iblessing v0.2.1.6 beta releases: iOS security exploiting toolkit
- iblessing is iOS security exploiting toolkit, it mainly includes application information collection, static analysis, and dynamic analysis.
- iblessing is based on a unicorn engine and capstone engine.
- iOS App static info extract, including meta data, deeplinks, urls, etc.
- Mach-O parser and dyld symbol bind simulator
- Objective-C class realizing and parsing
- Scanners making dynamic analysis for arm64 assembly code and find key information or attack surface
- Scanners using a unicorn to partially simulate Mach-O arm64 code execution and find some features
- Generators that can provide secondary processing on scanner’s report to start a query server, or generate a script for IDA
- objc_msgSend sub-functions analysis
- Diagnostic logs
- More flexible scanner infrastructure for new scanner plugins
- Swift class and method parsing
- More scanners and generators
- feat: combine all scanner text disassembly to single driver
- refactor: reuse binary contexts in scanner dispatcher
- refactor: uc insn callback optimize
- Platform: macOS Only (Will support Linux in the future)
A scanner is a component used to output analysis report through static and dynamic analysis of binary files, for example, the objc-msg-xref scanner can dynamically analyze most objc_msgSend cross-references.
A generator is a component that performs secondary processing on the report generated by the scanner, for example, it can generate IDA scripts based on the objc-msg-xref scanner’s cross-references report.
Copyright (C) 2020 Soulghost