CC13: The Pin Puller's Guide: A Hands-On Guide to Reverse Engineering iOS Applications скачать в хорошем качестве

CC13: The Pin Puller's Guide: A Hands-On Guide to Reverse Engineering iOS Applications

Watch a full, tool‑free walkthrough of breaking iOS certificate pinning—using nothing but Ghidra, Objection, and a jailbroken phone. Certificate pinning blocks interceptor proxies like Burp. Alex Trudeau shows how to defeat it without Frida scripts or commercial bypass kits, giving red‑teamers stealth and blue‑teamers insight into real‑world risks. Disassembly & code hunting – locate pin‑check logic in Apple’s Damn Vulnerable iOS App with Ghidra search tricks. Live debugging – hook the right NSData isEqual call, avoid noisy global hooks, and trace the certificate‑length mismatch. On‑device patching – swap server‑leaf and CA certs, re‑sign IPA, and preserve intended app code paths. Lessons learned – why “quick” SSL‑pinning disables can miss critical flows, and how to automate manual findings for future tests. Ideal for mobile testers, jailbreak hobbyists, and developers who want their pinning to actually work. 00:00 Saturday‑morning kickoff & speaker intro 02:00 What is certificate pinning? (quick refresher) 04:05 Why Google now discourages strict pinning 05:35 Demo target: Damn Vulnerable iOS App (DVIA) 07:10 Tool stack & attack‑plan overview 09:35 Burp‑proxy setup & first pin‑fail message 11:55 Easy mode: Objection “ios ssl‑pinning disable” (and its pitfalls) 14:55 Loading DVIA binary into Ghidra 17:25 Hunting the failure string & locating bVar3 check 20:15 The TBNZ branch—why patching isn’t the best fix 22:45 Choosing a cleaner hook point: NSData isEqual 26:15 Objection live‑hook demo—identifying cert‑length mismatch 29:05 Capturing server‑leaf cert with OpenSSL 31:40 Converting PEM → DER & replacing app‑bundle cert 34:55 Rerun: successful HTTPS + “request sent using certificate pinning” 37:05 Source‑code review—SecTrustGetCertificateAtIndex(…, 0) 39:45 Reusable reversing workflow & defender takeaways 42:05 Q&A, resources, and trackpad jokes #CertificatePinning #iOSReverseEngineering #CactusCon #mobileappsecurity #Ghidra