Thursday, 13 April 2017

iOS Application Pentesting Part 2 : iOS Application Basics


In todays post, we will see iOS Application. Knowing our enemy before attacking is very important for us ;)

iOS : If i can say in simple words, Its an Operating System which run various iDevices which is create By Apple Inc.

iOS (formerly iPhone OS) is a mobile operating system created and developed by Apple Inc. exclusively for its hardware. It is the operating system that presently powers many of the company's mobile devices, including the iPhone, iPad, and iPod Touch. It is the second most popular mobile operating system globally after Android. iPad tablets are also the second most popular, by sales, against Android since 2013.[9]

Originally unveiled in 2007 for the iPhone, iOS has been extended to support other Apple devices such as the iPod Touch (September 2007) and the iPad (January 2010). As of January 2017, Apple's App Store contains more than 2.2 million iOS applications, 1 million of which are native for iPads. These mobile apps have collectively been downloaded more than 130 billion times.
[Source - https://en.wikipedia.org/wiki/IOS ]

Applications which comes pre-installed in the device placed in /Applications Folder in the device.

And application which seprately installed by user will store in /var/containers/Bundle/Application/ [iOS9] On previous iOS Version the custom application folder was /var/mobile/Applications/.

Its depend on your iOS version, kindly look for storage location as per your iOS version.

Every device has his own Hardware and OS which is running on it then Application which is running with the OS.


Now question arise that How that all applications are made.

iOS Application are made in Objective-C which is derived from Next OS and we can say Objective-C is newer version of Next OS.Most of the iOS application are coded in Objective-C .
Objective-C is a runtime oriented language. a runtime language which decides what to implement in a function and other decisions during the runtime of the applications. But Objective-C a runtime oriented language rather then only runtime language,
In the short note it which means that it may changes the flow/decision when the code in the application is actually being executed

The Objective-C model of object-oriented programming is based on message passing to object instances. In Objective-C one does not call a method; one sends a message. This is unlike the Simula-style programming model used by C++. The difference between these two concepts is in how the code referenced by the method or message name is executed. In a Simula-style language, the method name is in most cases bound to a section of code in the target class by the compiler. In Smalltalk and Objective-C, the target of a message is resolved at runtime, with the receiving object itself interpreting the message. A method is identified by a selector or SEL — a NUL-terminated string representing its name — and resolved to a C method pointer implementing it: an IMP.[17] A consequence of this is that the message-passing system has no type checking. The object to which the message is directed — the receiver — is not guaranteed to respond to a message, and if it does not, it raises an exception.[18]

Sending the message method to the object pointed to by the pointer obj would require the following code in C++:

obj->method(argument);
In Objective-C, this is written as follows:

[obj method:argument];
Both styles of programming have their strengths and weaknesses. Object-oriented programming in the Simula (C++) style allows multiple inheritance and faster execution by using compile-time binding whenever possible, but it does not support dynamic binding by default. It also forces all methods to have a corresponding implementation unless they are abstract. The Smalltalk-style programming as used in Objective-C allows messages to go unimplemented, with the method resolved to its implementation at runtime. For example, a message may be sent to a collection of objects, to which only some will be expected to respond, without fear of producing runtime errors. Message passing also does not require that an object be defined at compile time. An implementation is still required for the method to be called in the derived object. (See the dynamic typing section below for more advantages of dynamic (late) binding.)

If you need more information on iOS please go this page - https://en.wikipedia.org/wiki/IOS

iOS Application Pentesting Part 3 : Extracting iOS App Class Information
iOS Application Pentesting Part 1 : Setting Up The Attacking Environment

No comments:

Post a Comment