Tag Archives: idevice

El nuevo IOS11 de Apple


Después del lanzamiento de la versión en pruebas el pasado mes de julio, la versión definitiva de iOS 11 estará disponible a partir de hoy mismo. Apple no acostumbra a fijar una hora exacta, pero si sigue el patrón habitual aparecerá una notificación en los dispositivos de los usuarios a partir de las 10 de la mañana en Cupertino y sobre las 19 horas en España.

¿Qué novedades presenta iOS 11?

Son numerosas y diversas, algunas exclusivas para el iPhone X y otras disponibles también para el resto de dispositivos. De algunas ya pudimos ver una pequeña muestra la semana pasada en la presentación de los nuevos terminales, como el Face ID, los animojis o la realidad aumentada en el modelo más caro. Otras, en cambio, deberemos esperarnos hasta tener el nuevo software para disfrutar de ellas.
Más allá de los emoticonos animados y de la posibilidad de desbloquear el teléfono con el rostro, con iOS 11 también dispondremos de un nuevo centro de control más personalizado y completo, podremos grabar lo que ocurre en nuestra pantalla y editar las imágenes y los vídeos obtenidos y gestionar nuestro contenido con la aplicación Archivos.

Continue reading


Good news about jailbreaking IOS 7.1.1

20140508-124735.jpg

Avid fans of iOS jailbreaking have been eagerly anticipating the release of iOS 7.1/7.1.1 jailbreak, as the advent of iOS 7.1 update killed all existing exploits used in evasi0n7 jailbreak and thereby rendering it useless.

Those who have already updated their devices to iOS 7.1 can no longer enjoy the privilege of installing jailbreak tweaks and apps, as they lose jailbreak status soon after installing this update.

Furthermore, Apple has stopped signing firmware older than iOS 7.0 as it intends to withdraw all technical support for jailbroken iOS devices. As a result, you will no longer be able to downgrade your device from iOS 7.1 to iOS 7 or earlier iOS 6 firmware builds.
Continue reading


Hacking with mobile devices PART IV (FINAL)

20140415-175740.jpg

DATA SMUGGliNG

Collecting data at a remote site requires that we remove it somehow – if we have a continuous connection, such as a reverse shell, then we can collect the data real time. However, if we deposit our mobile device with the intention of concealing it for an extended period of time, then we need to worry about a few issues as follows:
1. Preventing discovery of our collected data while on-site
2. Providing concealment during the duration of the event
3. Extracting the data safely

Encryption

If we use mobile devices to collect and transmit data, we should be selective in our choices of devices and ensure that they are capable of encrypting any data at rest or in motion. Earlier models of most mobile devices are incapable of full disk encryption, which puts the device and us at risk if discovered and forensically examined; we, therefore, need to look for devices that will allow us to keep our
activities secret or provide a mechanism for covering our tracks if discovered.

Data at Rest

The newer mobile devices claim to provide something similar to full disk encryption. Although the ability of these devices to be able to protect data against forensic analysis is questionable, the devices are getting better at addressing the security of data at rest. We can do a few additional tasks to encrypt data at rest on our mobile devices to increase our comfort level about our hacking data.
Naturally, we cannot encrypt scripts that we need to run during our collection or attack phases; however, once we have collected the data, we can encrypt the data using strong passwords. The program gpg is one method of securing a file through symmetric encryption. It is possible to encrypt a file with the GNU Privacy Guard (GNU PG) application, which can be installed on a jailbroken iPod touch.
Continue reading


Tools Installed on iPod Touch Through Cydia for Hacking

20140410-140014.jpg

adv-cmds
Base structure
Core utilities Darwin tools
Diff utilities
Find utilities
GNU cryptography
Grep
iPhone Firmware Libnet
Libxslt
mDNSResponder
APT Berkeley DB
csu
Debian packager diskdev-cmds Gawk
GNU debugger
gzip
less
libpcap
Link identity editor
Metasploit
AutomaticSSH
Bourne again shell
Cydia installer Dev-Team dns2tcp gettext
GNU privacy guard
iBrowser libffi libutil Lynx
Mobile substrate
Backgrounder bzip2
Darwin CC Tools developer-cmds Docs
GNU C Compiler GNU PG errors
inetutils libgcc libxml2 Make
nano

Continue reading


Hacking with mobile devices PART II

20140408-185020.jpg

Vulnerability Identification

There are numerous commercial tools available to a professional penetration tester who conducts vulnerability identification analysis – unfortunately, none have been ported to the iPod touch.
The Nmap application has the ability to use scripts that interpret the Nmap findings and attempt to identify vulnerability; however, the development of Nmap as a vulnerability scanning application does not have the support that other programs do, like Nessus or Core IMPACT (to name a couple).
Perhaps a better alternative is to use the iPod touch as a pivot for more robust vulnerability scanners.

I would say that the use of the iPod touch as a platform to conduct a pivot attack seems to be the best option for conducting a vulnerability identification scan than trying to use Nmap or do the identification manually.

Vulnerability Exploitation

We can use an agent deployed on the iPod touch to conduct vulnerability exploita- tion, similar to the way an agent can be used to perform vulnerability identification. Again, Core IMPACT would be a good choice for such an attack. However, there is an application framework that can perform vulnerability exploitation, which can be installed using Cydia – the Metasploit 3.0
Similar to the traditional application installed on laptops or desktops, the Metasploit application can be run from the command line from the iPhone touch where we can launch exploits against servers with greater certainty of stability and accuracy.
Continue reading


Hacking with mobile devices an INTRODUCTION

20140404-125008.jpg

Mobile Devices
Mobile phones and personal data assistant (PDA) appliances used to be limited in their functionality; however, today there are wireless devices that operate using advanced operating systems and support applications that are incredibly useful for conducting clandestine activities. As an example, Apple’s iPod touch runs on the UNIX-Darwin kernel, which is open source,2 POSIX compliant, and single UNIX specification version 3 (SUSv3) compliant. Because of this, advanced hacker appli- cations can be built and installed onto the device, making the iPod touch a powerful hacking platform.

Regardless, there are some interesting trends that we can examine and use to our advantage.
The first trend is the use of open-source operating systems. As already mentioned, the iPod touch and the iPhone, both products of Apple Inc., uses the Darwin operating system. Additional proprietary applications, including graphic interface software, have been added to these portable devices; however, the core system is undeniably UNIX based.
The second trend is the increase in computing power and memory. Although the iPod touch does not have the processing capabilities of desktops or even laptops, they are quite capable of processing large amounts of data rapidly. As a benchmark test, the iPod touch (first generation) was able to process 577 MD5 hashes per second using the password cracking tool “John the Ripper.” In comparison, the MacBook Pro with a 2.8GHz Intel Core Duo processor was able to process 7674 per second. Although about one-twelfth the capability of the MacBook Pro, the iPod touch results are still impressive for what many consider as simply a fancy MP3 player.
The method of obtaining applications needed for penetration testing or covert audio and video communication will vary, depending on the mobile platform. In the case of the Droid and Palm Pre, access to the underlying operating system is avail- able by design. However, in the case of the iPod touch, access to the operating system can only be achieved by “jailbreaking” the phone, which circumvents protection mechanisms installed by Apple.
The actual method of jailbreaking varies, depending on the generation of the iPod touch and the version of the installed software (HOW TO jailbreak is explained in another post -same hack section). Once jailbroken, we can place applications on our device through different repositories – the most notable is called “Cydia.” More information on Cydia can be found at http://cydia.saurik.com/.
Continue reading


Tor proxy on iphone

20140326-120050.jpg

So, now you can install/ get TOR on your idevice. but first the question that arise is: why should I do this? well here is why.

Tor’s mission is provide you with anonymity while browsing online. This is useful if you do not want people locating you and especially if you are dealing with confidential information. Tor is available for Windows, Mac and Linux. It is also available in a mobile version for Androids and iPhones. In order to install it on your iPhone it needs to already be jailbroken

1
Jailbreak your iPhone. Check the Resources section for a wizard to guide you through that process.

2
Create the folder “/var/root/Media/Cydia/AutoInstall” on your device. You will have to use iPhoneBrowser to create the folder on your iPhone (see Resources).

3
Download and place the slackware .deb file into the folder you created (see Resources).

4
Restart your device and open Cydia. Refresh your sources and perform an upgrade within Cydia to make sure everything is up to date.

5
Install “Tor Toggle” from within Cydia and then add it to the “SBSettings” menu.

6
Navigate to your “HTTP Proxy” settings. This is done by going back to main menu and pressing “Settings,” “WiFi,” “Your Wireless Network ESSID” and, finally, “HTTP Proxy Manual.” Set the server to “127.0.0.1”, the port to “8118” and make sure authentication is off. All your phone’s traffic will now be proxied through Tor’s network.


Jailbreaking IOS

Image

So, Now that Apple has released the IOS 7.0.4 we all wonder. Is it really to Jailbreak? and the answer is YES. But first, what is jailbreaking? well, is simply the process of removing the limitations on Apple.Inc. devices running IOS operative system. Which allow users to root access to the IOS.

I have many people asking me how to do it! Here is how.

1. Go to evasi0n.com and choose MAC OS X or WINDOWS to dowloand the file: evasi0n 7

Continue reading


%d bloggers like this: