Update 3 on iOS smart home application analysis

During the past weeks, I have been focusing on exploring smart home apps in their assembly form. Specifically, I was trying to find out the exact implementation of SSL/TLS trust. However, I realized after two days that this is not going anywhere. This is due mostly because the assembly form of any of the smart home apps is packed with library functions and regular functions by the nature of smart home apps. As soon as I realize this, I tried to readjust myself, and approach this problem from another angle instead of trying to brute force my way through the assembly code. I first constructed a flow chart demonstrating how applications are connecting to the web in general. Then I listed out all the possible ways that could be potentially go wrong. This helped my narrow down the list of options and the areas I have to research in detail. I also realized that this could potentially be applied to every app, so that’s pretty cool.

In the next couple of weeks, I will perform dynamic analysis to see which applications is not doing certificate pinning correctly using MITM attack. This result will serve as our true positive/negative when we compare it to the result from the static analysis portion. There are some challenges I have faced during the dynamic analysis. When I tried to install bettercap on Windows, I had faced many challenges as later I found out that it is not fully supported for Windows… In addition, when I installed on my Linux, I had trouble getting the full functionality as the documentation did not specify that we also needed to install Ruby and some gems related to bettercap. Before I tried to install bettercap on my Linux system, I tried to install another tool called Cain and Abel. Cain & Abel is a tool that is well known product, however, when I tried to install it from the official website, every browser I have marked this tool as a virus and automatically deleted it from my computer (I even tried I.E.)…

I will also be using another tool published from a more recent paper to help with my static analysis. This tool can essentially transform the binary code into a higher level language, and thus make the static analysis more feasible. However, this tool require a MacOS, we placed an order of a Mac Mini on Tuesday, and we hope to get it by the end of the week so we can start with our static analysis then.


  1. jnelkayam says:

    Your work here is getting very interesting! I’m impressed that you were even able to spend two full days attempting to reverse-engineer assembly code– I’m sure you encountered how obtuse and compiler-dependent assembly tends to be; that’s led to a lot of frustration in my experiences. I’m curious about the dynamic analysis tools you’ve mentioned here. What are their main functions/features, and how do they evaluate security in smart-home apps? For Cain & Abel, do you have any impressions of whether the program’s features and/or analysis methods raise false signs of danger for your browsers’ antivirus software? I anticipate seeing where your analysis takes you!

  2. I am glad you are interested in this topic, I have updated a newer post about what I did in last week and plans for this week, you can check it out here: Update 4

    As for Cain & Abel, I didn’t search too deep about why it was marked as a virus, one possibility I think is that if a user have it on their computer without willingly installed it, then the possibility of it been use as a virus is extremely high, since Cain & Abel has the ability to crack password and monitor local network activity.