Sekiur My Thoughts

Recently I needed to call an external process after an iPhone app I have been working on finished loading uploading tracking information to a web server.

The way to do this is by creating a custom class and then calling that _NAME_AppDelegate.m file within your code, but what is an AppDelegate?

The AppDelegate just sits there doing nothing, waiting to be told that something potentially important has or will happen. The application/iPhone OS is the one doing the work and calling the AppDelegate when it has or will do something that the AppDelegate (and by extension, you) might want to respond to in your code.

Here is a complete scenario:

(Starting at the iPhone’s home screen)
1. A user taps on your app’s icon.
2. The iPhone OS loads your app into memory and whatever else it needs to run your app. At this point, the OS has control.
3. The iPhone OS finishes its launch procedure with your app, and is ready to hand over control to it.
4. The OS calls your AppDelegate’s applicationDidFinishLaunching method.
5. Your code is now in control, starting with whatever is in the applicationDidFinishLaunching method of your AppDelegate.
.
. (User uses the app for a while)
.
6. User taps on the Home button to quit your app.
7. Since your app has no direct way of knowing when the Home button is tapped, the iPhone OS sends an applicationWillTerminate message to your AppDelegate, so you can clean up any open files, etc. before the app quits.

There are also other notifications that your AppDelegate can receive between launching and quitting, such as if your app is about to run out of memory.

As with anything else its important to really understand the inner working of the iPhone before attempting to recover any data from it, as two things may happen: the device may be rendered useless or the data on it become contaminated which is just as bad when you are looking for evidence.

The iPhone runs a custom version of Mac OS X 10.5 (Leopard) with several differences which include:

1. an ARM architecture as opposed to the Intel x86 architecture used on desktop machines
2. special hardware including an accelerometer, proximity sensor, multi-touch capable screen and several radios including GSM, Wi-Fi and Bluetooth
3. a user interface framework built around the iPhone to accommodate the proprietary hardware
4. a signed kernel designed to prevent tampering

What can be recovered:

Information stored on the iPhone includes keyboard caches containing usernames, passwords, searches, and some history of what was ever typed on the phone.

Sections of map images from the phone’s Google Maps application, location searches and their coordinates can be found on the phone.

Browser cache and deleted items identifying what websites the user has visited.

Deleted voicemails, email and SMS messages can also be recovered.

A cache of screenshots of the user’s last activities which are kept to improve the experience of opening and closing applications.

Deleted images, address book entries, contacts, calendar events and other personal information can be recovered.

A very detailed call history list beyond what is visibly on the iPhone as well as deleted items from the history.

Disk Layout:

The iPhone uses a solid state NAND flash which is treated as a disk by storing a partition table and a formatted file system. Generally the iPhone will be configured with 2 partitions as shown below.

The first partition is the root which houses the operating system and all the preloaded applications on the iPhone. This partition is read-only and designed to stay like that. The size of the root partition varies depending on the version of the phone (size of the flash).

The remaining space is assigned to the user and is mounted as /private/var as shown above. This allows Apple to upgrade firmware of the devices without in theory touching the user data on the device.

To perform forensics on this type of environment we would need to make the root partition writable  to install forensics software in order to maintain the integrity of the data on the user’s data partition.

Communication:

The iPhone can communicate in multiple ways including the serial port, 802.11 Wi-Fi and Bluetooth. AFC or Apple File Connection is a serial protocol used by iTunes to connect to the iPhone and transfer everything from music to software upgrades.

iTunes is not allowed access to the whole iPhone but is rather placed in a jailed environment. People familiar with Linux will understand the term “jailed”, which in general terms mean restricting access and operations to a specific area within the target device.

The hacker community coined the term “jailbreaking” after successfully breaking out of this restricted environment allowing pirated apps to be installed on the phone and unlocking it to be used with other carriers.

The Firmware:

Apple provides firmware updates on a periodic basis which update the operating system, radio baseband and other device firmware. Although these updates have not resulted in loss of user data, it is not recommended that the firmware be upgraded during the forensics process.

With the explosion of mobile devices there is little doubt that the number of security incidents were a mobile device is involved will also increase exponentially.

My next couple of posts will look at what is takes to perform forensics on mobile devices targeting specifically the iPhone, the Blackberry and the Android platforms.

Some interesting statistics on the iPhone in particular and the number of them that AT&T activated in the last couple of years. As can be seen below the number of iPhones activated in the 3rd quarter 2009 was 3.2 millions devices in the US alone.

This doesn’t equate to iPhone’s sold because activations would also count dad’s giving their iPhone to their daughter and buying a new one for themselves, which would mean 2 activations but just one iPhone bought.

According to AT&T they added 2 million subscribers to that quarter. Nevertheless the evidence is there on an upward trend.

The graph below shows the how activations for the 1st quarter of 2010 rose by 50% over the previous quarter.

Working on multiple iPhone application projects and shortly looking at the iPad for other development opportunities, I found an excellent step by step guide on creating a development provisioning profile on http://devclinic.com by Kuix, that I thought I should share.

As simple as it may, I thought i’d contribute and write a tutorial on how to get your development application onto your testing device. Due to the exponential speed and memory differences between your development computer and an actual mobile device, it is very important for you to test your application on a mobile device.

Step 1: Certify
This is the hardest step, so please follow the steps closely.
Open Keychain Access application, inside your Application->Utilities folder. Click on Keychain Access->Certificate Assistant->Request a certificate from a certificate Authority… Enter your email, your name, and for CA Email i used my email again(the last one don’t really matter, for these purposes, but it’s required). Choose Saved to disk and click continue. It will then, by default save to your desktop.

Open up Apple Developer Connection inside your browser and login. Go to the Program Portal section and click on Certificates. Choose add certificate. The page will basically tell you to do what i just told u. scroll all the way to the bottom, where you will upload and submit that new certificate, from your desktop. Now your certificate needs to be approved by you/administrator. Simply click on approve, where your certificate is pending. Now, you will have the option of downloading your approved certificate. Download that, and the WWDR intermediate certificate, linked below your certificate. double click on both downloaded certificates to install them into your Keychain. Use login, instead of System, for both.

Once that is done, move on.

Step 2: Device
Now click on Devices. Here you will get your mobile device recognized as a development device. You can develop your app on either an iPhone or an iPod Touch. Open xCode, and go to Window->Organizer Here you will see the device that is currently connected to your computer. notice the long ass identifier key for Identifier:. now inside your program portal, click on Add Devices. you will make up a device name and then copy past that identifier value, you stole from the xCode organizer. Submit.

Step 3: App IDs
Next step: click on the link App IDs from the left hand side, then New App Id. The Description is for your sake, so you know what the ID is for. Choose Generate New, and for Bundle Identifier, it’s like writing an URL backwards.
com.yourCompanyName.AppName then submit that.

Step 4: Provisioning Profile
Almost done! Go to Provisioning page, then New Profile.Choose a memorable profile name. check the box for your approved certificate. Choose your App ID, created from step 3. check the box for your development device. Submit. Now you can download your provisioning profile. Go back to your xCode organizer and add your provisioning profile into the Provision section, under Devices.

Step 5: Load it!
In your app, go to Resources->appName-info.plist Where it says Bundle identifier, change the value to what you entered for your app ID:com.yourCompanyName.AppName.

On the top left hand corner, in the drop down menu, choose Device – 3.0 (if you’re running 3.0 firmware). Build and Go.
If you’ve done everythign correctly, it will build successfully, and your app will be now on your mobile device!

I know it’s a lot of writing, but every step is pertinent. Good luck, guys=)

~Kuix

Its been a long time since my last post. Suffice to say that I have been extremely busy after reaching an inflection point in my life and am working on very exciting and promising projects.

MUST SEE. SIMPLY AWESOME.

Related articles by Zemanta

• Apple unveils new iPhone without Steve Jobs (mycompuquest.blogspot.com)

Tim Ferriss and Kevin Rose discuss their top 5 Must Read Books.

Random w/ Tim and Kevin – Ep3 from Glenn McElhose on Vimeo.

I endorse the following:

• The 22 Immutable Laws of Marketing
  
• Getting Real
• The Tipping Point: How Little Things Can Make a Big Difference

Other books on my reading list this year.

• The Knack
• The Integrity Dividend: Leading by the Power of Your Word
• The Trophy Kids Grow Up: How the Millennial Generation is Shaking Up the Workplace
• Mastering the Hype Cycle: How to Choose the Right Innovation at the Right Time (Gartner)
• Talent Is Overrated: What Really Separates World-Class Performers from Everybody Else
• Inside Drucker’s Brain
• Tribes: We Need You to Lead Us
• High Altitude Leadership: What the World’s Most Forbidding Peaks Teach Us About Success
• Plugged In: The Generation Y Guide to Thriving at Work
• Content Nation: Surviving and Thriving as Social Media Changes Our Work, Our Lives, and Our Future
• Smart Networking: Attract a Following In Person and Online
• Making Technology Investments Profitable: ROI Road Map to Better Business Cases
• Strategic Alliances: Three Ways to Make Them Work (Memo to the Ceo)
• Reward Systems: Does Yours Measure Up? (Memo to the CEO)
• Wargaming for Leaders : Strategic Decision Making from the Battlefield to the Boardroom

Seven ways to achieve customer service.

Do you know any others?

1. Focus on the wants of the customer
2. Make your effort about fulfilling their need, not having them do what you want
3. Listen don’t hear
4. Determine what action(s) you need to perform to fulfill the customer’s expectations
5. Go above and beyond what is necessary to get the job done
6. Follow-up to ensure the customer is satisfied with the result you have achieved
7. Determine if there is there anything else you can do to make the customer happier?

So funny. MUST SEE.