SlideShare a Scribd company logo
IOS PENTESTING:
A BEGINNER'S
PRACTICAL GUIDE
By Abida Shariff
Lead Security Engineer
WHOAMI
I’m Abida Shariff
Lead Security Engineer at Redsentry
Web Application, iOS & Android Researcher
OSCP, eJPT, CEH Certified
Just a curious geek
Jailbroken Devices and iOS Versions
Jailbreaking
Software
iOS Version
Support
Supported
Devices
Notes
Checkra1n Up to iOS 14.8.1 Up to iPhone X (A11
chip and older)
Uses checkm8
exploit
Palera1n iOS 15.0 to iOS
17.4
A11 chips and
older
Based on
checkm8 exploit
Dopamine iOS 15.0 to iOS
16.6.1
A12 to A16 and
M1 to M2 chips
Focuses on newer
devices, does not
support latest versions
beyond iOS 16.6.1
Emulators: Tools like Corellium offer cloud-based iOS environments for security
testing without needing physical devices.
Tools: A Pentester’s Arsenal
Frida:
Objection:
Otool:
● Dynamic instrumentation toolkit
● Allows injection of scripts into application
● Explore and modify runtime operations
● Package: build.frida.re
● Runtime mobile exploration toolkit
● Uses Frida
● Assesses security posture of mobile applications
● Inspecting the structure and contents of executable files and
libraries
● Analyzing binary dependencies and linked frameworks
● Debugging and reverse engineering applications
IPA File Structure
Payload Folder
● Main directory of the IPA file
● Contains all executable and non-executable files for the app
app Folder
● Contains the actual iOS application folder (.app directory)
● Includes the executable file of the app (e.g., AppName.app)
● Contains resources like images, sounds, and other assets
Info.plist
● Key file within the .app folder
● Contains metadata about the application
Version
Display name
SDK version
● Other configuration details necessary for the iOS system
Extracting and Exploring IPA
Files
Leverage powerful tools like IMazing, AppIndex,
IPAtool and via Filza to effectively extract IPA files from
your iOS devices, opening the door to deeper security
analysis and reverse engineering. Small Demo….
Installing IPA Files on Jailbroken Devices
To install IPA files on iOS devices, several tools can be used:
3uTools
● Windows and Mac users
● Manages iOS devices
● Features: IPA installation, jailbreaking, device management
Sideloadly
● Compatible with Windows and Mac
● Sideloads IPA files using an Apple ID
● Facilitates installation of apps not available on the App Store
TrollStore
● Install IPA’s directly from the device or via a computer
● No revokes or re-signing required
Jailbreak Detection and SSL Pinning
Bypass
Bypass Jailbreak Detection
● Hook into app's code
● Disable or alter jailbreak detection mechanisms
Bypass SSL Pinning
● Intercept and manipulate traffic
● Hook into app's SSL handling routines
Static Analysis of IPA Files
1 MobSF: Comprehensive App
Scanning
Leverage the Mobile Security Framework
(MobSF) to perform in-depth static
analysis on IPA files. Uncover code
vulnerabilities, sensitive data leaks, and
potential security weaknesses.
2 Otool: Examining Binary Structure
Use the powerful otool utility to inspect the
structure and contents of the IPA files
compiled binary. Identify libraries, and
other valuable information for security
assessment.
3 Frida: Dynamic Instrumentation
Integrate the Frida framework to
dynamically hook into the running iOS
app and observe its behavior,
intercept function calls, and uncover
hidden functionality.
4 Plist Editor Pro: View Plist Files
Plist Editor Pro is a tool used for viewing
plist files, to store settings and
configuration information.
Local Storage
Local storage refers to the various methods an application
uses to store data directly on a device. Key local storage
mechanisms include NSUserDefaults, used for storing user
preferences and small pieces of data, and Keychain, designed
for securely storing sensitive information such as passwords
and tokens.
References
https://book.hacktricks.xyz/mobile-pentesting/ios-
pentesting/frida-configuration-in-ios
https://mas.owasp.org/MASTG/tools/ios/MASTG-TOOL-
0074/
https://idevicecentral.com/ios-jailbreak-tool-finder/
https://redfoxsec.com/blog/sensitive-data-exposure-in-
local-storage-ios/
THANK YOU
Twitter
https://twitter.com/BawseOne
Linkedin
https://www.linkedin.com/in/abidashariff/

More Related Content

Similar to IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh Ojha
Yogesh Ojha
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
ClubHack
 
Hacking and Securing iOS Applications
Hacking and Securing iOS ApplicationsHacking and Securing iOS Applications
Hacking and Securing iOS Applications
n|u - The Open Security Community
 
Mobile operating system
Mobile operating systemMobile operating system
Mobile operating system
Prashantkumar Patel
 
CNIT 128 2. Analyzing iOS Applications (Part 1)
CNIT 128 2. Analyzing iOS Applications (Part 1)CNIT 128 2. Analyzing iOS Applications (Part 1)
CNIT 128 2. Analyzing iOS Applications (Part 1)
Sam Bowne
 
Crack ios firmware-nlog2n
Crack ios firmware-nlog2nCrack ios firmware-nlog2n
Crack ios firmware-nlog2n
nlog2n
 
100 effective software testing tools that boost your Testing
100 effective software testing tools that boost your Testing100 effective software testing tools that boost your Testing
100 effective software testing tools that boost your Testing
BugRaptors
 
Pentesting iPhone applications
Pentesting iPhone applicationsPentesting iPhone applications
Pentesting iPhone applications
Satish b
 
IOS security
IOS securityIOS security
IOS security
bakhti rahman
 
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS appsDmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
DefconRussia
 
iOS Application Penetration Testing
iOS Application Penetration TestingiOS Application Penetration Testing
iOS Application Penetration Testing
n|u - The Open Security Community
 
2012 mobile testingsummit-moet
2012 mobile testingsummit-moet2012 mobile testingsummit-moet
2012 mobile testingsummit-moet
Eing Ong
 
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)
FFRI, Inc.
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applications
GTestClub
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
Sergey Kochergan
 
Ios file management
Ios file managementIos file management
Ios file management
Rajeev Venkata
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1
Subhransu Behera
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applications
jasonhaddix
 
Apple threat-landscape
Apple threat-landscapeApple threat-landscape
Apple threat-landscape
Andrey Apuhtin
 
What's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynoteWhat's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynote
MarkDowd13
 

Similar to IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx (20)

Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh Ojha
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Hacking and Securing iOS Applications
Hacking and Securing iOS ApplicationsHacking and Securing iOS Applications
Hacking and Securing iOS Applications
 
Mobile operating system
Mobile operating systemMobile operating system
Mobile operating system
 
CNIT 128 2. Analyzing iOS Applications (Part 1)
CNIT 128 2. Analyzing iOS Applications (Part 1)CNIT 128 2. Analyzing iOS Applications (Part 1)
CNIT 128 2. Analyzing iOS Applications (Part 1)
 
Crack ios firmware-nlog2n
Crack ios firmware-nlog2nCrack ios firmware-nlog2n
Crack ios firmware-nlog2n
 
100 effective software testing tools that boost your Testing
100 effective software testing tools that boost your Testing100 effective software testing tools that boost your Testing
100 effective software testing tools that boost your Testing
 
Pentesting iPhone applications
Pentesting iPhone applicationsPentesting iPhone applications
Pentesting iPhone applications
 
IOS security
IOS securityIOS security
IOS security
 
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS appsDmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
 
iOS Application Penetration Testing
iOS Application Penetration TestingiOS Application Penetration Testing
iOS Application Penetration Testing
 
2012 mobile testingsummit-moet
2012 mobile testingsummit-moet2012 mobile testingsummit-moet
2012 mobile testingsummit-moet
 
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applications
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
 
Ios file management
Ios file managementIos file management
Ios file management
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applications
 
Apple threat-landscape
Apple threat-landscapeApple threat-landscape
Apple threat-landscape
 
What's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynoteWhat's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynote
 

Recently uploaded

"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users",  Kevin Goedecke"Scaling RAG Applications to serve millions of users",  Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
Fwdays
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
ScyllaDB
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Fwdays
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
UiPathCommunity
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
LizaNolte
 

Recently uploaded (20)

"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users",  Kevin Goedecke"Scaling RAG Applications to serve millions of users",  Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
 

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

  • 1. IOS PENTESTING: A BEGINNER'S PRACTICAL GUIDE By Abida Shariff Lead Security Engineer
  • 2. WHOAMI I’m Abida Shariff Lead Security Engineer at Redsentry Web Application, iOS & Android Researcher OSCP, eJPT, CEH Certified Just a curious geek
  • 3. Jailbroken Devices and iOS Versions Jailbreaking Software iOS Version Support Supported Devices Notes Checkra1n Up to iOS 14.8.1 Up to iPhone X (A11 chip and older) Uses checkm8 exploit Palera1n iOS 15.0 to iOS 17.4 A11 chips and older Based on checkm8 exploit Dopamine iOS 15.0 to iOS 16.6.1 A12 to A16 and M1 to M2 chips Focuses on newer devices, does not support latest versions beyond iOS 16.6.1 Emulators: Tools like Corellium offer cloud-based iOS environments for security testing without needing physical devices.
  • 4. Tools: A Pentester’s Arsenal Frida: Objection: Otool: ● Dynamic instrumentation toolkit ● Allows injection of scripts into application ● Explore and modify runtime operations ● Package: build.frida.re ● Runtime mobile exploration toolkit ● Uses Frida ● Assesses security posture of mobile applications ● Inspecting the structure and contents of executable files and libraries ● Analyzing binary dependencies and linked frameworks ● Debugging and reverse engineering applications
  • 5. IPA File Structure Payload Folder ● Main directory of the IPA file ● Contains all executable and non-executable files for the app app Folder ● Contains the actual iOS application folder (.app directory) ● Includes the executable file of the app (e.g., AppName.app) ● Contains resources like images, sounds, and other assets Info.plist ● Key file within the .app folder ● Contains metadata about the application Version Display name SDK version ● Other configuration details necessary for the iOS system
  • 6. Extracting and Exploring IPA Files Leverage powerful tools like IMazing, AppIndex, IPAtool and via Filza to effectively extract IPA files from your iOS devices, opening the door to deeper security analysis and reverse engineering. Small Demo….
  • 7. Installing IPA Files on Jailbroken Devices To install IPA files on iOS devices, several tools can be used: 3uTools ● Windows and Mac users ● Manages iOS devices ● Features: IPA installation, jailbreaking, device management Sideloadly ● Compatible with Windows and Mac ● Sideloads IPA files using an Apple ID ● Facilitates installation of apps not available on the App Store TrollStore ● Install IPA’s directly from the device or via a computer ● No revokes or re-signing required
  • 8. Jailbreak Detection and SSL Pinning Bypass Bypass Jailbreak Detection ● Hook into app's code ● Disable or alter jailbreak detection mechanisms Bypass SSL Pinning ● Intercept and manipulate traffic ● Hook into app's SSL handling routines
  • 9. Static Analysis of IPA Files 1 MobSF: Comprehensive App Scanning Leverage the Mobile Security Framework (MobSF) to perform in-depth static analysis on IPA files. Uncover code vulnerabilities, sensitive data leaks, and potential security weaknesses. 2 Otool: Examining Binary Structure Use the powerful otool utility to inspect the structure and contents of the IPA files compiled binary. Identify libraries, and other valuable information for security assessment. 3 Frida: Dynamic Instrumentation Integrate the Frida framework to dynamically hook into the running iOS app and observe its behavior, intercept function calls, and uncover hidden functionality. 4 Plist Editor Pro: View Plist Files Plist Editor Pro is a tool used for viewing plist files, to store settings and configuration information.
  • 10. Local Storage Local storage refers to the various methods an application uses to store data directly on a device. Key local storage mechanisms include NSUserDefaults, used for storing user preferences and small pieces of data, and Keychain, designed for securely storing sensitive information such as passwords and tokens.