Book Image

Learning iOS Penetration Testing

By : Swaroop Yermalkar
Book Image

Learning iOS Penetration Testing

By: Swaroop Yermalkar

Overview of this book

iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks. Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications. This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing.
Table of Contents (17 chapters)
Learning iOS Penetration Testing
Foreword – Why Mobile Security Matters
About the Author
About the Reviewer

Decrypting signed iOS applications

Now, let's study how to view the source code of an encrypted application. First, download the application from App Store and try the methods that you learned in the previous section.

Download the bubbsie application from App Store for demonstration purposes; if you try class-dump-z with an app downloaded from App Store, you will get an error stating that the binary is encrypted:

So, we need to decrypt the app before providing it to class-dump-z.

Follow the given steps to decrypt a signed iOS application:

  1. You should have Clutch installed on your iDevice. You can install it from Cydia if you haven't done it yet. Once you enter the clutch command in device shell, it will show you all encrypted applications available on iDevice:

  2. Now, select the app that you want to decrypt and provide a name to clutch; it will decrypt the app and show the location where it's been decrypted:

  3. Once the application is decrypted, you can use class-dump-z. Provide a decrypted IPA file...