Description: This video is part of the SecurityTube iOS Security Expert course and certification: http://securitytube-training.com/online-courses/securitytube-ios-security-expert/
Native iOS applications are programmed in Objective-C which is a dynamically typed language. The property of dynamically typed language requires full class information to be available at runtime - this is fantastic from a language perspective but a nightmare for developers from a security perspective. Also, Apple's guidelines to use descriptive names for Classes, Properties, Methods etc. compounds the problem. An attacker with the right tools (e.g. class-dump-z) can dump class information from an iOS application and infer the functionality of different classes (due to the logical naming convention). This will thus become the starting point for more sophisticated runtime attacks using Cycript and GDB. In this video, we will explore how to dump class information from iOS applications using class-dump-z.
Tags: sise , securitytube ios security expert , class-dump-z , runtime analysis ,