All geek questions in one place

How to beat frame injections?

Does anyone validate their code trying to detect injections? For example, if someone tries to intercept the username / password through NSUrlConnection, they can use LD_PRELOAD/DYLD_LIBRARY_PATH , provide an export for my calls to NSUrlConnection, and then forward the calls to the real NSUrlConnection.

Ali gave excellent information below, but I'm trying to determine what measures should be taken for a hostile environment where the phone can be hacked. Most applications do not care, but one class of applications is software with a high degree of integrity.

If you harden, which method do you use? Is there a standard way to detect injections on Mac and iPhone computers? How do you defeat wireframe injections?

+4
source share
2 answers

For iOS / CocoaTouch, loading dynamic libraries is not allowed * (except for system frameworks). To create and distribute the application through the AppStore, you can only refer to static libraries and system frameworks, without a dynamic library.

So, on iOS, you cannot use this for code injection, and you cannot use LD_PRELOAD , of course (since you do not have access to such environment variables on iOS).

Except maybe jailbroken iPhones, but people jailbroken on the iPhone should take responsibility for jailbreaking, by definition, removing all the securities provided by iOS to avoid things like injections (so you can't expect that you lock the lock on your door, avoid using your key ... and still expect that you are still protected from thieves robbing your house ;-))

This is an advantage of the limitations of Sandboxing + CodeSigning + No dylib on iOS. No code injection.

(In OSX, it is still possible, in particular, using LD_PRELOAD)

[EDIT] Starting with iOS8, iOS also supports dynamic structures. But since this is still isolated (you can only load code frameworks that are in your application packages and cannot load frameworks that come from outside your application package), injection is still not possible *

* except when the user jailbreak his phone, but that means that he decided to get rid of all the protections and goals and thus put his phone at risk - we canโ€™t crack our phoneโ€™s security and still expect him to will provide all protections provided by these securities

+1
source

This is a UNIX-specific answer, like operating systems. I apologize if this does not make sense for your question, but I do not know your platform well. Just don't create a dynamically linked executable.

I can come up with two ways to do this. Method # 2 is probably best for you. They are both alike.

Important for both, the executable must statically compile using -static at build time

  • Method 1 - static exe, manual loading of shared libraries by trusted full paths.

Manually dlopen each library must be through the full path, and then get the addresses of functions through dlsym at run time and assign them to function pointers to use them. You will need to do this for every external function that you want to use. I believe that returning unsafe functions will not be pleasant for those who use static variables - you will need to use safe versions starting with "_r", and use strtok_r instead of strtok

It will be difficult or simple depending on what your application does and how many functions you use.

  1. Method 2 - statically link the executable, period

You can solve your problem with subversion by simply linking the static executable so you donโ€™t have to use dynamic libraries at all. This will lead to a significant increase in exe than the dlopen()/dlsym() method. Use the compilation flag to create -static and instead of using e.g. gcc bah.c -o bah lssl use gcc -static bah.c -o bah /usr/lib/libssl.a to use the statically compiled version of the libraries you need instead of dynamic shared libraries. In other words, use -static and do not use -l when building

For any method:

  • After creation, use file bah to confirm that the executable is statically linked. Or confirm by running ldd on it
  • Please note that you will need statically compiled versions of all the libraries that you link to existing ones on your system. These files end in .a instead of .so )
  • Also note that updating system libraries will not update your executable file. If a new security error appears in OpenSSL, you will need to get the latest version of libssl.a and recompile it. If you use the dlopen()/dlsym() method, you will not have this problem, but you will have portability problems if the characters change in different versions.

Each method has its pros and cons based on your needs.

Taking method 1 of dlopen and dlsym makes your code more "confusing" and smaller, but in most cases sacrifices portability, so this is probably not what you want. The upside is that it can come in handy when security errors are committed to the system.

0
source

Source: https://habr.com/ru/post/1432553/

More articles:


All Articles