| The message information transmitted in the network involves the key business processes of the client and server and the key information of the user.Usually,iOS developers will use protection methods such as encryption,hashing,and compression to prevent the transmission message from being easily deciphered.Some developers are not rigorous enough in the encryption process,and the encrypted transmission message will also have corresponding security problems.Therefore,how to use iOS reverse analysis technology to restore the encryption logic of network messages has important value for the security analysis and testing of network message encryption strategies.The generation logic of the network transmission message is inside the application,and the encryption process of the message data cannot be accurately detected by relying solely on network traffic.In this scenario,researchers usually need to locate key functions based on the messages generated by the application,restore the original semantics of the messages,and execute static methods to analyze fine-grained API sequences to accurately understand the generation process of transmission messages.However,iOS is a closed source system,and its related technologies and research are not yet mature.Because the iOS system has dynamic mechanisms such as delayed binding and message distribution,and the transmission messages are usually in non-standard data forms such as ciphertext,it greatly increases the difficulty for researchers to locate key codes and reverse analysis.In order to solve these problems,this paper proposes dynamic and static reverse analysis techniques for reverse analysis of iOS application network transmission messages.The research results of the paper mainly include the following three aspects.(1)Aiming at the difficulty of accurately locating non-standard data such as ciphertext on the iOS platform,this paper proposes a dynamic fuzzy interception method based on scene keyword matching.This paper performs fuzzy matching on the key code levels generated by the transmission message,and introduces dynamic binary instrumentation technology to realize the positioning and dynamic interception of its key functions.Compared with traditional static code positioning methods,this method reduces the problem of inaccurate key code positioning caused by transmission message encryption processing and iOS dynamic characteristics,and can more quickly and accurately track the message generation position and monitor in real time The encryption and decryption process of the iOS application transmission message.(2)Aiming at the challenges of fine-grained analysis of transmitted messages caused by the message mechanism and dynamic characteristics of the iOS platform,this paper proposes a method for extracting message generation sequences based on class-level expansion.This article analyzes the API execution sequence by simulating dynamic binding and rebuilding class hierarchical information.On this basis,it further infers the object type through type inference and mark backtracking,and analyzes the object dynamic type and function execution trajectory during the transmission message generation process..This method effectively compensates for the inability to accurately and fine-grained extraction of message generation logic caused by the inability to analyze dynamic characteristics in iOS static analysis.(3)Designed and implemented an iOS application network transmission message reverse analysis system.The system realizes code positioning and dynamic interception of key functions of message generation through a dynamic fuzzy interception method,and extracts its internals based on the class hierarchy reconstruction and type inference mechanism API sequence.Finally,the experiment verified the accuracy and effectiveness of the system.At the same time,the experiment detected security issues such as insecure encryption algorithms and policies in the process of generating iOS application transmission messages. |
PDF Full Text Request