For pen-testing and cracking of iOS devices applications we will need to set up an environment. Using this environment we can play with our apps or commercially available applications. It doesn’t really matter which iOS device you choose. An iPad is probably the most multipurpose device as it can run iPhone and iPad apps. For in depth pentesting of application, we will need a jailbroken iOS device as can have root acces to the device and test the related processes also. Jailbreaking the device and installing Cydia is not that difficult you can easily find in Internet how to jailbreak your device depending upon model and firmware version says information and data security solutions experts.
To pen test or crack a application we don’t need a Mac as we can use Linux machine or OS X virtual machine. We can also use a Mac device; however it is easier to review code in Mac device. To connect your machine to your ipad we will need SSH on our jailbroken device.
We need to install OpenSSH on our device from Cydia. This will allow us to login to the jailbroken device as root. With ip address of the ipad we will be able to do a SSH to our ipad. The default password for the root account on iOS is alpine but we will change it, as well as the password for the user mobile, to something else to protect it from malware attacks.
Install Xcode and Command Line Tools
Xcode includes everything we need to create amazing apps for iPhone, iPad, Mac, and Apple Watch. The Swift programming language has great features that make your code even easier to read and write. Mike Stevens, information and data security training explains that Xcode is Apple’s IDE and includes the latest iOS SDK and iOS Simulator. It’s available for free on the Mac App Store. Once Xcode is installed be sure to install the Command Line Tools.
class-dump-z is used to dump class information from an IOS application. To download and install class-dump-z go to its official page and follow the instructions. Go inside the folder iphone_armv6 and copy the class-dump-z executable into /usr/bin directory. This will make sure you can run class-dump-z from your device. With class-dump-z we can analyze apps for class information. For example, we can dump the class information for the Apple Messenger app. You can learn more about it in ethical hacking training.
Clutch & Rasticrac
We can crack any app on our iOS device with the help of this software as per information security solutions experts. All the applications downloaded from App Store are stored in /var/mobile/Applications/ and are stored in encrypted form. We will need to decrypt these apps first to analysis them. We will be decrypting the apps with the help of Clutch or Rasticrac.
IAP cracker, is a tool for iOS devices running on iOS 8.0/8.1 and also we have the IAP cracker for iOS 7.1.2 / 7.1.1 / 6.0, which bypasses the payment page, letting users to get full application functionality to experience the real game or application usage. IAP crackers allows us to get all paid in-app purchases free of cost. As per ethical hacking training school professor of IICyberSecurity IAP cracker enables us to use all in-app purchases and get free coins for all your games that are been played in your iOS device. Repo is http://system.in-appstore.com/repo/ and you can install Local app store in your device.
Runtime Analysis with GDB
Almost all the native IOS applications are written in Objective-C. It is a runtime-oriented language, which means that whenever it is possible, it defers decisions from compile and link time to the time when the code in the application is actually being executed. With GNU debugging (GDB) we can hook into a running process and execute our code or modify an app. While running GDB we need to make sure that the process is running. And using the process id we can monitor the flow and hook into application code. You can learn more about GDB in information security training of International Institute of Cyber Security.
Snoop-it is a tool to assist dynamic analysis and blackbox security assessments of mobile Apps by retrofitting existing apps with debugging and runtime tracing capabilities. Snoop-it allows on-the-fly manipulations of arbitrary iOS Apps with an easy-to-use graphical user interface. Thus, bypassing client-side restrictions or unlocking additional features and premium content of Apps is going to be a child’s play.
We are going to cover more about mobile security tools in upcoming articles.