{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
Code and more information in https://mas.owasp.org/MASTG/iOS/0x06h-Testing-Platform-Interaction/#object-persistence.
In iOS, object serialization involves converting objects into a format that can be easily stored or transmitted, and then reconstructing them from this format when needed. Two main protocols, NSCoding
and NSSecureCoding
, facilitate this process for Objective-C or NSObject
subclasses, allowing objects to be serialized into NSData
, a format that wraps byte buffers.
To implement NSCoding
, a class must inherit from NSObject
or be marked as @objc
. This protocol mandates the implementation of two methods for encoding and decoding instance variables:
class CustomPoint: NSObject, NSCoding {
var x: Double = 0.0
var name: String = ""
func encode(with aCoder: NSCoder) {
aCoder.encode(x, forKey: "x")
aCoder.encode(name, forKey: "name")
}
required convenience init?(coder aDecoder: NSCoder) {
guard let name = aDecoder.decodeObject(forKey: "name") as? String else { return nil }
self.init(x: aDecoder.decodeDouble(forKey: "x"), name: name)
}
}
To mitigate vulnerabilities where attackers inject data into already constructed objects, NSSecureCoding
offers an enhanced protocol. Classes conforming to NSSecureCoding
must verify the type of objects during decoding, ensuring that only the expected object types are instantiated. However, it's crucial to note that while NSSecureCoding
enhances type safety, it doesn't encrypt data or ensure its integrity, necessitating additional measures for protecting sensitive information:
static var supportsSecureCoding: Bool {
return true
}
let obj = decoder.decodeObject(of: MyClass.self, forKey: "myKey")
NSKeyedArchiver
and its counterpart, NSKeyedUnarchiver
, enable encoding objects into a file and later retrieving them. This mechanism is useful for persisting objects:
NSKeyedArchiver.archiveRootObject(customPoint, toFile: "/path/to/archive")
let customPoint = NSKeyedUnarchiver.unarchiveObjectWithFile("/path/to/archive") as? CustomPoint
Swift's Codable
protocol combines Decodable
and Encodable
, facilitating the encoding and decoding of objects like String
, Int
, Double
, etc., without extra effort:
struct CustomPointStruct: Codable {
var x: Double
var name: String
}
This approach supports straightforward serialization to and from property lists and JSON, enhancing data handling in Swift applications.
Beyond native support, several third-party libraries offer JSON and XML encoding/decoding capabilities, each with its own performance characteristics and security considerations. It's imperative to carefully select these libraries, especially to mitigate vulnerabilities like XXE (XML External Entities) attacks by configuring parsers to prevent external entity processing.
When serializing data, especially to the file system, it's essential to be vigilant about the potential inclusion of sensitive information. Serialized data, if intercepted or improperly handled, can expose applications to risks such as unauthorized actions or data leakage. Encrypting and signing serialized data is recommended to enhance security.
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.