NHSx COVID-19 Contact Tracing App: An analysis

Previously I have discussed the paper released by Apple and Google covering their own implementation of a Contact Tracing system, known as ExposureNotification. Their approach was both an Operating System level implementation, and an API (accessible by entitlement only). Apple released a beta version of the Framework with iOS 13.5 Beta 3, along with more documentation, sample code, and an Xcode/SDK update for actively using it within apps.

Brief Analysis of Apple & Google’s Contact Tracing specification.

We are currently in the midst of the Coronavirus Pandemic. SARS-Cov-2, or COVID-19 as it’s more commonly known, has been with us for a while now. Contact tracing was the practice of scrambling to find those who had come into contact with the early cases, but once cases begun rapidly accelerating this was mostly abandoned.

Handling Kernel Extensions in HTool

As part of HTool I wanted to add in-depth analysis of iOS Kernel Caches - especially Kernel Extensions. The iOS version of XNU differs from that of macOS as the kernel is instead shipped as a cache file, rather than a simple executable binary. The kernelcache differs from the standalone kernel as instead of shipping seperate .kext Mach-O files in a seperate directory, which the Kernel then searches for and load’s, iOS kernelcache’s have all the extensions bundled into the same Mach-O file. This is similar to how all libraries are merged into the dyld_shared_cache.

HTool Beta 1 & Libhelper Release.

I don’t intend for this to be a long post, just a quick announcement. HTool has been released! Beta 1 is available for download here with detailed usage information and download links for both macOS and iOS. Linux support is planned, but not for the next few beta’s.

Mach-O Helper Toolset.

As some of you may have already been aware, for the past few weeks I have been working on Libhelper. This is a small library aimed at assisting the handling and parsing of Mach-O files, Image4 files and other things related to iOS Security analysis.

Mach-O File Format: Introduction

I’ve recently been working a lot with parsing Mach-O files, so I’m begining to understand in a fair bit of detail how they are structured and how they work. I’ve been developing a library, called libhelper, which can parse Mach-O files. Libhelper-macho also powers Img4helper, and HTool.