# Ivan's Blog > Tech, Mobile, Hacking, Crypto(graphy), Security and Privacy. The full markdown of every post, concatenated into one document, is at https://ivrodriguez.com/llms-full.txt ## Posts - [Dissecting the Malware Injected Into My Own Ghost Blog](https://ivrodriguez.com/dissecting-the-malware-injected-into-my-ghost-blog/): tl;dr: I had not looked at my blog in months and found a malicious script injected into every post through the Ghost Admin API. What it does, and how I removed it. - [Why embedding secrets in mobile apps is not a good idea](https://ivrodriguez.com/why-embedding-secrets-in-mobile-apps-is-not-a-good-idea/): This is a somewhat complicated topic to cover, but I'll try to go into detail on why, generally, this is not a good idea and you should avoid embedding secrets… - [About Canada's COVID Alert application](https://ivrodriguez.com/about-canadas-covid-alert-application/): Disclaimer: First of all, I'm not writing on behalf of any entities involved in the development of the COVID Alert application. This is my take as a software… - [OPSEC tips for the general public](https://ivrodriguez.com/opsec-tips-for-the-general-public/): It's always a good idea to properly configure your computer and smartphone, know how to securely communicate with others and how to read, write and share… - [Is the Guatemalan government asking citizens for their location to show them ads?](https://ivrodriguez.com/alerta-guate-analysis/): On Tuesday March 24th 2020, the president of Guatemala Alejandro Giammattei announced [https://twitter.com/DrGiammattei/status/1242828589524848643] that his… - [Advice for Targets of Mobile Spyware](https://ivrodriguez.com/advice-for-targets-of-mobile-spyware/): After publishing a blog post on spouseware [https://ivrodriguez.com/analyzing-ios-stalkerware-apps/], I started receiving many interesting messages about… - [Introducing security.plist](https://ivrodriguez.com/introducing-security-plist/): tl;dr It's like security.txt [https://securitytxt.org/] but for iOS applications [https://securityplist.ivrodriguez.com/]. As probably you know by now, I spend… - [What checkm8 means for stalkerware on iOS](https://ivrodriguez.com/what-checkm8-means-for-stalkareware-on-ios/): On Friday, September 27th 2019 many of us on the mobile security community were surprised with the news of a SecureROM… - [Decrypting iOS applications - iOS 12 Edition](https://ivrodriguez.com/decrypting-ios-applications-ios-12-edition/): As some of you may know, with the release of iOS 12.4 Apple accidentally reintroduced a vulnerability… - [Analyzing iOS Stalkerware Applications](https://ivrodriguez.com/analyzing-ios-stalkerware-apps/): Stalkerware (a.k.a. Spouseware) applications are invasive applications that an individual installs on a target's device (usually their partner) to spy on them,… - [Investigating some subscription scam iOS apps](https://ivrodriguez.com/investigating-some-subscription-scam-ios-apps/): For some reason Apple allows "subscription scam" apps on the App Store. These are apps that are free to download and then ask you to subscribe right on launch.… - [Created an "age" mobile client](https://ivrodriguez.com/created-an-age-mobile-client/): A few days ago Filippo Valsorda [https://twitter.com/FiloSottile] twitted about a simple, secure and modern encryption tool that will hopefully substitute gpg… - [Mobile App Sec Assemble](https://ivrodriguez.com/mobile-app-sec-assemble/): One of the reasons why I write blog posts about mobile app sec is for future me. I don't have a good memory so these posts help me refresh techniques and steps… - [Who's collecting analytics data from mobile apps?](https://ivrodriguez.com/whos-collecting-analytics-from-mobile-apps/): I have the absolute pleasure and honour of being one of the beta testers of the GuardianApp [https://guardianapp.com/]. In an upcoming post I'll be explaining… - [Announcing my very own course: "Reverse Engineer iOS Applications" 📱](https://ivrodriguez.com/announcing-my-own-course-reverse-engineer-ios-applications/): Big news! (or at least for me 😬) I've decided to create my own take on an online course to show beginner and intermediate researchers how to reverse engineer… - [How Facebook-Research app works](https://ivrodriguez.com/how-facebook-research-app-works/): Last night I saw this tweet from Will Strafach [https://twitter.com/chronic]: After reading that article I just needed to reverse this iOS app and see how it… - [Tips for Mobile Bug Bounty Hunting](https://ivrodriguez.com/tips-for-mobile-bug-bounty-hunting/): My good friend Pete Yaworski [https://twitter.com/yaworsk] encouraged me to join the bug bounty scene for a long time before I decided to jump in and start… - [Fix SSL Kill Switch2 not showing on Settings](https://ivrodriguez.com/fix-ssl-kill-switch2-not-showing-on-settings/): If you landed on this blog post, it probably means you already know what SSL Kill Switch2 is. Therefore I'm not going to explain what it is, but if you want to… - [Racism and sexism are never funny](https://ivrodriguez.com/racism-is-never-funny/): My blog is intended to be a hub of knowledge around Technology, Mobile & Web Application Security, Cryptography, Coding and Hacking. However, this is a very… - [What do Pointer Authentication Codes mean for iOS jailbreaking?](https://ivrodriguez.com/pointer-authentication-on-armv8-3/): Yesterday, Sep 12th, Apple announced [https://www.youtube.com/watch?v=9m_K2Yg7wGQ] their next generation of iPhones. The iPhone X [s], X [s] Max and X [r] are… - [Reverse Engineering iOS Apps - iOS 11 Edition (Part 2)](https://ivrodriguez.com/reverse-engineer-ios-apps-ios-11-edition-part2/): This is the second part of the "Reverse Engineering iOS Apps - iOS 11 Edition" series. In the first part of the series… - [Formatting phone numbers in Swift](https://ivrodriguez.com/format-phone-numbers-in-swift/): A simple code snippet to format 10 digit phone numbers in Swift 4.0, instead of including a big library, just implement a delegate function and a formatting… - [Saving your Github SSH Keys in a USB Drive](https://ivrodriguez.com/saving-your-github-ssh-keys-in-a-usb-drive/): Github provides 2 main options for connecting (cloning, fetching, pulling, pushing) to repositories. HTTPS and SSH: HTTPS: This is the easiest way to clone a… - [Reverse Engineering iOS Apps - iOS 11 Edition (Part 1)](https://ivrodriguez.com/reverse-engineer-ios-apps-ios-11-edition-part1/): Even though there are already many, many [https://www.google.com/search?q=reverse+engineering+ios+apps] blog posts, tutorials and even youtube videos… - [Proxy iOS 11 applications’ traffic](https://ivrodriguez.com/proxy-ios-apps-traffic/): A big part of understanding how mobile apps work is to identify the endpoints they hit on the server side and the data they send and receive. In order to… - [Installing self-signed certificates on Android](https://ivrodriguez.com/installing-self-signed-certificates-on-android/): One of the best trends these days is the shift to encrypted Internet traffic, aka Transport Layer Security or TLS, and mobile apps are not the exception, often… - [Fix Cydia Impactor crypto-osx.cpp:97 error](https://ivrodriguez.com/fix-cydia-impactor-crypto-osx-cpp-97-error/): If you upgraded to macOS Hight Sierra 10.13.x changes are Cydia Impactor [http://www.cydiaimpactor.com/] is giving you this error when trying to install an… - [Installing Dropbear SSH on iOS 10.3.3](https://ivrodriguez.com/installing-dropbear-ssh-on-ios-10-3-3/): In December last year, @thimstar [https://twitter.com/tihmstar] and @S1guza [https://twitter.com/s1guza] released H3lix [https://h3lix.tihmstar.net/] a… - [Reversing one thousand binaries](https://ivrodriguez.com/reversing-one-thousand-binaries/): This past week (Nov 3rd) I attended the Hackfest CTF in Quebec city, QC. This was my second CTF and was the fist time I ever found a flag. This is how I found… - [The most innovative “thing” I’ve done (so far)](https://ivrodriguez.com/the-most-innovative-thing-ive-done-so-far/): The context I’m a software engineer and really enjoy using technology, but I love using technology to solve problems and make people’s lives better. For the…