Research And Practice Of Attack And Defense Technology On IOS Application

In recent years,with the rapid development of the mobile Internet,mobile devices have expanded continuously in the consumer field and even in the corporate sector.The growth in both speed and number is surprising.The explosive growth of mobile devices and the expansion of the mobile market have all dramatically increased the attack surface of information security.More and more security issues have occurred,such as privacy leaks,mobile phone viruses,and malicious software.i Phone has occupied a large share in the mobile smart phone market.The iPhone Operating System developed by Apple has a good security mechanism in the overall design.After years of development,the security performance has been perfected.However,in the recent years,the iOS has been leaked continuously.In particular,the iOS device is jailbroken.After the device is jailbroken,system security is destroyed and unsigned malicious programs can be run on the iOS device.Unknown attack,how to know defense.Only by reversely analyzing the principles of malicious software,and constantly summing up experience from being attacked,can we better protect the security of applications.Therefore,it is very necessary to research the attack and defense technology of application under iOS platform.First of all,for the application attacked part,this article mainly studies the application reverse engineering technology under iOS platform,introducing the theoretical basis of iOS reverse engineering,summarizing an i OS reverse engineering analysis framework for the characteristics of iOS platform software.This reverse analysis framework mainly includes three reverse analysis methods: network analysis,static analysis and dynamic analysis.In the static analysis method,two methods are proposed for decrypting binary files.One based on automation tools,the other based on debuggers.In the dynamic analysis method,the "parameter printing method" is mainly proposed to determine the significance of function para meters for difficult to determine the meaning of function parameters.The four techniques are software debugging,run-time hook,parameter printing and antireverse debugging as the main line,forming a complete software dynamic analysis program.Secondly,according to the research of iOS reverse analysis method,the iOS platform address book software is analyzed and debugged in reverse,and tw-eak development is carried out through the reverse analysis result to realize the skidding delete contacts operation.Finally,the application protection part is mainl y studied from the aspects of anti-reverse and security function design.Accordin g to the characteristics of the iOS platform application,the security problems existing in the iOS application are analyzed and the application security framework is designed.The security evaluation indexs are established and the reverse protection methods and the design ideas of the security function are given.According to the given safety indicators,a financial App is evaluated for safety.The unsafeindicators in the assessment result are rectified and regressuion testedusing the given security ideas.From design,development to testing,a complete and effecti ve application protection program is formed.