|
|
|
|
|
|
by alyssam_infosec
2130 days ago
|
|
|
I've been looking but haven't found a good systematic way to review code to find this. In the case of Mintegral, there were a number of obfuscations to make it difficult to recognize. Swizzling, while a bad practice in general, can be done for legitimate reasons. So you need to be able to detect what method they're looking up with _method_getImplementation and changing with _method_setImplementation which is the part that can be difficult. So far, I've found one old project in GitHub from 2016 that was designed to do this. However it's stale and I haven't had a chance to review it yet to see how effective it is. |
|
|