Documentation: IPC



URL Handlers

The URL handler tab provides two main functions. The first tab ‘URL Schemes’ can be used to list all URL schemes registered by the application. By clicking an entry in the list, it is transferred to the text box on the right side. Using that text box any URL handler can be invoked on the device. Simply enter the URL and click the ‘Open’ button. Note that the device needs to be unlocked for the URL handler to trigger correctly.

Listing Registered URL Schemes

Basic Fuzzer

Input received via URL schemes is often used in unsafe ways which can lead to vulnerabilities including logic flaws and memory corruption. idb includes a basic fuzzer that can be used to fuzz input data via URL schemes. On the ‘Fuzzer’ tab, the list on the upper left holds the list of fuzzz strings. Below, is a text box to specify the fuzz template. Use $@$ to mark potential injection points. For example, if a valid URL is

1
dvia://configure?input1=hello&input2=woot

you could specify

1
dvia://configure?input1=$@$&input2=$@$

as the template to fuzz both of the intended inputs (of course you can fuzz any part of the URL you like). For each position, idb will cycle through all the possible fuzz inputs and launch the URL handler (which launches the app) and then wait for a few seconds before killing it. In order to detect a crash, idb monitors the /var/mobile/Library/Logs/CrashReporter folder for new crash reports for the application in question.

The fuzz results re displayed on the right side: for each input, a Boolean value indicates if the app crashed (true) or not (false). If a crash occurred, the crash report can be viewed using the XCode Organizer or similar tools. Obviously, there is plenty of room for improvements here.

Example URL Scheme Fuzzer run

Pasteboard Monitor

The right-most tab provides a way to monitor the iOS Pasteboard in near real-time. By default, only the main (default) pasteboard is monitored. By adding additional pasteboard names to the list on the right side, also private pasteboards can be monitored. After clicking the start button, a custom utility will watch for any changes to the iOS pasteboards. If a change is detected, the new pasteboard value and the corresponding time stamp are displayed on the left side of the tab.

iOS Pasteboard

In order to monitor the pasteboard, idb uses a small helper utility which is available at: https://github.com/dmayer/pbwatcher