Book Image

Learning iOS Penetration Testing

By : Swaroop Yermalkar
Book Image

Learning iOS Penetration Testing

By: Swaroop Yermalkar

Overview of this book

iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks. Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications. This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing.
Table of Contents (17 chapters)
Learning iOS Penetration Testing
Foreword – Why Mobile Security Matters
About the Author
About the Reviewer

Chapter 6. Analyzing iOS Binary Protections


"Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat."

 --Sun Tzu, The Art of War

In the previous chapter, you learned how to catch and seal sensitive data from getting leaked via side channels such as screenshots, logs, cache, and so on. Now, let's move on to the next level and see what all things can we perform with iOS binary. You can download iOS apps using iTunes and can get its binary by looking into the source location of an application.

In this chapter, we will look at the following topics:

  • Decrypting unsigned iOS applications

  • Decrypting signed iOS applications

  • Analyzing code by reverse engineering

  • Analyzing iOS binary

  • Hardening binary against reverse engineering

Have you ever performed reverse engineering of an Android APK file? In Android, we first convert APK files to JAR files and then convert these JAR files to actual source code. Then, we can access most of the application code in...