iOS for Security Engineers Intermediate - 5 days
Description
iOS is one of the most popular operating systems on the market, offering a state-of-the-art security model. During this training, participants will discuss the ecosystem and the fundamental building blocks of the iOS operating system. They will discover how to use the macOS compilation chain to deploy a program, then debugging and diagnostic tools.
The fundamentals of reverse-engineering applications and system services will be covered in a second step: the internals of Objective-C, the IPC mechanisms (mach, XPC, NSXPC) and the kernel APIs. Practical examples and exercises will guide participants throughout the training. Finally, software and hardware security measures specific to iOS will be covered, both in the kernel and user space.
-
5 days (35 hours)
-
18h theoretical courses / 17h practical labs
Public and prerequisites
iOS for Security Engineers is an intermediate level training course designed for security engineers wishing to carry out research on this system.
-
Pentesters
-
iOS developers
-
Security engineer
Good knowledge of C development and basics in reverse engineering are recommended. An IDA Pro license with the Hex-Rays decompiler for ARM64 is a plus.
Content
Day 1
Introduction: presentation of the working environment, development on Apple platforms (iOS and macOS), use of diagnostic tools, introduction to the Apple ecosystem.
Day 2
Introduction to reverse engineering on Apple platforms: update extraction, important file formats and tools, discovery and experimentation with the inner workings of Objective-C, introduction to the XNU kernel.
Day 3
Mach mechanisms: explanations and exercises around the XNU IPC API, presentation and exercises on the implementation of the Mach API for interaction with kernel objects, use of Frida to instrument services.
Day 4
Reverse-engineering of Mach services: theory and practical exercises around XPC and NSXPC, the abstractions used for inter-process communications. Overview of the use of signed pointers on Apple platforms.
Day 5
XNU security: presentation of the MACF framework, explanations of how AMFI works and isolation policies (sandbox), description of XNU defense-in-depth mechanisms, hardware security countermeasures in the kernel, mitigations of kernel vulnerabilities. Case study on diagnostic data upload.