IOS/macOS安全相关资料的收集
Posted tangsilian
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了IOS/macOS安全相关资料的收集相关的知识,希望对你有一定的参考价值。
• [PDF] https://objectivebythesea.com/v2/talks/OBTS_v2_Beer.pdf:
https://objectivebythesea.com/v2/talks/OBTS_v2_Beer.pdf
・ XNU内核如何实现跨进程快速传递大量消息以及其设计缺陷导致的安全问题 – R3dF09
• [macOS] [PDF] https://objectivebythesea.com/v2/talks/OBTS_v2_Henze.pdf:
https://objectivebythesea.com/v2/talks/OBTS_v2_Henze.pdf
・ macOS 10.14.3 越权访问Keychain漏洞 KeySteal 的技术细节 – R3dF09
iosHackStudy
官方文档:
https://www.apple.com/business/site/docs/iOS_Security_Guide.pdf
OSX/IOS Exploit分析文章
iOS 8.4.1 Yalu Open Source Jailbreak Project: https://github.com/kpwn/yalu
OS-X-10.11.6-Exp-via-PEGASUS: https://github.com/zhengmin1989/OS-X-10.11.6-Exp-via-PEGASUS
iOS 9.3.* Trident exp: https://github.com/benjamin-42/Trident
iOS 10.1.1 mach_portal incomplete jailbreak: https://bugs.chromium.org/p/project-zero/issues/detail?id=965#c2
iOS 10.2 jailbreak source code: https://github.com/kpwn/yalu102
Local Privilege Escalation for macOS 10.12.2 and XNU port Feng Shui: https://github.com/zhengmin1989/macOS-10.12.2-Exp-via-mach_voucher
Remotely Compromising iOS via Wi-Fi and Escaping the Sandbox: https://www.youtube.com/watch?v=bP5VP7vLLKo
Pwn2Own 2017 Safari sandbox: https://github.com/maximehip/Safari-iOS10.3.2-macOS-10.12.4-exploit-Bugs
Live kernel introspection on iOS: https://bazad.github.io/2017/09/live-kernel-introspection-ios/
iOS 11.1.2 IOSurfaceRootUserClient double free to tfp0: https://bugs.chromium.org/p/project-zero/issues/detail?id=1417
iOS 11.3.1 MULTIPATH kernel heap overflow to tfp0: https://bugs.chromium.org/p/project-zero/issues/detail?id=1558
iOS 11.3.1 empty_list kernel heap overflow to tfp0: https://bugs.chromium.org/p/project-zero/issues/detail?id=1564
CVE-2016-1749
http://turingh.github.io/2016/04/29/CVE-2016-1749内核代码执行POC分析/
CVE-2016-1757
http://googleprojectzero.blogspot.com/2016/03/race-you-to-kernel.html
https://github.com/gdbinit/mach_race
CVE-2016-1824
http://marcograss.github.io/security/apple/cve/2016/05/16/cve-2016-1824-apple-iohidfamily-racecondition.html
IOS越狱中使用到的漏洞列表
https://github.com/ChiChou/sploits
CVE-2019-6207
https://github.com/Synacktiv-contrib/CVE-2018-4193
CVE-2019-6207
https://github.com/maldiohead/CVE-2019-6207
一.Mac OS X内核编程开发官方文档:
I/O Kit Fundamentals: I/O Kit基础 - Mac OS X系统内核编程
Threading Programming Guide:MAC OS X 线程编程指南 - Mac OS X系统内核编程
http://developer.apple.com/library/ios/#documentation/Cocoa/Conceptual/Multithreading/index.html
Kernel Programming Guide:Mac OS内核编程 - Mac OS X系统内核编程
Kernel Extension Programming Topics:Mac OS X内核扩展编程 - Mac OS内核编程
https://developer.apple.com/library/mac/#documentation/Darwin/Conceptual/KEXTConcept/index.html
Daemons and Services Programming Guide: 守护进程和服务编程指南 - Mac OS内核编程
https://developer.apple.com/library/mac/#documentation/MacOSX/Conceptual/BPSystemStartup/index.html
Introduction to 64-Bit Transition Guide:
https://developer.apple.com/library/mac/#documentation/Darwin/Conceptual/64bitPorting/index.html
Technical Note TN2163- Building Universal I/O Kit Drivers:
https://developer.apple.com/library/mac/#technotes/tn2163/_index.html
Technical Note TN2063- Understanding and Debugging Kernel Panics:
https://developer.apple.com/library/mac/#technotes/tn2063/_index.html
Technical Note TN2118- Kernel Core Dumps:
https://developer.apple.com/library/mac/#technotes/tn2004/tn2118.html
理解与调试Mac OS X内核恐慌:
http://www.apple.com.cn/developer/mac/library/documentation/Hardware/Conceptual/tn2002/
在 Mac OS X 内核发生崩溃时,系统会在屏幕上显示一条内核恐慌信息。一旦发生这样的错误,只有通过重新启动才能恢复系统的运行。
二、MAC驱动开发官方文档
Accessing Hardware From Applications: 通过应用程序访问MAC硬件 - Mac OS X系统内核,MAC驱动开发
USB Device Interface Guide:MAC OS X USB设备驱动接口指南 - MAC驱动开发
HID Class Device Interface Guide:MAC OS X人机界面设备接口指南 - MAC驱动开发
https://developer.apple.com/library/mac/#documentation/DeviceDrivers/Conceptual/HID/index.html
I/O Kit Device Driver Design Guidelines:I/O Kit设备驱动设计指南 - Mac OS X系统内核,MAC驱动开发
Mac OS X 上 USB 驱动程序的匹配技巧
MAC OS X USB 驱动程序匹配原则基于 USB 通用类规范 。
三.Mac OS X系统内核,MAC驱动官方开源代码:
MAC OS X苹果开源项目源码下载地址: http://opensource.apple.com/tarballs/
里面有非常多的MAC OS X开源项目,本人经常使用的有以下资源:
http://opensource.apple.com/tarballs/AppleUSBCDCDriver/
http://opensource.apple.com/tarballs/IOUSBFamily/
http://opensource.apple.com/tarballs/IOSerialFamily/
http://opensource.apple.com/tarballs/IONetworkingFamily/
四. Mac OS X系统内核,MAC驱动调试工具:
本人主要使用的就是Kernel Debug Kit,可以点以下链接,搜索Kernel Debug Kit即可。
(需要Apple Developer帐号,免费注册一个即可。)
https://developer.apple.com/downloads/index.action
IOS安全学习资料汇总
(1) IOS安全学习网站收集:
http://samdmarshall.com
https://www.exploit-db.com
https://reverse.put.as
http://highaltitudehacks.com/security/
http://www.dllhook.com/
http://www.securitylearn.net/archives/
http://securitycompass.github.io/iPhoneLabs/index.html
http://security.ios-wiki.com
http://www.opensecuritytraining.info/IntroARM.html
https://truesecdev.wordpress.com/
http://resources.infosecinstitute.com/ios-application-security-part-1-setting-up-a-mobile-pentesting-platform/
http://esoftmobile.com/2014/02/14/ios-security/
http://bbs.iosre.com
http://bbs.chinapyg.com
http://blog.pangu.io/
http://yonsm.net/
http://nianxi.net/
http://cocoahuke.com/
https://blog.0xbbc.com
http://blog.imaou.com/
https://github.com/pandazheng/iOSAppReverseEngineering
http://drops.wooyun.org
http://bbs.pediy.com
http://www.blogfshare.com/
https://github.com/michalmalik/osx-re-101
http://blog.qwertyoruiop.com/
https://github.com/secmobi/wiki.secmobi.com
http://contagioexchange.blogspot.com/
http://contagiominidump.blogspot.com/
https://github.com/secmobi
https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab=Guide_Development_Project
http://blog.dornea.nu/2014/10/29/howto-ios-apps-static-analysis/
http://www.dllhook.com/post/58.html
http://thexploit.com/category/secdev/
https://github.com/secmobi/wiki.secmobi.com
https://github.com/mdsecresearch
http://sectools.org/tag/os-x/
http://googleprojectzero.blogspot.com/
http://googleprojectzero.blogspot.com/2014/10/more-mac-os-x-and-iphone-sandbox.html
http://www.macexploit.com/
https://code.google.com/p/google-security-research/issues/list?can=1&q=iOS&sort=-id&colspec=ID Type Status Priority Milestone Owner Summary
https://code.google.com/p/google-security-research/issues/list?can=1&q=OSX&sort=-id&colspec=ID+Type+Status+Priority+Milestone+Owner+Summary&cells=tiles
http://googleprojectzero.blogspot.com/2014/11/pwn4fun-spring-2014-safari-part-ii.html
https://www.blackhat.com/docs/us-15/materials/us-15-Lei-Optimized-Fuzzing-IOKit-In-iOS-wp.pdf
https://www.youtube.com/watch?v=rxUgw5bEG3Y
https://www.theiphonewiki.com/wiki/Firmware
http://www.trustedbsd.org/mac.html
http://googleprojectzero.blogspot.com/2014/10/more-mac-os-x-and-iphone-sandbox.html
https://code.google.com/p/google-security-research/issues/list?can=1&q=OSX&sort=-id&colspec=ID+Type+Status+Priority+Milestone+Owner+Summary&cells=tiles
https://support.apple.com/zh-cn/HT205731
https://www.apple.com/support/security/
http://opensource.apple.com/tarballs/
https://mobile-security.zeef.com/oguzhan.topgu
http://www.powerofcommunity.net
http://cn.0day.today/exploits
https://recon.cx/2016/training/trainingios-osx.html
https://www.exploit-db.com/osx-rop-exploits-evocam-case-study/
https://www.offensive-security.com/vulndev/evocam-remote-buffer-overflow-on-osx/
https://www.yumpu.com/en/document/view/7010924/ios-kernel-heap-armageddon
http://contagiodump.blogspot.com/
http://www.dllhook.com/post/138.html
http://shell-storm.org/blog/Return-Oriented-Programming-and-ROPgadget-tool/
https://medium.com/@harryworld/100-days-of-osx-development-e61591fcb8c8#.vxyuyse12
http://www.poboke.com/study/reverse
https://www.offensive-security.com/vulndev/evocam-remote-buffer-overflow-on-osx/
https://www.exploit-db.com/osx-rop-exploits-evocam-case-study/
http://phrack.org/issues/69/1.html
https://www.exploit-db.com/docs/28479.pdf
https://speakerdeck.com/milkmix/ios-malware-myth-or-reality
https://bbs.pediy.com/thread-223117.htm
(2) IOS安全优秀博客文章
http://datatheorem.github.io/TrustKit/
http://ho.ax/posts/2012/02/resolving-kernel-symbols/
http://www.securitylearn.net/tag/pentesting-ios-apps/
https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/
https://github.com/secmobi/wiki.secmobi.com
http://bbs.iosre.com/t/debugserver-lldb-gdb/65
http://bbs.pediy.com/showthread.php?t=193859
http://bbs.pediy.com/showthread.php?t=192657&viewgoodnees=1&prefixid=
http://blog.darkrainfall.org/2013/01/os-x-internals/
http://dvlabs.tippingpoint.com/blog/2009/03/06/reverse-engineering-iphone-appstore-binaries
http://drops.wooyun.org/papers/5309
http://www.blogfshare.com/category/ios-secure
https://www.safaribooksonline.com/library/view/hacking-and-securing/9781449325213/ch08s04.html
http://soundly.me/osx-injection-override-tutorial-hello-world/
https://nadavrub.wordpress.com/2015/07/23/injecting-code-to-an-ios-appstore-app/
http://blog.dewhurstsecurity.com/
https://github.com/project-imas
https://github.com/iSECPartners
https://www.nowsecure.com/blog/
http://lightbulbone.com/
http://www.tanhao.me/pieces/1515.html/
http://dongaxis.github.io/
https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/
add macOS浏览器相关的文章
https://blog.ret2.io/
(3) IOS安全优秀GitHub
Contains all example codes for O’Reilly’s iOS 9 Swift Programming Cookbook
https://github.com/vandadnp/iOS-9-Swift-Programming-Cookbook
XCodeGhost清除脚本
https://github.com/pandazheng/XCodeGhost-Clean
Apple OS X ROOT提权API后门
https://github.com/tihmstar/rootpipe_exploit
Effortless and universal SSL pinning for iOS and OS X
https://github.com/datatheorem/TrustKit
Patch PE, ELF, Mach-O binaries with shellcode
https://github.com/secretsquirrel/the-backdoor-factory
iReSign allows iDevice app bundles (.ipa) files to be signed or resigned with a digital certificate from Apple for distribution
https://github.com/maciekish/iReSign
A Mach-O Load Command deobfuscator
https://github.com/x43x61x69/Mach-O-Prettifier
Dylib插入Mach-O文件
https://github.com/Tyilo/insert_dylib
dylib injector for mach-o binaries
https://github.com/KJCracks/yololib
Fast iOS executable dumper
https://github.com/KJCracks/Clutch
Binary distribution of the libimobiledevice library for Mac OS X
https://github.com/benvium/libimobiledevice-macosx
python utilities related to dylib hijacking on OS X
https://github.com/synack/DylibHijack
OSX dylib injection
https://github.com/scen/osxinj
IOS IPA package refine and resign
https://github.com/Yonsm/iPAFine
ROP Exploitation
https://github.com/JonathanSalwan/ROPgadget
Class-dump any Mach-o file without extracting it from dyld_shared_cache
https://github.com/limneos/classdump-dyld
Scan an IPA file and parses its info.plist
https://github.com/apperian/iOS-checkIPA
A PoC Mach-O infector via library injection
https://github.com/gdbinit/osx_boubou
IOS-Headers
https://github.com/MP0w/iOS-Headers
Interprocess Code injection for Mac OS X
https://github.com/rentzsch/mach_inject
OS X Auditor is a free Mac OS X computer forensics tool
https://github.com/jipegit/OSXAuditor
remove PIE for osx
https://github.com/CarinaTT/MyRemovePIE
A TE executable format loader for IDA
https://github.com/gdbinit/TELoader
Mobile Security Framework
https://github.com/ajinabraham/Mobile-Security-Framework-MobSF
A library that enables dynamically rebinding symbols in Mach-O binaries running on iOS
https://github.com/facebook/fishhook
OSX and iOS related security tools
https://github.com/ashishb/osx-and-ios-security-awesome
Introspy-Analyzer
https://github.com/iSECPartners/Introspy-Analyzer
Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk
https://github.com/stefanesser/dumpdecrypted
Simple Swift wrapper for Keychain that works on iOS and OS X
https://github.com/kishikawakatsumi/KeychainAccess
idb is a tool to simplify some common tasks for iOS pentesting and research
https://github.com/dmayer/idb
Pentesting apps using Parse as a backend
https://github.com/igrekde/ParseRevealer
The iOS Reverse Engineering Toolkit
https://github.com/Vhacker/iRET
XNU - Mac OS X kernel
https://github.com/opensource-apple/xnu
Code injection + payload communications for OSX
https://github.com/mhenr18/injector
iOS related code
https://github.com/samdmarshall/iOS-Internals
OSX injection tutorial: Hello World
https://github.com/arbinger/osxinj_tut
Reveal Loader dynamically loads libReveal.dylib (Reveal.app support) into iOS apps on jailbroken devices
https://github.com/heardrwt/RevealLoader
NSUserDefaults category with AES encrypt/decrypt keys and values
https://github.com/NZN/NSUserDefaults-AESEncryptor
Blackbox tool to disable SSL certificate validation
https://github.com/iSECPartners/ios-ssl-kill-switch
应用逆向工程 抽奖插件
https://github.com/iosre/iosrelottery
Untested iOS Tweak to hook OpenSSL functions
https://github.com/nabla-c0d3/iOS-hook-OpenSSL
IOS *.plist encryptor project. Protect your .plist files from jailbroken
https://github.com/FelipeFMMobile/ios-plist-encryptor
Re-codesigning tool for iOS ipa file
https://github.com/hayaq/recodesign
Scans iPhone/iPad/iPod applications for PIE flags
https://github.com/stefanesser/.ipa-PIE-Scanner
xnu local privilege escalation via cve-2015-1140 IOHIDSecurePromptClient injectStringGated heap overflow | poc||gtfo
https://github.com/kpwn/vpwn
MachOView
https://github.com/gdbinit/MachOView
A cross-platform protocol library to communicate with iOS devices
https://github.com/libimobiledevice/libimobiledevice
WireLurkerDetector
https://github.com/pandazheng/WireLurker
Released in accordance with GPL licensing
https://github.com/p0sixspwn/p0sixspwn
xnu local privilege escalation via cve-2015
https://github.com/kpwn/tpwn
A simple universal memory editor (game trainer) on OSX/iOS
https://github.com/pandazheng/HippocampHairSalon
BinaryCookieReader源码
https://github.com/pandazheng/BinaryCookieReader
Tiamo’s bootloader
https://github.com/pandazheng/macosxbootloader
incomplete ios 8.4.1 jailbreak by Kim Jong Cracks
https://github.com/pandazheng/yalu
Security Scanner for OSX
https://github.com/openscanner/XGuardian
Sample kernel extension that demonstrates how to hide from kextstat
https://github.com/rc0r/KextHider
Example Mac OS X kernel extension that resolves symbols from the running kernel image
https://github.com/snare/KernelResolver
Sample Mac OS X (Mountain Lion) kernel extension that demonstrates how to hide files by hijacking getdirentries syscalls
https://github.com/rc0r/FileHider
Sample Mac OS X (Mountain Lion) kernel extension that demonstrates how to hide a process by modifying allproc and pidhashtbl
https://github.com/rc0r/ProcessHider
The Mach-O disassembler. Now 64bit and Xcode 6 compatible
https://github.com/x43x61x69/otx
A Mach-O binary codesign remover
https://github.com/x43x61x69/codeunsign
A Mach-O Load Command deobfuscator
https://github.com/x43x61x69/Mach-O-Prettifier
Very simple keylogger for self-quantifying on Mac OS X
https://github.com/dannvix/keylogger-osx
Manage iOS devices through iTunes lib
https://github.com/xslim/mobileDeviceManager
Detects the hardware, software and display of the current iOS or Mac OS X device at runtime
https://github.com/lmirosevic/GBDeviceInfo
Python Arsenal for Reverse Engineering
http://pythonarsenal.com/
A OS X crypto ransomware PoC
https://github.com/gdbinit/gopher
Frida
https://codeshare.frida.re/
源码级调试的XNU内核 https://bbs.ichunqiu.com/thread-48301-1-1.html
Armor:一款功能强大的macOS Payload加密工具,可绕过大部分AV
https://www.freebuf.com/sectool/190620.html
使用radare2逆向iOS Swift应用程序
https://www.freebuf.com/articles/terminal/191595.html
Debugging macOS Kernel For Fun
https://geosn0w.github.io/Debugging-macOS-Kernel-For-Fun/
MacMalware_2018
https://objective-see.com/downloads/MacMalware_2018.pdf
The best of OpenSource.Apple.Com for iOS
http://newosxbook.com/tools/iOSBinaries.html
FortiAppMonitor:用于监控macOS上的系统活动的强大工具
https://www.freebuf.com/sectool/193258.html
Samples
https://objective-see.com/malware.html#resources
(4) IOS安全优秀书籍
《Hacking and Securing iOS Applications》
《Mac OS X and iOS Internals:To the Apple’s Core》
《OS X and iOS Kernel Programming》
《OS X ABI Mach-O File Format》
《The Mac Hacker’s Handbook》
《Mac OS X Interals:A Systems Approach》
《黑客攻防技术宝典-IOS实战篇》
《IOS应用安全攻防实战》
《IOS应用逆向工程》
《IOS取证实战》
《安全技术大系:IOS取证分析》
(5) IOS安全Twitter
https://twitter.com/Technologeeks
https://twitter.com/osxreverser
https://twitter.com/Morpheus______
https://github.com/bazad
ipsw ios10 ipsw
https://ipsw.me/all
https://www.alliphone.com
https://www.theiphonewiki.com/wiki/Firmware_Keys
http://pastebin.com/FRMfanmT https://www.reddit.com/r/jailbreak/comments/4nyz1p/discussion_decrypted_kernel_cache_ios_10/d48cgd7 https://www.nowsecure.com/blog/2014/04/14/ios-kernel-reversing-step-by-step/
http://www.iphonehacks.com/download-iphone-ios-firmware
Mac下的一些软件
http://sqwarq.com/detectx/
Mac下的安全软件
https://objective-see.com/products.html
好的资料:
https://github.com/pandazheng/IosHackStudy
以上是关于IOS/macOS安全相关资料的收集的主要内容,如果未能解决你的问题,请参考以下文章