An essential part of our application assessment methodology is to ensure that the application is protected during runtime. This process of tracing, profiling, and debugging the execution of an app during runtime is called Instrumentation. It includes the following, but its not limited to them:
Boolean bypass (jailbreak/piracy detection)
Local authentication bypass
Extracting sensitive data during runtime, such as private keys, passwords, and so on
Accessing hidden content by force-loading view controllers
Malware analysis
Can be utilized during any custom encryption protocol
Let's now go ahead and exploit the vulnerabilities, which include local authentication bypass in the DVIA app.
Open the app and navigate to Menu | Runtime Manipulation; you should able to see the following screenshot:
Hook up the process to Cycript, as shown in the following code snippet:
# ps -ef | grep Damn 501 35572 1 0 0:00.00 ?? 0:01.03 /var/mobile...