To look at a system fault as a bug or vulnerability depends on the assessor's attitude.
This chapter will give you a step-by-step guide to analyzing, attacking, and reverse engineering iOS apps in general. We will take what we have already set up with LLDB, oTool, Hopper, and class-dump-z into a trifecta for simple reverse engineering tasks. We will walk through how to use tools in order to instrument potentially sensitive and vulnerable API calls. We will also look at how to exploit the lack of binary protections with Cycript and Snoop-IT. Finally, the chapter will cover some obscure tasks, such as performing heap dumps with debuggers in order to recover sensitive items such as passwords and API keys from memory and also learn how to attack iOS IPC mechanisms. You should walk away with the following learning:
Using LLDB and tracing Objective-C messages remotely for a target app
Leveraging oTool, Cycript, Hooper, and class-dump-z to...