Pentesting – Cracking – Analysis of iOS Apps

iOS-Apps

iOS-Apps

 

For pen-testing and cracking of iOS devices applications we will need to set up an environment. Using this environment we can play with our apps or commercially available applications. It doesn’t really matter which iOS device you choose. An iPad is probably the most multipurpose device as it can run iPhone and iPad apps. For in depth pentesting of application, we will need a jailbroken iOS device as can have root acces to the device and test the related processes also. Jailbreaking the device and installing Cydia is not that difficult you can easily find in Internet how to jailbreak your device depending upon model and firmware version says information and data security solutions experts.

To pen test or crack a application we don’t need a Mac as we can use Linux machine or OS X virtual machine. We can also use a Mac device; however it is easier to review code in Mac device. To connect your machine to your ipad we will need SSH on our jailbroken device.

OpenSSH

We need to install OpenSSH on our device from Cydia. This will allow us to login to the jailbroken device as root. With ip address of the ipad we will be able to do a SSH to our ipad. The default password for the root account on iOS is alpine but we will change it, as well as the password for the user mobile, to something else to protect it from malware attacks.

OpenSSH

OpenSSH

 

Install Xcode and Command Line Tools

Xcode includes everything we need to create amazing apps for iPhone, iPad, Mac, and Apple Watch. The Swift programming language has great features that make your code even easier to read and write. Mike Stevens, information and data security training explains that Xcode is Apple’s IDE and includes the latest iOS SDK and iOS Simulator. It’s available for free on the Mac App Store. Once Xcode is installed be sure to install the Command Line Tools.

Xcode

Xcode

 

class-dump-z

class-dump-z is used to dump class information from an IOS application. To download and install class-dump-z go to its official page and follow the instructions. Go inside the folder iphone_armv6 and copy the class-dump-z executable into /usr/bin directory. This will make sure you can run class-dump-z from your device. With class-dump-z we can analyze apps for class information. For example, we can dump the class information for the Apple Messenger app. You can learn more about it in ethical hacking training.

class_dump_z

class_dump_z

 

Clutch & Rasticrac

We can crack any app on our iOS device with the help of this software as per information security solutions experts. All the applications downloaded from App Store are stored in /var/mobile/Applications/ and are stored in encrypted form. We will need to decrypt these apps first to analysis them. We will be decrypting the apps with the help of Clutch or Rasticrac.

clutch ios

clutch ios

 

IAP Cracker

IAP cracker, is a tool for iOS devices running on iOS 8.0/8.1 and also we have the IAP cracker for iOS 7.1.2 / 7.1.1 / 6.0, which bypasses the payment page, letting users to get full application functionality to experience the real game or application usage. IAP crackers allows us to get all paid in-app purchases free of cost. As per ethical hacking training school professor of IICyberSecurity IAP cracker enables us to use all in-app purchases and get free coins for all your games that are been played in your iOS device. Repo is http://system.in-appstore.com/repo/ and you can install Local app store in your device.

IAP Cracker

IAP Cracker

 

Runtime Analysis with GDB

Almost all the native IOS applications are written in Objective-C. It is a runtime-oriented language, which means that whenever it is possible, it defers decisions from compile and link time to the time when the code in the application is actually being executed. With GNU debugging (GDB) we can hook into a running process and execute our code or modify an app. While running GDB we need to make sure that the process is running. And using the process id we can monitor the flow and hook into application code. You can learn more about GDB in information security training of International Institute of Cyber Security.

GDB

GDB

 

Cycript

Cycript allows us to do Swizzling as per says information security solutions expert. Cycript allows developers to explore and modify running applications on either iOS or Mac OS X using a hybrid of Objective-C++ and JavaScript syntax through an interactive console that features syntax highlighting and tab completion. It can also hook into a running process and help us to modify a lot of the things in the application during runtime. If we SSH into an iOS device with cycript installed, we can run it directly from the device. This immediately gives us access to a REPL environment set up and ready to play with. It’s at this point we can also decide what process to inject our modifications into. As far as IOS application is concerned, it allows us to hook into a running process and play with the classes, controllers, libraries, variables, methods.

cycript

cycript

 

Snoop-it

Snoop-it is a tool to assist dynamic analysis and blackbox security assessments of mobile Apps by retrofitting existing apps with debugging and runtime tracing capabilities. Snoop-it allows on-the-fly manipulations of arbitrary iOS Apps with an easy-to-use graphical user interface. Thus, bypassing client-side restrictions or unlocking additional features and premium content of Apps is going to be a child’s play.

snoop-it

snoop-it

 

We are going to cover more about mobile security tools in upcoming articles.

 

Source:http://www.iicybersecurity.com/pentesting-cracking-analysis-ios-apps.html

 

Advertisements
This entry was posted in Cyber Security, Pentest, Pruebas de Software. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s