saucelabs/ios-codingchallenge

Name: ios-codingchallenge

Owner: Sauce Labs

Description: Coding Challenge for iOS Reverse Engineering

Created: 2018-01-30 09:46:29.0

Updated: 2018-01-30 09:46:29.0

Pushed: 2018-01-30 16:33:59.0

Homepage: null

Size: 3420

Language: null

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

ios-codingchallenge

Coding Challenge for iOS Reverse Engineering

Outline of the challenge:

Welcome to the awesome Sauce Labs coding challenge for the iOS Developer position for the Real Device Cloud team. This challenge is supposed to check if you can adapt to new situations quickly and solve tricky problems like we do on a daily basis :-) The challenge might seem like a lot to do in only two hours and that is intentional. Do not worry if you cannot manage to complete all of the tasks, we do not expect you to!

The next section provides suggestions for tools that will enable you to solve the challenge. Although, if you chose a different approach and/or different tools that is absolutely fine! Reverse Engineering is all about trying different approaches and we like to be surprised :-)

Things you need before getting started:

• Solid ObjectiveC coding skills

• A Macintosh running OS X

• An installation of Java 8 on your Mac

• A clone of this repository

• Make sure you have a good Hex Editor, I recommend iHex (https://itunes.apple.com/us/app/ihex-hex-editor/id909566003?mt=12) which is available for free in the Mac AppStore. Of course feel free to use your own favorite editor.

• You will most likely need a decent disassembler for this challenge. I recommend https://www.hopperapp.com/ . The free trial will be enough for this challenge.

• please run mkdir /private/tmp/codingchallenge and touch /private/tmp/codingchallenge/1337unixdomainsocket.sock in a console window to set up the file for a unix domain socket

• run java -jar 1337server.jar the server should welcome you with a message in the commandline telling you that it is listening for connections. It is okay to restart the server if you should need to do so.

One last thing before you start

Please read the tasks carefully and then you are good to go! The time you have is limited to a maximum of two hours. If you manage to solve all the tasks before that, congratulations! If you cannot complete all of the tasks in time, don't worry as this challenge is about how you solve problems and how you prioritize rather than solving every last bit.

---

Challenge

Introduction

The situation is tough, Apple has a great server solution, the 1337-Server, for controlling iOS devices but sadly they use the proprietary LeetProtocol. The protocol is closed source and there is no documentation for it. Therefore the only way to create the functionality we need so desperately is to reverse engineer the protocol. We put our faith in your skills to do it! Solve as many tasks as you can in two hours.

Tasks

1. In iHEX or a Hex Editor of your choice, open the files message1.bin and message2.bin. They contain a binary dump of two different Leet Protocol Messages we caught. We know that Leet Protocol Messages are all created with the same format. From the two examples you have, please describe in a document what you see and if you can make conclusions about the structure of Leet Protocol Messages.
2. With a programming language of your choice (preferably Swift or ObjectiveC), create a small command line tool that sends these example messages as a binary stream(you can send them as they are, no decoding needed for now) to the server. Try to make sense of the responses. Note that the server listens on a unix domain socket located in your file system at /private/tmp/codingchallenge/1337unixdomainsocket.sock which means that your client will need to connect to that socket.
3. Hint 1: If you cannot think of an easy way to connect to a unix domain socket, maybe you can find a way to use socat to forward the socket to a TCP socket instead.
4. We were able to extract a binary executable file, the “WifiStateChanger”, from Apples Leet SDK Image. The executable connects to the server and changes the WifiState of connected devices! Run it a few times and describe what you see very briefly.
5. Open the “WifiStateChanger” with hopper. Can you find out what a LeetMessage to retrieve the WifiState of a single device should look like? Write down in a clear way what you think the message format is. Modify the command line tool you wrote, so it can decode and pretty print messages to the console.
6. Hint 1: Hopper has a pretty cool way of turning assembly into a pseudo C code, make sure you enable it!
7. Hint 2: check out the method -[ClientConnection sendMessageToGetASingleDeviceWithUID:]
8. Hint 3: Strings are your friend, search for them :-)
9. There is probably a way to enable Wifi for a device! It would be really 1337 if we had that in our device cloud! Can you find out how to create a Message to enable Wifi for devices?
10. Whoops, there seems to be a security mechanism in place :'( Can you briefly describe how it works?
11. We now have everything we need to reimplement WifiStateChanger! Yey!! Please go ahead and do that in a programming language of your choice (preferably Swift or ObjectiveC).