Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/psychsecurity/iOS-Pentesting

Wiki for Pentesting iOS apps
https://github.com/psychsecurity/iOS-Pentesting

Last synced: 22 days ago
JSON representation

Wiki for Pentesting iOS apps

Host: GitHub
URL: https://github.com/psychsecurity/iOS-Pentesting
Owner: psychsecurity
Created: 2016-01-31T04:51:28.000Z (almost 9 years ago)
Default Branch: master
Last Pushed: 2024-03-12T10:29:13.000Z (9 months ago)
Last Synced: 2024-08-05T17:31:30.978Z (4 months ago)
Homepage:
Size: 2.37 MB
Stars: 23
Watchers: 4
Forks: 12
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - psychsecurity/iOS-Pentesting - Wiki for Pentesting iOS apps (Others)

README

Welcome to the iOS-Pentesting wiki!

# JB Testing

## Re-sign using applesign

List identities

`./applesign.js -L`

Re-sign

`./applesign.js -i ABCDEFGHIJKLMNOPQRST /blah/blah.ipa`

## Re-sign using ios-app-signer

https://github.com/DanTheMan827/ios-app-signer/releases/tag/1.14

## Deploy using xcode

https://slashedm.gitbook.io/xcode-app-signing/where-do-we-go-now/newer-versions

Xcode + iOS App Signer

Install Xcode, open it, and agree to the license agreement.
Plug in your iOS device and select it as the build target.
Open Xcode and create a new iOS Application.
Type a name and identifier.
Xcode will complain about the lack of a provisioning profile. Click fix issue.
Sign into an Apple ID when prompted.
Download iOS App Signer
Download the latest version of unc0ver from above.
Open iOS App Signer.
Select the ipa you just downloaded as an input file.
Click start.
Return to Xcode. Go to the menu bar. Click Window → Devices.
Find your device, click the plus, and select the file created by iOS App Signer.

Objection

frida-ps -Uia
`objection --gadget "com.apple.AppStore" explore`

`objection explore --startup-command 'ios jailbreak simulate'`

#Get IPA - frida-iOS-dump

`sudo iproxy 2222 22`

`python3 dump.py com.blah -H 127.0.0.1 -p 2222 -u mobile -P password -o blah.ipa`

# Non-JB Testing

Connect phone to Mac - run a test app in xcode and fix signing certificates. This should generate a provisioning file.

Find code sigs

`security find-identity -p codesigning -v`

Patch Frida dylib to ipa

`objection patchipa --source blah.ipa --codesign-signature 1234BLAH`

`objection patchipa --source blah.ipa --codesign-signature 39AAAAAAAAAAAAAAAAAAAAAAAA29 -P '~/Library/MobileDevice/Provisioning Profiles/blah.mobileprovision'`

Deploy in debugging mode

`ios-deploy --bundle blah.app -W -d`
{this might take a while - be patient - lldb will load}
Run in debug mode without installing again

`ios-deploy -b blah.app -W -m`

Use objection

`objection explore`

# Reversing/Patching - use Hopper