liOS: Lifting iOS apps for fun and profit

by   Julian Schütte, et al.

Although iOS is the second most popular mobile operating system and is often considered the more secure one, approaches to automatically analyze iOS applications are scarce and generic app analysis frameworks do not exist. This is on the one hand due to the closed ecosystem putting obstacles in the way of reverse engineers and on the other hand due to the complexity of reverse engineering and analyzing app binaries. Reliably lifting accurate call graphs, control flows, and data dependence graphs from binary code, as well as reconstructing object-oriented high-level concepts is a non-trivial task and the choice of the lifted target representation determines the analysis capabilities. None of the various existing intermediate representations is a perfect fit for all types of analysis, while the detection of vulnerabilities requires techniques ranging from simple pattern matching to complex inter-procedural data flow analyses. We address this gap by introducing liOS, a binary lifting and analysis framework for iOS applications that extracts lifted information from several frontends and unifies them in a "supergraph" representation that tolerates missing parts and is further extended and interlinked by liOS "passes". A static analysis of the binary is then realized in the form of graph traversal queries, which can be considered as an advancement of classic program query languages. We illustrate this approach by means of a typical JavaScript/Objective-C bridge, which can lead to remote code execution in iOS applications.


page 1

page 2

page 3

page 4


IIFA: Modular Inter-app Intent Information Flow Analysis of Android Applications

Android apps cooperate through message passing via intents. However, whe...

WASMixer: Binary Obfuscation for WebAssembly

WebAssembly (Wasm) is an emerging binary format that draws great attenti...

When Program Analysis Meets Bytecode Search: Targeted and Efficient Inter-procedural Analysis of Modern Android Apps in BackDroid

Widely-used Android static program analysis tools, e.g., Amandroid and F...

Wasmati: An Efficient Static Vulnerability Scanner for WebAssembly

WebAssembly is a new binary instruction format that allows targeted comp...

Parallelizing Binary Code Analysis

Binary code analysis is widely used to assess an a program's correctness...

Symbolic Execution and Debugging Synchronization

In this thesis, we introduce the idea of combining symbolic execution wi...

Historia: Refuting Callback Reachability with Message-History Logics (Extended Version)

This paper determines if a callback can be called by an event-driven fra...

Please sign up or login with your details

Forgot password? Click here to reset