing the URL). You will learn how to overcome the border drinking at Charles. If something is missing, check the menu Proxy > Mac OS X Proxy the checkbox is checked.

Before speaking, Charles miraculously handles SSL traffic.

We won’t bother because we didn’t bother with the HTTPS URLs at the output of the strings command. This shortcut will be required for other programs that may use HTTPS. On the menu Proxy > Proxy Settings… > SSL It is necessary to turn off the SSL proxy and add the domain in order to intercept (and decrypt) HTTPS traffic. While you're at it, SSL looks something like this:

When done, Charles restart Meme Collector. After launching, you must do three searches to version1.api.memegenerator.net by clicking on the url (div. below). Three queries are opened, which are divided into GET parameters. For example, the first one has one GET parameter: urlName = Foul-Bachelor-Frog - this can be seen in the Request tab.

Select the Response tab at the bottom of JSON. The server message, decrypted from JSON, is presented in the form of a sign:

There are a lot of rows here in terms of “key-value”: title (displayName), description (description), image URL (imageUrl) - title, song information for this type of meme “Four Bachelor Frog” with GET parameter.

Similar to the ones we got from the supplement, right? The other two pictures were less fortunate, they were never received from the server (Charles informs about the price in the Overview tab) and did not appear in the supplement.

And I’m not crying, so that I can drink pictures!

When you restart the images, they may be taken from the simulator cache, Charles does not know. Clear cache and restart the program.

Rm -R Library/Caches/

Also, with great popularity, we are working hard: the add-on takes the meme from this API and presents them in the form of paid content. How can you try changing the URL to add some new content, in addition to these three memes? It does not seem that there is a reversal here, since in fact the program removes from the server those that have been found in the retailer!

Have you already come up with three memes? Let’s try what we can modify and buy something new, let’s say, Success Kid.

Select from the Charles menu: Tools > Rewrite. This function allows you to edit input/output records and modify them according to the rules you set. Uncheck the box Enable Rewrite. The rules are grouped under “sets”. Under the Sets list, click Add adding a new set of rules. For the sake of convenience, rename (Name). We created a set of rules, but it is still empty. Let's add a rule - in the division Rulesє button Add press it.

The Rewrite Rule window has opened. Change Type to “Modify Query Param” and fill in two fields:

• Match > Name: urlName
• Replace > Value: success-kid

Press the OK, OK button. Restart the program... Success! We can purchase content that was previously unavailable.

Tsikavo: for this new meme a specific price is indicated. Stars? The program is small and may mean that it comes from the JSON output.

Open the Response tab and look at the JSON that the server returns. What can you mean by the value of a price?

Try to find the JSON keys, which can indicate the authenticity of the meme in addition. Mozhlivo, tse generatorID, totalVotesScore, instancesCount, templatesCount or ranking. What is right for you: to find the key that contributes to the quality of the meme.

To get started, go to Proxy > Breakpoints. Press Enable Breakpoints and press Add, to add a new point. Open the Edit breakpoint window and enter the following data:

• Protocol: http
• Host: version1.api.memegenerator.net
• Response option enabled

Now restart the program. As soon as we receive a message from the server, a breakpoint will appear. When this happens, click on the Edit Response tab and select JSON at the bottom:

Here you can manually modify the JSON output as it enters the program. Play around with these parameters and try to determine what keys contribute to the price displayed in the program. After changing the JSON output, click Execute to send the output. The program runs three times to the API, so you need to press Execute trichy.

Important: act fast! AFNetworking timeout is 30 seconds. If you have skipped the line, but have not managed to make changes, AFNetworking will reset the timeout of the request and display the appropriate code analyzer (which will not do anything for you). When it's time for you, restart the program and try again.

What's next?

You have discovered the hacker's abilities and created the simplest penetration tests on the file system application and the interconnection between specific programs. You can simply plist and can now modify the server types.

It is possible, with knowledge, to improve the security of your iOS app... a little. In the next part, we are deeply buried in the programs, whose functionality can be changed! In the meantime, if you wait until I post the translation (before this Friday), you can try a lot on the topic of saving data from the appendix:

Respect for the transfer or non-working butts can be sent to the post office dev @ x128.ru.

- Extension (format) – these are the symbols of the file after the remaining dot.
- The computer determines the file type based on its extension.
- Windows does not show extended file name extensions.
- The file name extension cannot contain any characters.
- Not all formats share the same programs.
- Below are all the programs, for help you can open the PLIST file.

There are already a lot of programs on the Internet that allow you to edit the output code of other programs, files, etc. However, most of these programs are nothing more than a text editor on the notepad desktop. The stench of the highly designated editor is evident in addition to the fact that syntax may be emphasized. However, in some cases such functionality appears to be lacking in the program. The program needs to quickly find the different parts of the document. And finally, a program has appeared that allows you to solve this problem. The program is called SynWrite. Its remarkable feature is the visibility of the navigation panel made of wood, which is used for...