Add demo

OWASP · Jan 13, 2025 · c629de3 · c629de3
1 parent 5ab405d
commit c629de3
Show file tree

Hide file tree

Showing 6 changed files with 73 additions and 0 deletions.
diff --git a/demos/ios/MASVS-PLATFORM/MASTG-DEMO-0021/MASTG-DEMO-0020.md b/demos/ios/MASVS-PLATFORM/MASTG-DEMO-0021/MASTG-DEMO-0020.md
@@ -0,0 +1,30 @@
+---
+platform: ios
+title: References to Screen Capturing API
+code: [swift]
+id: MASTG-DEMO-0020
+test: MASTG-TEST-0240
+---
+
+### Sample
+
+{{ MastgTest.swift }}
+
+### Steps
+
+1. Unzip the app package and locate the main binary file (@MASTG-TECH-0058), which in this case is `./Payload/MASTestApp.app/MASTestApp`.
+2. Open the app binary with @MASTG-TOOL-0073 with the `-i` option to run this script.
+
+{{ screen-capture.r2 }}
+
+{{ run.sh }}
+
+### Observation
+
+The output contains all uses of [sceneCaptureState](https://developer.apple.com/documentation/uikit/uitraitcollection/scenecapturestate) and [isCaptured](https://developer.apple.com/documentation/uikit/uiscreen/iscaptured) functions in the binary.
+
+{{ output.txt }}
+
+### Evaluation
+
+The test succeeds because the app contains API that detects screen capturing. It's difficult to say whether the app actually uses this API but its presence indicates that the developer is aware of this API.
diff --git a/demos/ios/MASVS-PLATFORM/MASTG-DEMO-0021/MASTestApp b/demos/ios/MASVS-PLATFORM/MASTG-DEMO-0021/MASTestApp
diff --git a/demos/ios/MASVS-PLATFORM/MASTG-DEMO-0021/MastgTest.swift b/demos/ios/MASVS-PLATFORM/MASTG-DEMO-0021/MastgTest.swift
@@ -0,0 +1,33 @@
+import SwiftUI
+
+struct MastgTest {
+
+  static func mastgTest(completion: @escaping (String) -> Void) {
+    // Check if screen is recorded
+    if #available(iOS 17.0, *) {
+      if let scene = UIApplication.shared.connectedScenes.first as? UIWindowScene {
+        let state = scene.keyWindow?.traitCollection.sceneCaptureState
+        switch state {
+          case .active:
+            completion("Scene is actively being captured")
+
+          case .inactive:
+            completion("Scene capture is inactive")
+
+          case .none:
+            completion("Scene capture cannot be identified inactive")
+
+          case .some(_):
+            completion("Scene capture cannot be identified inactive")
+          }
+      } else {
+        if UIScreen.main.isCaptured{
+          completion("Scene is actively being captured")
+        }
+        else{
+          completion("Scene capture is inactive")
+        }
+      }
+    }
+  }
+}
diff --git a/demos/ios/MASVS-PLATFORM/MASTG-DEMO-0021/output.txt b/demos/ios/MASVS-PLATFORM/MASTG-DEMO-0021/output.txt
@@ -0,0 +1,2 @@
+1   0x00008a80 0x100008a80 10  11   8.__TEXT.__objc_methname ascii isCaptured
+6   0x00008abe 0x100008abe 17  18   8.__TEXT.__objc_methname ascii sceneCaptureState
diff --git a/demos/ios/MASVS-PLATFORM/MASTG-DEMO-0021/run.sh b/demos/ios/MASVS-PLATFORM/MASTG-DEMO-0021/run.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+r2 -q -i screen-capture.r2 -A MASTestApp > output.txt
diff --git a/demos/ios/MASVS-PLATFORM/MASTG-DEMO-0021/screen-capture.r2 b/demos/ios/MASVS-PLATFORM/MASTG-DEMO-0021/screen-capture.r2
@@ -0,0 +1,6 @@
+e asm.bytes=false
+e scr.color=false
+e asm.var=false
+
+iz | grep objc | grep isCaptured
+iz | grep objc | grep sceneCaptureState
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		1 0x00008a80 0x100008a80 10 11 8.__TEXT.__objc_methname ascii isCaptured
		6 0x00008abe 0x100008abe 17 18 8.__TEXT.__objc_methname ascii sceneCaptureState
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		#!/bin/bash
		r2 -q -i screen-capture.r2 -A MASTestApp > output.txt