Method for obtaining encrypted data on iOS platform

Abstract

The invention belongs to the technical field of mobile security in information security, and relates to a method for obtaining the encrypted data on an iOS platform. The method comprises the steps ofconstructing a continuously expanded encryption feature library by adopting a DBI technology according to a Crypto library and a third-party library built in the iOS; and when the iOS runs, extractingthe encrypted data and the key feature vector from the iOS application, and finally obtaining the encrypted data on the iOS platform. According to the method, the technology is more stable, the efficiency is higher, and the method is not influenced by the software reinforcement and the reverse debugging. Compared with reinforcement and confusion appearing in static analysis, a dynamic binary instrumentation tool breaks away from the static behavior characteristics and does not depend on static analysis any more, and has higher universality. Compared with anti-debugging behaviors appearing inconfusion and dynamic debugging, the relevant characteristics of debugging cannot be embodied in the program, and therefore the program cannot be detected more easily.

Description

technical field [0001] The invention belongs to the technical field of mobile security in information security, relates to a technology for obtaining data during dynamic execution of iOS applications, and in particular to a method for obtaining encrypted data on an iOS platform. Background technique [0002] A lot of research has been done in the field of security analysis of software encryption algorithms at home and abroad, and some feasible security analysis methods including static and dynamic are proposed, and corresponding software security analysis tools are constructed. At present, the analysis methods for encrypted data on the iOS platform mainly include: static analysis, dynamic debugging, etc. The following examples are briefly described. [0003] · Static analysis of encrypted features [0004] Static analysis first needs to reversely analyze the function call process, and analyze the corresponding modules and import and export tables for the encryption algorith...

AI Technical Summary

Problems solved by technology

[0020] Whether it is static analysis or dynamic debugging, it is only based on the internal analysis of the program, and the external function characteristics related to encryption cannot be extracted, and for the data encryption process, the encryption characteristics cannot be unified and fixed, relying on the reverse analysis of the program , cannot be separated from the relevant static and dynamic analysis techniques, and the analysis method itself has shortcomings

[0021] (2) Insufficiency of static analysis

[0024] Static analysis largely relies on reading assembly code, so there are many open source or paid tools that can be used to obfuscate or pack, in order to resist static analysis; such as hardening the program to harden the platform, and LLVM to confuse the control data flow , obfuscating program symbols, original encrypted function names, etc., can make the disassembly code difficult to read

The existence of the above situations has caused great difficulties for static analysis to find encryption functions.

[0025] (3) Insufficiency of dynamic debugging

Moreover, dynamic debugging itself is a very complicated and cumbersome operation. If you encounter anti-debugging, you need to manually analyze it, patch the program, and configure quite cumbersome steps for debugging, which is laborious and time-consuming.

Images