Page 1 of 5

Set up a macOS Parallels Virtual Machine for security research Nov 16 2020

macOS comes with a good set of predefined security features designed to keep us safe, e.g. System Integrity Protection. These security features are great for everyday use, but they get in the way when we are trying to analyse what processes are doing, for example, attaching to a process using lldb. In this post, I’ll show you how to set up a Virtual Machine (VM) using Parallels Desktop and Disable SIP so you can use the VM as your research lab.

Adding dark mode to a UIKit App Nov 4 2020

First, remember create a new branch for the changes, we can do that using Xcode or the git(1) command-line tool.

The basic support

iOS 13 introduced semantic colours, so UIKit already comes with support for automatic colour selection depending on the UserInterfaceStyle. So the simplest setup is to change our UIColor to semantic colours. For example:

Understanding SwiftNIO by building a text modifying server Aug 20 2020

Building a network application requires a good amount of effort, not only because of the complexities of the application you are building but also by the nature of network architecture. We have to define how are we going to handle the connections, the abstractions we’ll use to differentiate between network code and our application code, etcetera. Here is where SwiftNIO comes in, it provides an efficient non-blocking event-driven model, that is easy to use and extend. If we follow SwiftNIO’s model, we can take a lot of the boilerplate set up away and focus on building the logic of our applications. In this post, I’ll show you how to use SwiftNIO and understand its workflow by creating a server that receives text from clients and returns a modified version of the text.

Building a text-based application using Swift and ncurses Aug 6 2020

The ncurses(3) library powers many popular text-based applications, for example, emacs(1) and htop(1). The use of ncurses is not required to build text-based applications. We could use escape sequences. And for small command-line tools escape sequences are enough, but sometimes it’s nice to rely on a library that handles edge cases. In this post, we’ll build a text-based clock that uses SwiftCursesTerm, a wrapper library I created for using ncurses in Swift.

How to read passwords and sensitive data from the command-line using Swift Jul 17 2020

Shoulder surfing is a real threat. And we, as software developers, should strive to provide safety to our users. One way to mitigate the inadvertent exposure of sensitive data is related to how we handle the input of sensitive data in our applications. Every time the user inputs sensitive data, we should hide it from prying eyes. In this post, we’ll learn how to read passwords and passphrases on a command-line tool built using Swift.

Understanding the Swift Argument Parser and working with STDIN Jul 7 2020

Operating systems have provided command-line interfaces for decades now, and all but the simplest command-line tools require argument parsing. Due to years of use and refinement, there are many expectations on how command-line tools should handle arguments. Because of these popular conventions, creating an argument parser is not as simple as we might think.

Creating a bespoke argument parser might not be where we would like to spend most of our time. The good news is that you don’t have to, Apple open-sourced the Swift Argument Parser (SAP). In this post, we’ll learn how the Swift Argument Parser works, and how to use it for handling STDIN for composable command-line tools.

WWDC20 Interesting videos list Jun 26 2020

Here is the list of the videos I’m looking forward for the 2020 WWDC. I might add notes/comments later when I have seen them all.

Swift and Objective-C

What’s new in Swift - Watch this one first if you want to see a general overview of what to expect from Swift 5.3. Other WWDC20 sesisons expand on the topics covered in this session.
Read More...

Resigning iOS apps from an IPA for mobile security research Feb 7 2020

When we are asked to perform a black-box security analysis on an iOS app, depending on the scope, we might only have access to the iOS app from the AppStore. But most of the time, the client would give us an IPA. In a black-box analysis, we won’t get access to the source code, so deploying it through Xcode to a Device for testing might be out of the question. One possible solution is to resign the app with a profile that we own and deploy it to our test device. In this post, I’ll explain how to re-sign an iOS app so we can generate an IPA that we can deploy to our test device.

Let's write some assembly code in macOS for Intel x86_64 Dec 12 2019

This is going to be a small article on the basics of working with Assembly Language. We won’t go deep into building extensive programs in assembly. The main idea of this post is to clarify the workflow for creating an assembly program and some key concepts so you can comfortably begin your assembly explorations.

Let’s first learn about the different assembly syntaxes and types.

Bash Beyond Basics Increase your efficiency and understanding of the shell

If you are interested in this topic you might enjoy my course Bash Byond Basics. This course helps you level up your bash skills. This is not a course on shell-scripting, is a course on improving your efficiency by showing you the features of bash that are seldom discussed and often ignored.

Understanding Disk Images by building a macOS Catalina ISO image for VirtualBox [macOS] Dec 4 2019

Having a virtual machine running macOS opens up a lot of opportunities for learning. If you are into security, you can set up a VM for your security lab. Or if you want to learn networking or kernel debugging, it is also helpful to use a VM. The other option is risk breaking your work machine in your experiments (not fun). To build our VM, we need to use Disk Images, another topic that is useful in other areas.