Thank you all for the congrats, they mean a ton and my wife and I are loving reading them! ❤ Answering two common questions here: 1) Deployment: I just used Sideloadly for other people too. This was for < 10 phones - again, very small wedding! I was beating myself up during the edit when realizing I didn't talk about this at all. With more heads up, I would've tried to collect UDIDs from people so that I could adhoc-sign a build, and then host it somewhere with a QR code. I'm also curious if adding folks as internal TestFlight testers would have been a viable strategy, though getting through the initial Apple review would have been... tricky, maybe. I'm really curious if other people have ideas that would work on a larger scale here, please let me know. 2) Why not proxy requests at the network level: I think this is a totally viable strategy. As a couple people pointed out throughout the comments, you'd still need to trust a root certificate on each phone since these are HTTPS requests, but that's not much harder than installing a custom app. I went the custom app route for a couple reasons (didn't want to deal with network stuff on the day of the wedding, didn't want to interfere with people's _actual_ NYT apps, wanted to customize the UI anyways, and this sort of modification is just more fun for me), but I think this is totally viable.
@@zoellazayce6796 It's possible to attempt blocking people from doing a lot of things, but if you're a motivated engineer with physical access to a device, it's pretty much not possible to stop you from doing whatever you want.
@@zoellazayce6796I guess obfuscation? It'd be incredibly hard and not worthwhile. Of course, obfuscation is still not perfect, but it's the best you'll get.Plus, you're hopefully a good person and wouldn't do such a thing.
Congratulations on getting married! I absolutely love your content, there aren't many people who go this in-depth into iOS workings and how to modify it. There are no other creators who provide such an easy format to follow with and with this level of quality. Keep up the amazing work!
Congratulations! Every time I watch, it's like a refreshing breath of fresh air. Your content is absolutely mesmerizing, consistently delivering creativity and inspiration. Keep up the outstanding work - it's a joy to follow along!
congratulations man! :) I also remember when you posted a pic of your wordle clone (back before they were acquired by NYT) that changed the color of iOS’s native keyboard keys as you played (I still want it 😂)
I can't believe you remember that! That was a fun one - I gotta check if I still have the code for that anywhere. IIRC it might have been from before keyboards were rendered in a separate process, so would be a lot harder now if so? But I wonder if I'm wrong & that is still viable!
Just wanna say that I am a junior dev who Is still learning a lot but this video was both fun to watch and easy to understand! Congrats on the wedding and good stuff man
Sony!! My original iOS partner in crime - hope you're doing great man ❤ And Ryan, same goes to you! We all gotta catch up next time we're in the same area!
Sorry if I missed the reasoning, but why not just bring a router and have a custom DNS server that maps that API FQDN to your own server which sends out the modified json? That way all everyone has to do is connect to your router
It wouldn't work because the URLs are using SSL. If you self-signed a certificate for NYTimes, no device would accept it unless you added it. Then again, I have no idea how he got this modified app on everyone's device either.
@@gabealbert493 That at least wouldn't require this to do double the work with making an Android patch too. Or just locking those that don't have iPhones out
That was really interesting, and well explained: I could understand what was going on even though I’ve barely done any Mac/iOS programming. I will however add myself to the list of people asking how you managed to deploy the app without rousing suspicion.
@@howiieb That's called a man in the middle attack and HTTPS protects against that, unless you set up a Proxy on each of the phones, or add your own certificate to the phones otherwise (Also from other comments, apparently the NYTimes app uses certificate pinning (i.e. checking against a hard-coded certificate, I think) which means even that wouldn't work) Also if it was done by intercepting the network requests at the non-client side, the entire rest of the video would be pointless :p
I'm kind of confused why, if you just had to load one version of the puzzle with this setup, it wouldn't have been viable to just set all ids as a future still unused value (e.g. 99999) so you wouldn't have to risk the random generator returning a previously loaded id (because the initial range you set it to generate was including the actual puzzle range) and you wouldn't have had to process the partial path redirecting all the puzzle results (it would've also been nice to check in the active.json proxy if the requested date was the wedding date or a date previous to that to avoid issues if a guest forgot to restore the regular version of the app). Maybe I'm just missing some context or it was an intentional choice. Loved the video tho
Great question / callout here - the reason for the randomness each time was so that the puzzles wouldn't be cached during development while I was iterating on them. But I think you're right that that opens up some risk of it actually overlapping with a real puzzle that had already been pulled down and cached. Using a range that didn't overlap with real puzzle ids would have been smarter here (or at least, trying that first!) For the last point here - I didn't go into this much during the video (totally should have), but this app used a different bundle ID than the real NYT Games app, so was installed side-by-side with the original - so either way this would only cause issues during development, the actual version would work fine even if a real puzzle id was picked, since there would be no cached puzzles already. But still a great callout since this would've caused a lot of confusion for me in development if a bad ID was picked!
Dude, you are a total boss. I'm inspired, especially with my own wedding coming up. Brilliant idea. Of course, when I do it, I'll be using a MITM attack and poisoning everyone's DNS so it's a surprise.
Very smooth, debonair vibes you're giving off, Mr. Handsome Guy who's deliberately showing off his hacking skills skills in a Tuxedo. ;-) Rockin' like a "James Bond, if he lived long enough for his juevos to be preserved in carbonite and deposited in Ms. Bond's purse" thing.
Congratulations Bryce! Love your content. Just a small correction: iOS < android everytime (ask the Mrs 😜). Let the engagement in the replies feed the YT algorithm
This is awesome. A question - would it not be easier to change the origin url in the app to your own and write a simple backend that returns custom data where you want it and acts as a proxy to the real api for the rest of the requests?
Would it not be easier to setup a network spoofer on a wifi hotspot, and then have the spoofer redirect the times json link to a json you host on your website? I think you could easily do it with bettercap and then just print out the network connect qr code and have the people connect to the network
Yeah, that's what I thought too. Instead of having everyone install something on their phones, just being connected to the right wifi would have been even more magical. Then it can even be a surprise. Imagine not knowing about it and when you start doing the games you realize they are about the wedding.
@@eduardog3000 You can get a regular signed certificate on a private network, it takes some trickery but Ive done it for my self hosting with a reverse proxy.
I was wondering the same thing. Perhaps he organised a casting / projection of a phone's screen that had the injected app side-loaded, setup in a games corner or something, then guests could roam around with a beer and check it out and be sufficiently surprised and impressed.
I guess everyone who wanted to play just had to plug into his mac to make their device a test device for his developer account, and deploy as a test-app
What would be hard about intercepting those message on the network with a proxy and returning whatever you want ? Seems like it would be the most basic and seamless, though you would need to ask the particular venue you are reserving.
The modern web (since 10+ years ago) runs on HTTPS. You cannot simply claim to be NYTimes with a proxy, and if you were to claim the DNS server, address lookup is cached, so you'd have to clear the DNS caches somehow.
At 6:29 : Why not just basically find and replace the domain name to your own domain name? Setting up a proxy service at that point would be comparatively easy.
Thank you all for the congrats, they mean a ton and my wife and I are loving reading them! ❤
Answering two common questions here:
1) Deployment:
I just used Sideloadly for other people too. This was for < 10 phones - again, very small wedding! I was beating myself up during the edit when realizing I didn't talk about this at all.
With more heads up, I would've tried to collect UDIDs from people so that I could adhoc-sign a build, and then host it somewhere with a QR code. I'm also curious if adding folks as internal TestFlight testers would have been a viable strategy, though getting through the initial Apple review would have been... tricky, maybe.
I'm really curious if other people have ideas that would work on a larger scale here, please let me know.
2) Why not proxy requests at the network level:
I think this is a totally viable strategy. As a couple people pointed out throughout the comments, you'd still need to trust a root certificate on each phone since these are HTTPS requests, but that's not much harder than installing a custom app.
I went the custom app route for a couple reasons (didn't want to deal with network stuff on the day of the wedding, didn't want to interfere with people's _actual_ NYT apps, wanted to customize the UI anyways, and this sort of modification is just more fun for me), but I think this is totally viable.
so you left out the actual hard part -- how did you convince all your future in-laws to trust you with their phone for even 30 seconds ?!
@@howiieb Wait, really? Then why does he need to compile the framework and rebuild the app on the phone using sideloadly?
@@valentinthevoz7776 I think I missed something badly there.
The whole time, I was just waiting to find out how he got the modified version onto all their phones but he never said.
Convincing the in-laws is easy - convincing my own family members (who grew up with my iPhone antics) is harder! 😛
Some techies at NYT saw some very strange Sentry errors on the day you filmed this
is it possible to block people from doing this?
@@zoellazayce6796 It's possible to attempt blocking people from doing a lot of things, but if you're a motivated engineer with physical access to a device, it's pretty much not possible to stop you from doing whatever you want.
@@zoellazayce6796I guess obfuscation? It'd be incredibly hard and not worthwhile. Of course, obfuscation is still not perfect, but it's the best you'll get.Plus, you're hopefully a good person and wouldn't do such a thing.
@@zoellazayce6796API obfuscation and encrypted response are a start, but it can only really be mitigated.
Congratulations on getting married! I absolutely love your content, there aren't many people who go this in-depth into iOS workings and how to modify it. There are no other creators who provide such an easy format to follow with and with this level of quality. Keep up the amazing work!
Congratulations! Every time I watch, it's like a refreshing breath of fresh air. Your content is absolutely mesmerizing, consistently delivering creativity and inspiration. Keep up the outstanding work - it's a joy to follow along!
Wait- tell me about the crème brûlée
congratulations man! :) I also remember when you posted a pic of your wordle clone (back before they were acquired by NYT) that changed the color of iOS’s native keyboard keys as you played (I still want it 😂)
I can't believe you remember that! That was a fun one - I gotta check if I still have the code for that anywhere. IIRC it might have been from before keyboards were rendered in a separate process, so would be a lot harder now if so? But I wonder if I'm wrong & that is still viable!
Congratulations homie
Absolutely love your content, congrats on your wedding! Love the technical knowledge in ur vids and how you explain it so clearly
Congrats, this was really interesting, even as an android dev !
Just wanna say that I am a junior dev who Is still learning a lot but this video was both fun to watch and easy to understand! Congrats on the wedding and good stuff man
A good husband and an even better iOS developer. Congrats mate.
Bryce it's heartwarming to see your content. Hope you're doing well.
Echoing your sentiment Sony! Hope you’re both doing well.
Sony!! My original iOS partner in crime - hope you're doing great man ❤
And Ryan, same goes to you! We all gotta catch up next time we're in the same area!
Very cool! How did you manage deploying your changes to your family members' devices?
@@lightningdev1 Yeah I'm not sure, that's why I was asking.
Also wondering this
I assume they simply used sideloadly on all devices, it's definitely possible in a short time with just family members.
since hes a ios dev im guessing that he pays the $100 for the development program so he probably just used testflight for the least friction
@@nohs8776TestFlight also goes through App Review. It was likely ad-hoc distribution (the itms-services thing)
Sorry if I missed the reasoning, but why not just bring a router and have a custom DNS server that maps that API FQDN to your own server which sends out the modified json? That way all everyone has to do is connect to your router
It wouldn't work because the URLs are using SSL. If you self-signed a certificate for NYTimes, no device would accept it unless you added it. Then again, I have no idea how he got this modified app on everyone's device either.
@@gabealbert493 That at least wouldn't require this to do double the work with making an Android patch too.
Or just locking those that don't have iPhones out
That was really interesting, and well explained: I could understand what was going on even though I’ve barely done any Mac/iOS programming.
I will however add myself to the list of people asking how you managed to deploy the app without rousing suspicion.
Interesting
Interesting
1:22 "iOS things"
Okay, I'm gone.
Congratulations for the wedding!!!🥳I love your content. Please keep doing everyday reverse-engineering stuff 🙏 I learn a lot
Wow! It's super interesting! How did you install this modified version of the app on your family's devices?
@@howiieb That's called a man in the middle attack and HTTPS protects against that, unless you set up a Proxy on each of the phones, or add your own certificate to the phones otherwise
(Also from other comments, apparently the NYTimes app uses certificate pinning (i.e. checking against a hard-coded certificate, I think) which means even that wouldn't work)
Also if it was done by intercepting the network requests at the non-client side, the entire rest of the video would be pointless :p
I'm don't do much of iOS development but maybe he could be using TestFlight?
congrats on the wedding!! also your videos are awesome, ive tried to recreate some of this via android debugger, so thanks!
Congratulations man, another wonderful journey begins!
Congrats bro!! Ive been waiting for a new video! Keep posting
I'm kind of confused why, if you just had to load one version of the puzzle with this setup, it wouldn't have been viable to just set all ids as a future still unused value (e.g. 99999) so you wouldn't have to risk the random generator returning a previously loaded id (because the initial range you set it to generate was including the actual puzzle range) and you wouldn't have had to process the partial path redirecting all the puzzle results (it would've also been nice to check in the active.json proxy if the requested date was the wedding date or a date previous to that to avoid issues if a guest forgot to restore the regular version of the app). Maybe I'm just missing some context or it was an intentional choice. Loved the video tho
Great question / callout here - the reason for the randomness each time was so that the puzzles wouldn't be cached during development while I was iterating on them. But I think you're right that that opens up some risk of it actually overlapping with a real puzzle that had already been pulled down and cached. Using a range that didn't overlap with real puzzle ids would have been smarter here (or at least, trying that first!)
For the last point here - I didn't go into this much during the video (totally should have), but this app used a different bundle ID than the real NYT Games app, so was installed side-by-side with the original - so either way this would only cause issues during development, the actual version would work fine even if a real puzzle id was picked, since there would be no cached puzzles already. But still a great callout since this would've caused a lot of confusion for me in development if a bad ID was picked!
Congratulations on the wedding Bryce!
Congratulations, man! This video is mind-blowing. Can’t wait to learn more from you!
It's nice to know someone besides me still has an active wordle group.
This deserves 100x more views. Congratulations on getting married!
How did you get everyone to sideload the app?
Awesome! I learned a ton, thanks for sharing!
seeing the title i didn’t expect to learn anything from this, but I did! seven years of ios development and I had no idea these apis existed 😄
dude this was sick! great video
Dude, you are a total boss. I'm inspired, especially with my own wedding coming up. Brilliant idea.
Of course, when I do it, I'll be using a MITM attack and poisoning everyone's DNS so it's a surprise.
Very smooth, debonair vibes you're giving off, Mr. Handsome Guy who's deliberately showing off his hacking skills skills in a Tuxedo. ;-)
Rockin' like a "James Bond, if he lived long enough for his juevos to be preserved in carbonite and deposited in Ms. Bond's purse" thing.
I love this channel! And congrats!
this is some of the s-tier content on this platform
the joke at the start deserves gold
Very cool! I'm tempted to do something similar for my future wedding lol
Congrats, this was super cool to follow along.
Congratulations!🎉
Congratulations man, enjoy!
Congratulations Bryce! Love your content. Just a small correction: iOS < android everytime (ask the Mrs 😜).
Let the engagement in the replies feed the YT algorithm
14:41 "Division would trip it up" LMAO
I love learning reverse engineering in the iOS world. Keep making videos and congrats!
This is awesome. A question - would it not be easier to change the origin url in the app to your own and write a simple backend that returns custom data where you want it and acts as a proxy to the real api for the rest of the requests?
Congrats!!
Congrats!
hahaha that intro was 👌
congrats!
Congratulations
congrats legend
This is amazing!
Do you know of any ways to do this (injecting Frameworks into an app) for MacOS apps?
Check out DYLD_INSERT_LIBRARIES (you may need SIP off for this) as a temporary option, or optool as a way to modify a binary as a longer term option!
you're so fucking smart wtfffff, congratsss!!
You're awesome!
Congratulations! What resource would you recommend for learning this kind of low level objc/swift?
Super cool. How'd you deploy it though?
Would it not be easier to setup a network spoofer on a wifi hotspot, and then have the spoofer redirect the times json link to a json you host on your website? I think you could easily do it with bettercap and then just print out the network connect qr code and have the people connect to the network
Yeah, that's what I thought too. Instead of having everyone install something on their phones, just being connected to the right wifi would have been even more magical. Then it can even be a surprise. Imagine not knowing about it and when you start doing the games you realize they are about the wedding.
He’d have to install a self signed https certificate on their phones. Even then if the app uses certificate pinning it still wouldn’t work.
@@eduardog3000 You can get a regular signed certificate on a private network, it takes some trickery but Ive done it for my self hosting with a reverse proxy.
really really coollll
why didn't you reruted the ny puzzel server to yours on the local router level
with a relatively simple api ?
congrats
how did you manage to get this app onto all the attendees' phones?
I was wondering the same thing. Perhaps he organised a casting / projection of a phone's screen that had the injected app side-loaded, setup in a games corner or something, then guests could roam around with a beer and check it out and be sufficiently surprised and impressed.
I guess everyone who wanted to play just had to plug into his mac to make their device a test device for his developer account, and deploy as a test-app
@@haakonness I think adding that many devices to your developer account will be a problem
This channel is gold. Anyone knows similar channel for android?
os_log is indeed separately annoying
Just Wow.
Sous vide creme brulee? (Guessing based on mason jar)
Just watched the whole video to figure out how he did the deployments and he never got around to it.
macOS users trying to maximize an app so they don't have to scroll horizontally all the time challenge (IMPOSSIBLE)
why attack android in the connections minigame? 😔
🎉
🎉💒
What would be hard about intercepting those message on the network with a proxy and returning whatever you want ?
Seems like it would be the most basic and seamless, though you would need to ask the particular venue you are reserving.
HTTPS
The modern web (since 10+ years ago) runs on HTTPS. You cannot simply claim to be NYTimes with a proxy, and if you were to claim the DNS server, address lookup is cached, so you'd have to clear the DNS caches somehow.
@@AntonioNoack I see, thanks
first
I was really interesested to listen before i heard IOS rich mf. :) :)
At 6:29 : Why not just basically find and replace the domain name to your own domain name? Setting up a proxy service at that point would be comparatively easy.
Great video (despite the Android bashing :( )
I think I solved the Mini, is it (spoilers):
B E A N S
R E G A L
A R O M A
W I R E S
L E A S H