iOS#
iOS artifacts, jailbreaks, and app-testing tools. Forensic recovery runs against the artifact locations; offensive testing wraps the jailbreak chain plus a stable of app-pentest toolkits.
Artifact locations#
Contacts /var/mobile/Library/AddressBook/AddressBookImages.sqlitedb
Calls /var/mobile/Library/CallHistoryDB/CallHistory.storedata
SMS /var/mobile/Library/SMS/sms.db
Maps /var/mobile/Applications/com.apple.Maps/Library/Maps/GeoHistory.mapsdata
Safari /var/mobile/Library/Safari/History.db
Photos Database /var/mobile/Media/PhotoData/Photos.sqlite
Jailbreaks#
Checkra1n, a high-quality semi-tethered jailbreak based on the
checkm8 bootrom exploit. iPhone 5s through iPhone X, iOS 12.3 and
up. https://checkra.in/
PhoenixPwn, semi-untethered jailbreak for 9.3.5 to 9.3.6. All
32-bit devices supported. https://phoenixpwn.com/
App testing#
IDB, iOS App Security Assessment Tool.
https://github.com/dmayer/idbiRET, iOS Reverse Engineering Toolkit.
https://github.com/S3Jensen/iRETDVIA, Damn Vulnerable iOS App for learning.
http://damnvulnerableiosapp.com/LibiMobileDevice, cross-platform protocol library to communicate with iOS devices.
https://github.com/libimobiledevice/libimobiledeviceNeedle, iOS App Pentesting Tool.
https://github.com/mwrlabs/needleAppCritique, iOS App Security Assessment Tool.
https://appcritique.boozallen.com/
Cracked IPA apps#
AppCake,
https://www.iphonecake.comIPA Rocks,
https://ipa.rocks/
Reverse engineer an iOS app (works on iOS 11 and 12).
Add
https://level3tjg.github.iosource to Cydia.Install
bfdecrypt.Go to bfdecrypt preference pane in Settings, set the app to decrypt.
Launch it.
Decrypted IPA is stored in the Documents folder of the app.