iOS模拟应用程序和日志事件

本文介绍了iOS模拟应用程序和日志事件的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我想安装和模拟iOS应用程序并查找其恶意软件意图.看看是否连接到IP地址，下载内容，API调用日志等等，等等……它在系统上所做的所有事情. iOS Simulator是否记录此事件，或者是否有任何在线项目来执行此操作.如果不是，那我应该从头开始做，您对如何做有任何建议吗?我只有应用程序文件，而不是整个Xcode项目. 我所拥有的只是一堆我必须测试的应用程序(而不是项目).我想要的只是运行它们并以自动方式记录它们的操作.就像在虚拟机上运行Windows应用程序并记录api跟踪，Internet连接，内存，注册表，磁盘操作...以自动化方式一样. 谢谢</pre>

I want to install and simulate iOS applications and find their malware intentions. See if connects to an IP address, downloads something, API call logs and soo on... kind of everything it does on the system. Does iOS Simulator log this events, or is there any online project that does that. If not then I should do it from scratch, do you have any advice how to do this?I only have the application file, not the entire Xcode project. ALL i have is a bunch of applications(not the projects) that i have to test. All i want is to run them and log their actions in an automated way. Just like running a windows application on a virtual machine and log api trace, internet connections, memory, registry, disk actions... IN AN AUTOMATED WAY. Thank you</pre>

推荐答案

您可以使用任何类型的数据包嗅探工具轻松地跟踪Internet活动.这是一种实现方法的链接: blog.jerodsanto/2009/06/sniff-your-iphones -network-traffic/ [ ^ ] 如果您拥有的只是iOS应用程序本身，那么您将无法在Xcode附带的iPhone模拟器"上运行它-仅运行针对该模拟器编译的代码(x86代码)，而不会不能运行包含ARM代码的原始.ipa文件. 如果您严格担心恶意软件，那么在非越狱的手机上，该应用程序只能在应用程序沙箱中运行-在沙箱中，应用程序无法执行很多恶意操作.因此，跟踪互联网活动就足够了. 您还可以使用此处讨论的技术在应用程序中扫描api调用: stackoverflow/questions/7031356/finding-private-api-call-terminatewithstatus [^ ] 或使用此实用程序: www.chimpstudios/appscanner/ [ ^ ] 注意:逆向工程代码的静态分析实际上可能是确定恶意意图的一种比任何数量的模拟更好的方法.根据触发恶意代码的原因，您可能永远不会在模拟器下运行时实际运行恶意有效负载. You can easily track internet activity with any sort of packet sniffing tool. Here''s a link to one way to do it: blog.jerodsanto/2009/06/sniff-your-iphones-network-traffic/[^] If all you have is the iOS application itself, you won''t be able to run it on the iPhone "simulator" that comes with Xcode -- that only runs code that has been compiled for the simulator (x86 code), it doesn''t run the acutal .ipa files that contain the ARM code. If you are strictly worried about malware, on a non-jailbroken phone, the app will only run in the application sandbox -- there isn''t much an application can do from within the sandbox that would be malicious. So tracking the internet activity should be enough. You can also scan the app for api calls using either the techniques discussed here: stackoverflow/questions/7031356/finding-private-api-call-terminatewithstatus[^] Or using this utility: www.chimpstudios/appscanner/[^] NOTE: Static analysis of reverse engineered code might actually be a better method of determining malicious intent than any amount of simulation. Depending on what triggers the malicious code, you might never actually run the malicious payload when you run under a simulator.