Is Attestation All We Need? Fooling Apple's AppAttest API

Is Attestation All We Need? Fooling Apple's AppAttest API

Hack In The Box Security Conference via YouTube Direct link

Risk Metric

18 of 36

18 of 36

Risk Metric

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Is Attestation All We Need? Fooling Apple's AppAttest API

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Igors background
  3. 3 Agenda
  4. 4 Coverage
  5. 5 Clientside protections
  6. 6 What is tampering
  7. 7 Antitampering methods
  8. 8 Resource integrity check
  9. 9 Trust
  10. 10 AppAttest API
  11. 11 Sample App
  12. 12 Generate Initial Key
  13. 13 Generate Hash Value
  14. 14 TestKey Function
  15. 15 Apples Server
  16. 16 AppAttest Object
  17. 17 Validation Steps
  18. 18 Risk Metric
  19. 19 Assertion Object
  20. 20 Verification
  21. 21 Assertion Object Validation
  22. 22 Does it mean we are protected
  23. 23 Not clear acceptance
  24. 24 Possible hooking patching
  25. 25 Bypass scenarios
  26. 26 Bypass Scenario 1
  27. 27 Bypass Scenario 2
  28. 28 iOS Versions
  29. 29 Validation
  30. 30 Benefits
  31. 31 Limitations
  32. 32 Should you implement it
  33. 33 Caveats
  34. 34 In conclusion
  35. 35 Resources
  36. 36 Thank you

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.