Archive for August 4, 2021

Wednesday, August 4, 2021

Scanning Your iPhone for Pegasus

Arkadiy Tetelman (via Hacker News):

As part of the investigation, Amnesty International wrote a blog post with their forensic analysis of several compromised phones, as well as an open source tool, Mobile Verification Toolkit, for scanning your mobile device for these indicators. MVT supports both iOS and Android, and in this blog post we’ll install and run the scanner against my iOS device.

Gregorio Zanon:

After studying the Mobile Verification Toolkit’s Python code, my colleagues and I quickly realized how uniquely positioned we were to facilitate the process even further. iMazing is built on a toolkit which was developed and refined over a decade for the purpose of simplifying iOS backups, file transfers and local device management tasks. It would therefore be possible to relatively quickly re-implement MVT’s methodology in our toolkit, and integrate a user-friendly ‘wizard’ in iMazing’s user interface. And because iMazing can already perform iOS backups and decrypt backup files, the tool we envisaged had the potential to dramatically reduce the technical barrier of entry whilst enhancing performance and promoting backup encryption.

At the same time, we started getting Pegasus-related requests from current iMazing users, and noticed increasing interest in MVT from a public not always tech-savvy enough to successfully run its command-line tools. We took the plunge, shifting most of our Windows and macOS development resources to the realisation of a fully integrated equivalent in iMazing. Today, we are releasing the result of that work as a free feature in iMazing 2.14. No setup or prior backup is required – all it takes to get started is to launch iMazing, connect an iPhone and select the Detect Spyware action[…]



Keith Smiley:

As of macOS Big Sur, instead of shipping the system libraries with macOS, Apple ships a generated cache of all built in dynamic libraries and excludes the originals. This tool allows you to extract these libraries from the cache for reverse engineering.


This tool loads the private dsc_extractor.bundle from Xcode, meaning whichever it should always be able to extract the newest versions of the file for beta OS versions.

This logic is based on the function at the bottom of dyld3/shared-cache/dsc_extractor.cpp from the dyld source dump.


Lists of Swift Attributes

Swift Language Reference:

There are two kinds of attributes in Swift—those that apply to declarations and those that apply to types. An attribute provides additional information about the declaration or type. For example, the discardableResult attribute on a function declaration indicates that, although the function returns a value, the compiler shouldn’t generate a warning if the return value is unused.

Underscored Attributes Reference (via Slava Pestov):

This document is intended to serve as a counterpart describing underscored attributes, whose semantics are subject to change and most likely need to go through the Swift evolution process before being stabilized.

There are also @inline(__always) and @inline(never), which are not documented above, but which are discussed here and here.


Swift “guard” Capture Specifier Pitch

Cal Stephens (tweet):

guard captures behave like weak captures (e.g. guard captures do not retain the captured value), but the closure body is only executed if the captured objects still exist.


As of SE-0269, strong and unowned captures of self enable implicit self calls within the body of escaping closures. This is not straightforward to support for weak closures in the general case, and was intentionally excluded from SE-0269.


guard let value = value else { return } is quite a bit of boilerplate in this context.