Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[0x06c] Add section Loaded Native Libraries #1948

Merged
merged 5 commits into from
Oct 30, 2021
Merged

[0x06c] Add section Loaded Native Libraries #1948

merged 5 commits into from
Oct 30, 2021

Conversation

cpholguera
Copy link
Collaborator

Closes #1370.

Now we're consistent with Android.

cpholguera
cpholguera commented Oct 29, 2021
View reviewed changes
Document/0x06c-Reverse-Engineering-and-Tampering.md Outdated
@@ -334,6 +334,10 @@ iOweApp 2828 mobile txt REG 1,2 664848 234595 /usr/lib/dyld
...
```

#### Loaded Native Libraries

The file `/proc/<pid>/maps` contains the currently mapped memory regions and their access permissions. Using this file we can get the list of the libraries loaded in the process.
Copy link
Collaborator Author

@cpholguera cpholguera Oct 29, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to the MSTG:

On Android, verifying this is pretty straightforward as you can simply grep for the string "frida" in the memory maps of the process ID in the proc directory (/proc/<pid>/maps). However, on iOS the proc directory is not available, but you can list the loaded dynamic libraries in an app with the function _dyld_image_count.

Is this still true? @sushi2k

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it refers to the app trying to get /proc/<pid>/maps, but as the (tester) root user we should be able to call that from the CLI. Please confirm using a device :)

Copy link
Collaborator

@sushi2k sushi2k Oct 29, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cpholguera No /proc on iOS. Therefore we can close this PR!

image

sushi2k
sushi2k reviewed Oct 29, 2021
View reviewed changes
Copy link
Collaborator

@sushi2k sushi2k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

one minor change! Thank you Carlos

Document/0x06c-Reverse-Engineering-and-Tampering.md Outdated Show resolved Hide resolved
@cpholguera
Copy link
Collaborator Author

done, and included the link to the tool's chapter. Thanks for the suggestion! ☺️

@sushi2k sushi2k merged commit 4cd9170 into master Oct 30, 2021
@cpholguera cpholguera deleted the cpholguera-patch-2 branch October 30, 2021 08:24
@cpholguera cpholguera changed the title 0x6c - Add section Loaded Native Libraries [0x06c] Add section Loaded Native Libraries Dec 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sushi2k sushi2k sushi2k approved these changes

Assignees
No one assigned
Labels
change-mstg
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

6c - Create Basic Information Gathering (Dynamic Analysis)
2 participants
@cpholguera @sushi2k