DVIA icon indicating copy to clipboard operation
DVIA copied to clipboard
verified publisher icon prateek147

SensitiveInformationDetailsVC Compiler Optimization

Open chriszielinski opened this issue 8 years ago • 0 comments

Compiler optimization strips the initialization of passwd within initializeLogin. Consequently, searching for it in the heap is futile. Below is the disassembled method from the included .ipa:

screen shot 2017-10-09 at 2 15 52 am

Tagging the variable volatile wasn't enough, but returning the pointer sufficed to throw the compiler off.

-(NSString *)initializeLogin {
    //DO random stuff
    NSString *passwd = @"MYw0r1d1821";
    //Finish doing random stuff
    return passwd;
}
screen shot 2017-10-09 at 3 07 49 am

screen shot 2017-10-09 at 3 10 38 am

chriszielinski avatar Oct 09 '17 10:10 chriszielinski