AppleIDAuthAgent is a service that exists on iOS that appears to handle actions regarding a users Apple ID, including iCloud information linked to that account. It runs an XPC service known as com.apple.coreservices.appleid.authentication, which could be accessed by any application. When looking around how the service was handling incoming XPC…

About 4 weeks ago, Hacker1 held their h1702ctf as a qualifier for the main h1702 event in Las Vegas later this month. The theme of this CTF was mobile applications, specifically applications on iOS and Android. I managed to be the 6th person to complete all the challenges. …

I was wondering on GitHub one day when I saw this project called Electrino which happened to be rising up in the trending page. I decided to take a quick look at it, and discovered it was a project that aimed to use native web browser frameworks, rather than bundling…

webinspectord is the service in charge of all operations related to the use of the ‘Web Inspector’ on iOS. It runs an XPC service known as com.apple.webinspector. Note: All of the info I mention below is from webinspectord on iOS 10.2 IPSW. From what I’ve seen, 10.3+ …

Note: This article at the beginning is more for beginners. I discuss more about XPC further down the article. And so the long journey begins. For you and for me. In summary, I decided to embark on a journey the entirely long way. I’ve received advice from lots of security…

With the reveal of iOS 10, some jailbreak developers have been trying to get dylib injection so they can either test existing tweaks or do some research. The best way to do this is heavily based on friggog’s method. With some modifications, you can easily do this with iOS 10. …