Monitoring Ivar Changes in Objective-C

As we've mentioned in the last post, Protection against Message Forward in Objective-C, there're at least two tools for tracing the calling sequence of the methods,

However, they just cannot handle it in the scene below,

@interface ProtectedClass : NSObject {
@public
    NSString * _password;
}
@property (nonatomic, getter=password, setter=setPassword:) NSString * password;
@end
/// ...omited...
    ProtectedClass * obj = [[ProtectedClass alloc] init];
    obj->_password = @"喵咕咪~"; // directly access, undectectable in BigBang or ANYMethodLog
    [obj setPassword:@"喵"]; // BigBang or ANYMethodLog dectectable
/// ...omited...

Because it's not necessarily to call getter or setter in Objective-C when access or change an ivar. Since Objective-C is just a superset of C, so the object (or instance) in Objective-C acts pretty much like the struct in C. You can directly access its member if you have the memory address. Let's check out what happens when compiling.

Here is our code, written in Objective-C, and it's probably quite often to be seen in your projects.

Objective-C code
Objective-C code

继续阅读Monitoring Ivar Changes in Objective-C

Protection against Message Forward in Objective-C

A Brief Review


Runtime is one of the powerful features of Objective-C, it provides us the ability to add/replace a method of some class, retrieve/set the implementation of a specified method, and even add a class in runtime.

However, just like the sunlight shines not only on the good guys, but also on the bad ones. There are some tools in iOS Jailbreak community which take the advantage of Objective-C's runtime feature, to be specific, the ability of message forward. Within this feature, they can log the calling sequence of the methods in the application for further exploitation. And it's not that hard to inject such tools into your application, since there are many ways such as DYLD_INSERT_LIBRARIES or modifying the MachO load commands, and they got some sets of tools like iOSOpenDev, and the new replacement of iOSOpenDev, MonkeyDev by @AloneMonkey.

And there're at least 2 tools which can log the calling sequence of the methods,

Hooked via forwardInvocation
Hooked via forwardInvocation

继续阅读Protection against Message Forward in Objective-C

iOS保护应用安全,拒绝forwardInvocation (╯°□°)╯︵ ┻━┻

在 iOS 逆向工程的论坛上看到了如何勾住一个类所有方法的帖子,然后基本都是用 Objective-C 里的 forwardInvocation: 来做的,例如

Hooked via forwardInvocation
Hooked via forwardInvocation

于是这里做了一个检测自己的类是否被这样给 hook 了的方法。

继续阅读iOS保护应用安全,拒绝forwardInvocation (╯°□°)╯︵ ┻━┻

玩玩咕咕机——将 WordPress 站点的评论打印到咕咕机上w

之前在空间里看见过同学发咕咕机的分享,那时还是第一代咕咕机,然后这几周在 @DIYgod 那边也看到了咕咕机,于是就入了一个来玩玩w

看着非常有趣的咕咕机,然后想自己在这上面折腾点啥东西,于是就有了这个 WordPress 插件,它可以将站点的评论打印到咕咕机上www

第一条打印出来的评论w
第一条打印出来的评论w

继续阅读玩玩咕咕机——将 WordPress 站点的评论打印到咕咕机上w

和元宝酱做了一个公众号——多面的电影之思\(≧▽≦)/

管理员元宝(全名是人见人爱陈元宝)是学社科的大学森,我则化身为cocola~某一天元宝和cocola聊天的时候讲到:一千个人眼中有一千个哈姆雷特,很多时候,事情本身没有改变,只是看待事情的角度变了。于是这个公众号就诞生了,因为想知道,一部电影,从不同的视角出发到底可以看到多少,可以发散到多广。不同学科或者领域的朋友,看到的东西可能会大有不同。元宝和cocola决定选择一部电影(大多是经典),从不同角度进行反复讨论(⁎⁍̴̛ᴗ⁍̴̛⁎)

初心就是:探索和交流

最后欢迎学心理学、人类学、经济学、物理学等等且喜欢电影的小伙伴加入(/ω\)

欢迎大家来围观\(≧▽≦)/

我们的二维码w
我们的二维码w