IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
- 1. IOS PENTESTING: A BEGINNER'S PRACTICAL GUIDE By Abida Shariff Lead Security Engineer
- 2. WHOAMI I’m Abida Shariff Lead Security Engineer at Redsentry Web Application, iOS & Android Researcher OSCP, eJPT, CEH Certified Just a curious geek
- 3. Jailbroken Devices and iOS Versions Jailbreaking Software iOS Version Support Supported Devices Notes Checkra1n Up to iOS 14.8.1 Up to iPhone X (A11 chip and older) Uses checkm8 exploit Palera1n iOS 15.0 to iOS 17.4 A11 chips and older Based on checkm8 exploit Dopamine iOS 15.0 to iOS 16.6.1 A12 to A16 and M1 to M2 chips Focuses on newer devices, does not support latest versions beyond iOS 16.6.1 Emulators: Tools like Corellium offer cloud-based iOS environments for security testing without needing physical devices.
- 4. Tools: A Pentester’s Arsenal Frida: Objection: Otool: ● Dynamic instrumentation toolkit ● Allows injection of scripts into application ● Explore and modify runtime operations ● Package: build.frida.re ● Runtime mobile exploration toolkit ● Uses Frida ● Assesses security posture of mobile applications ● Inspecting the structure and contents of executable files and libraries ● Analyzing binary dependencies and linked frameworks ● Debugging and reverse engineering applications
- 5. IPA File Structure Payload Folder ● Main directory of the IPA file ● Contains all executable and non-executable files for the app app Folder ● Contains the actual iOS application folder (.app directory) ● Includes the executable file of the app (e.g., AppName.app) ● Contains resources like images, sounds, and other assets Info.plist ● Key file within the .app folder ● Contains metadata about the application Version Display name SDK version ● Other configuration details necessary for the iOS system
- 6. Extracting and Exploring IPA Files Leverage powerful tools like IMazing, AppIndex, IPAtool and via Filza to effectively extract IPA files from your iOS devices, opening the door to deeper security analysis and reverse engineering. Small Demo….
- 7. Installing IPA Files on Jailbroken Devices To install IPA files on iOS devices, several tools can be used: 3uTools ● Windows and Mac users ● Manages iOS devices ● Features: IPA installation, jailbreaking, device management Sideloadly ● Compatible with Windows and Mac ● Sideloads IPA files using an Apple ID ● Facilitates installation of apps not available on the App Store TrollStore ● Install IPA’s directly from the device or via a computer ● No revokes or re-signing required
- 8. Jailbreak Detection and SSL Pinning Bypass Bypass Jailbreak Detection ● Hook into app's code ● Disable or alter jailbreak detection mechanisms Bypass SSL Pinning ● Intercept and manipulate traffic ● Hook into app's SSL handling routines
- 9. Static Analysis of IPA Files 1 MobSF: Comprehensive App Scanning Leverage the Mobile Security Framework (MobSF) to perform in-depth static analysis on IPA files. Uncover code vulnerabilities, sensitive data leaks, and potential security weaknesses. 2 Otool: Examining Binary Structure Use the powerful otool utility to inspect the structure and contents of the IPA files compiled binary. Identify libraries, and other valuable information for security assessment. 3 Frida: Dynamic Instrumentation Integrate the Frida framework to dynamically hook into the running iOS app and observe its behavior, intercept function calls, and uncover hidden functionality. 4 Plist Editor Pro: View Plist Files Plist Editor Pro is a tool used for viewing plist files, to store settings and configuration information.
- 10. Local Storage Local storage refers to the various methods an application uses to store data directly on a device. Key local storage mechanisms include NSUserDefaults, used for storing user preferences and small pieces of data, and Keychain, designed for securely storing sensitive information such as passwords and tokens.