IOS安全学习资料汇总

转:https://github.com/pandazheng/IosHackStudy

(1)  IOS安全学习网站收集：

http://samdmarshall.com

https://www.exploit-db.com

https://reverse.put.as

http://security.ios-wiki.com

https://truesecdev.wordpress.com/

http://resources.infosecinstitute.com/ios-application-security-part-1-setting-up-a-mobile-pentesting-platform/

http://esoftmobile.com/2014/02/14/ios-security/

http://bbs.iosre.com

http://bbs.chinapyg.com

http://blog.pangu.io/

http://yonsm.net/

http://nianxi.net/

https://github.com/pandazheng/iOSAppReverseEngineering

http://drops.wooyun.org

 

(2)  IOS安全优秀博客文章

https://github.com/secmobi/wiki.secmobi.com

http://bbs.iosre.com/t/debugserver-lldb-gdb/65

http://bbs.pediy.com/showthread.php?t=193859

http://bbs.pediy.com/showthread.php?t=192657&viewgoodnees=1&prefixid=

http://blog.darkrainfall.org/2013/01/os-x-internals/

http://dvlabs.tippingpoint.com/blog/2009/03/06/reverse-engineering-iphone-appstore-binaries

http://drops.wooyun.org/papers/5309

https://www.safaribooksonline.com/library/view/hacking-and-securing/9781449325213/ch08s04.html

http://soundly.me/osx-injection-override-tutorial-hello-world/

https://nadavrub.wordpress.com/2015/07/23/injecting-code-to-an-ios-appstore-app/

 

 

(3)  IOS安全优秀GitHub

XCodeGhost清除脚本

https://github.com/pandazheng/XCodeGhost-Clean

 

Apple OS X ROOT提权API后门

https://github.com/tihmstar/rootpipe_exploit

 

Dylib插入Mach-O文件

https://github.com/Tyilo/insert_dylib

 

OSX dylib injection

https://github.com/scen/osxinj

 

IOS IPA package refine and resign

https://github.com/Yonsm/iPAFine

 

ROP Exploitation

https://github.com/JonathanSalwan/ROPgadget

 

Scan an IPA file and parses its info.plist

https://github.com/apperian/iOS-checkIPA

 

A PoC Mach-O infector via library injection

https://github.com/gdbinit/osx_boubou

 

IOS-Headers

https://github.com/MP0w/iOS-Headers

 

Interprocess Code injection for Mac OS X

https://github.com/rentzsch/mach_inject

 

OS X Auditor is a free Mac OS X computer forensics tool

https://github.com/jipegit/OSXAuditor

 

remove PIE for osx

https://github.com/CarinaTT/MyRemovePIE

 

A TE executable format loader for IDA

https://github.com/gdbinit/TELoader

 

Mobile Security Framework

https://github.com/ajinabraham/Mobile-Security-Framework-MobSF

 

A library that enables dynamically rebinding symbols in Mach-O binaries running on iOS

https://github.com/facebook/fishhook

 

OSX and iOS related security tools

https://github.com/ashishb/osx-and-ios-security-awesome

 

Introspy-Analyzer

https://github.com/iSECPartners/Introspy-Analyzer

 

Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk

https://github.com/stefanesser/dumpdecrypted

 

Simple Swift wrapper for Keychain that works on iOS and OS X

https://github.com/kishikawakatsumi/KeychainAccess

 

idb is a tool to simplify some common tasks for iOSpentesting and research

https://github.com/dmayer/idb

 

Pentesting apps using Parse as a backend

https://github.com/igrekde/ParseRevealer

 

The iOS Reverse Engineering Toolkit

https://github.com/Vhacker/iRET

 

XNU – Mac OS X kernel

https://github.com/opensource-apple/xnu

 

Code injection + payload communications for OSX

https://github.com/mhenr18/injector

 

iOS related code

https://github.com/samdmarshall/iOS-Internals

 

OSX injection tutorial: Hello World

https://github.com/arbinger/osxinj_tut

 

Reveal Loader dynamically loads libReveal.dylib (Reveal.app support) into iOS apps on jailbroken devices

https://github.com/heardrwt/RevealLoader

 

NSUserDefaults category with AES encrypt/decrypt keys and values

https://github.com/NZN/NSUserDefaults-AESEncryptor

 

Blackbox tool to disable SSL certificate validation

https://github.com/iSECPartners/ios-ssl-kill-switch

 

应用逆向工程抽奖插件

https://github.com/iosre/iosrelottery

 

Untested iOS Tweak to hook OpenSSL functions

https://github.com/nabla-c0d3/iOS-hook-OpenSSL

 

IOS *.plistencryptor project. Protect your *.plist files from jailbroken

https://github.com/FelipeFMMobile/ios-plist-encryptor

 

Re-codesigning tool for iOSipa file

https://github.com/hayaq/recodesign

 

Scans iPhone/iPad/iPod applications for PIE flags

https://github.com/stefanesser/.ipa-PIE-Scanner

 

 

(4)  IOS安全优秀书籍

《Hacking and Securing iOS Applications》

《Mac OS X and iOSInternals:To the Apple’s Core》

《OS X and iOS Kernel Programming》

《OS X ABI Mach-O File Format》

《The Mac Hacker’s Handbook》

《Mac OS X Interals:A Systems Approach》

《黑客攻防技术宝典-IOS实战篇》

《IOS应用安全攻防实战》

《IOS应用逆向工程》

《IOS取证实战》

《安全技术大系：IOS取证分析》

 

(5)  IOS安全Twitter

https://twitter.com/Technologeeks

https://twitter.com/osxreverser

 

附：IOS安全学记笔记.pdf