iOS Analysis

Mobile, iOS

iOS Analysis Cheatsheet

Insecure Data Storage

Data

  • Plist info

    1
    2
    [needle] > use storage/data/files_plist
    [needle] > run

  • cookies

    • [needle] > use storage/data/fiels_binarycookies

  • cache db

    • [needle] > use storage/data/fiels_cachedb

  • SQl

    • [needle] > use storage/data/fiels_sql

  • Key Chain Dump

    • [needle] > use storage/data/keychain_dump

Log

  • NSLog in Xcode

  • NSlog with socat

    1
    2
    $ > socat - UNIX-CONNECT:/var/run/lockdown/syslog.sock
    $ > watch

  • needle

    1
    2
    [needle] > use dynamic/monitor/syslog 
    [needle] > run

Authentication

Local Authentication bypass

  • Swizzler

  • needle

    1
    [needle] > use hooking>frida>scipt_touch-id-bypass

Network API

  • App Transport Security
  • Testing Custom Certificate Stores and Certificate Pinning

iOS Platform API

Custom URLScheme

- strings <app> | grep "myURLscheme://"

- `[needle] > use dynamic/ipc/open_uri`

Testing WebView

Code Quality

Code sign

- codesign -dvvv <test.app>

Debug symbol

Free Security Features

1
2
3
4
5
unzip <test.ipa>
cd Payload/test.app/
otools -hv <app>
otools -Iv <app> |grep stack
otools -Iv <app> |grep release

iOS Anti-Reversing Defenses

  • Jailbreak Detection
  • Anti-Debugging Checks
  • File Integrity Checks
  • Device Binding