3.4. Exercises

• Modify the DataTheft payload to omit the /private/var/mobile/Media directory from the tar archive, but send all other files. The Media directory contains photos, music, and other large files, which can slow down a transfer. By not transferring these, you’ll be able to lift data from the device much faster, even on devices filled up with music.

• Modify the DataTheft payload to test for the existence of sh, tar, and libncurses on the device. They will likely exist on a jailbroken device. If the files do exist, modify the payload to move them out of the way and replace them with your own, then put them back after your transfer has completed. If they do not exist, your payload should delete your own copies of these binaries to avoid leaving any trace evidence that the payload ran.

• Experiment with different external executable files instead of tar. Use the otool utility to determine which libraries the zip program needs to run, by analyzing it with the -L flag. Modify your code to use it. This will compress data as it’s transferred to the desktop, which may speed up your transfer considerably.

• Modify the RawTheft payload to send the root filesystem.

• What happens if you modify the RawTheft payload to specify other filenames on the filesystem instead of raw devices?

• Incorporate hashing such as sha1 and md5 into your payload, so that a hash of the data is created on the fly. Check the hashes to ensure that the data transfer did not change the contents.