iOS Reversing

There’s a new attempt at jailbreak detection available at http://appminder.nesolabs.de. It is mostly aimed at Enterprise applications and not AppStore usage. I am not sure about AppStore rules but those tricks will most probably not pass the approval process. AppMinder provides three levels of jailbreak detection and anti-debugging measures. The different levels are related to self-integrity checking and code obfuscation rates. When you generate a new protection, it will give you some plug’n’pray code to plug in into your existent code base....

MacHeist released a great puzzle game called The Heist, promising a prize when you managed to open the safe. Since I am a sucker for puzzle games I bought it and gave a brief check on its code. There is a single url in the program and some references to SHA256, this being a good indicator that they thought a little about security. I started playing the game and finally opened the safe....

I just found a nice interview with CrackZ here. He nails the point that curiosity and intellectual challenge trumps above everything else but also demonstrates the process from not caring about the impact of his acts to something more “ethical”. His site is still one of the best resources for Windows reversing, especially regarding dongles. I have also decided to publish an incomplete version of my trainer for Contract Killer. I see that cheating is widespread so I think there’s not much impact from doing this....

This will be a story in development, which is kinda of funny taking in account the target in question. I might be wrong on all this but my instinct is hinting me that I’m not. After the Contract Killer post I got very much interested in verifying these kind of implementations in other apps. This morning I had a flash into my mind about checking what happened with the NY Times app....

Let me start this post with a little rant. The iPad is a great product but it’s full of “spyware” and that sucks big time. One might argue that it’s not spyware, it’s just sending bits of information. Well, for me it’s damn spyware because I’m not authorizing the apps to send any information, much less unique pieces of information that can identify you forever. I can’t even conceive why the enterprise world will adopt the iPad with these kind of problems....