-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added technique for analyzing entitlements (#2884)
* Added technique for analyzing entitlements * Improve linting * More linting * Final lints * Update techniques/ios/MASTG-TECH-0111.md --------- Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
- Loading branch information
1 parent
a83f71b
commit 49f77b7
Showing
9 changed files
with
169 additions
and
137 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
--- | ||
title: Extracting Entitlements from MachO Binaries | ||
platform: ios | ||
--- | ||
|
||
To extract the entitlements from a MachO binary, the following tools can be used: | ||
|
||
- @MASTG-TOOL-0111 | ||
- @MASTG-TOOL-0105 | ||
- @MASTG-TOOL-0101 | ||
|
||
The following examples use these tools on the main binary of @MASTG-APP-0028, which contains two architectures. | ||
|
||
## ldid | ||
|
||
The entitlements can be extracted using `ldid -e <binary>`. The `-A` flag is added to specify the desired architecture (16777228:0, which is CPU_TYPE_ARM64:CPU_SUBTYPE_ARM64_ALL): | ||
|
||
```bash | ||
$ldid -e -A16777228:0 iGoat-Swift.app/iGoat-Swift | ||
``` | ||
|
||
```xml | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | ||
<plist version="1.0"> | ||
<dict> | ||
<key>application-identifier</key> | ||
<string>TNAJ496RHB.OWASP.iGoat-Swift</string> | ||
<key>com.apple.developer.team-identifier</key> | ||
<string>TNAJ496RHB</string> | ||
<key>get-task-allow</key> | ||
<true/> | ||
<key>keychain-access-groups</key> | ||
<array> | ||
<string>TNAJ496RHB.OWASP.iGoat-Swift</string> | ||
</array> | ||
</dict> | ||
</plist> | ||
``` | ||
|
||
## ipsw | ||
|
||
The entitlements can be extracted using `ipsw macho info -e <binary>`. The `-a` flag is added to specify the desired architecture: | ||
|
||
```bash | ||
$ ipsw macho info -e iGoat-Swift.app/iGoat-Swift -a arm64 | ||
``` | ||
|
||
```xml | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | ||
<plist version="1.0"> | ||
<dict> | ||
<key>application-identifier</key> | ||
<string>TNAJ496RHB.OWASP.iGoat-Swift</string> | ||
<key>com.apple.developer.team-identifier</key> | ||
<string>TNAJ496RHB</string> | ||
<key>get-task-allow</key> | ||
<true/> | ||
<key>keychain-access-groups</key> | ||
<array> | ||
<string>TNAJ496RHB.OWASP.iGoat-Swift</string> | ||
</array> | ||
</dict> | ||
</plist> | ||
``` | ||
|
||
## codesign | ||
|
||
The entitlements can be extracted using `codesign -d --entitlements - <binary>`. Make sure to include the `-` as the argument for the `--entitlements` flag: | ||
|
||
```bash | ||
$ codesign -d --entitlements - iGoat-Swift.app/iGoat-Swift | ||
``` | ||
|
||
```code | ||
Executable=/Users/owasp/iGoat/Payload/iGoat-Swift.app/iGoat-Swift | ||
[Dict] | ||
[Key] application-identifier | ||
[Value] | ||
[String] TNAJ496RHB.OWASP.iGoat-Swift | ||
[Key] com.apple.developer.team-identifier | ||
[Value] | ||
[String] TNAJ496RHB | ||
[Key] get-task-allow | ||
[Value] | ||
[Bool] true | ||
[Key] keychain-access-groups | ||
[Value] | ||
[Array] | ||
[String] TNAJ496RHB.OWASP.iGoat-Swift | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
--- | ||
title: IPSW | ||
title: ipsw | ||
platform: ios | ||
source: https://github.com/blacktop/ipsw | ||
host: | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
--- | ||
title: ldid | ||
platform: ios | ||
source: https://github.com/ProcursusTeam/ldid | ||
host: | ||
- windows | ||
- linux | ||
- macOS | ||
--- | ||
|
||
ldid is a Link Identity Editor created by Saurik. It allows you to view and update the entitlements of a MachO binary. | ||
|
||
The original source can be found at [https://git.saurik.com/ldid.git](https://git.saurik.com/ldid.git), while precompiled versions are available from the [ProcursusTeam's repo](https://github.com/ProcursusTeam/ldid). |