iOS UIActivity Sharing

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Kuanzia iOS 6 na kuendelea, programu za upande wa tatu zimewezeshwa kushiriki data kama vile maandiko, URLs, au picha kwa kutumia mifumo kama AirDrop, kama ilivyoelezwa katika mwongozo wa Inter-App Communication wa Apple. Kipengele hiki kinajitokeza kupitia karatasi ya shughuli za kushiriki inayojitokeza unaposhughulika na kitufe cha "Share".

Orodha kamili ya chaguo zote za kushiriki zilizojengwa ndani inapatikana kwenye UIActivity.ActivityType. Wataalamu wa programu wanaweza kuchagua kutengwa kwa chaguzi maalum za kushiriki ikiwa wanaona hazifai kwa programu yao.

Jinsi ya Kushiriki Data

Umakini unapaswa kuelekezwa kwa:

Aina ya data inayoshirikiwa.
Kuongeza shughuli za kawaida.
Kutengwa kwa aina fulani za shughuli.

Kushiriki kunarahisishwa kupitia uundaji wa UIActivityViewController, ambapo vitu vinavyokusudiwa kushirikiwa vinapitishwa. Hii inafanywa kwa kuita:

$ rabin2 -zq Telegram\ X.app/Telegram\ X | grep -i activityItems
0x1000df034 45 44 initWithActivityItems:applicationActivities:

Developers should scrutinize the UIActivityViewController for the activities and custom activities it's initialized with, as well as any specified excludedActivityTypes.

Jinsi ya Kupokea Data

The following aspects are crucial when receiving data:

The declaration of aina za hati za kawaida.
The specification of aina za hati ambazo programu inaweza kufungua.
The verification of the uaminifu wa data iliyopokelewa.

Without access to the source code, one can still inspect the Info.plist for keys like UTExportedTypeDeclarations, UTImportedTypeDeclarations, and CFBundleDocumentTypes to understand the types of documents an app can handle and declare.

A succinct guide on these keys is available on Stackoverflow, highlighting the importance of defining and importing UTIs for system-wide recognition and associating document types with your app for integration in the "Open With" dialogue.

Dynamic Testing Approach

To test kutuma shughuli, one could:

Hook into the init(activityItems:applicationActivities:) method to capture the items and activities being shared.
Identify excluded activities by intercepting the excludedActivityTypes property.

For kupokea vitu, it involves:

Sharing a file with the app from another source (e.g., AirDrop, email) that prompts the "Open with..." dialogue.
Hooking application:openURL:options: among other methods identified during static analysis to observe the app's response.
Employing malformed files or fuzzing techniques to evaluate the app's robustness.