Pentest Book
Search…
iOS
1
# All about Jailbreak & iOS versions
2
https://www.theiphonewiki.com/wiki/Jailbreak
3
4
# Checklist
5
https://mobexler.com/checklist.htm#ios
6
7
# Jailbreak for iPhone 5s though iPhone X, iOS 12.3 and up
8
# https://checkra.in/
9
checkra1n
10
11
# 3UTools
12
http://www.3u.com/
13
14
# Cydia
15
# https://ryleylangus.com/repo
16
# Liberty Bypass Antiroot
17
18
# SSL Bypass
19
# https://github.com/evilpenguin/SSLBypass
20
21
22
# Check Info Stored:
23
3U TOOLS - SSH Tunnel
24
25
# Analyzing binary:
26
# Get .ipa
27
# unzip example.ipa
28
# Locate binary file (named as the app usually)
29
30
# Check encryption
31
otool –l BINARY | grep –A 4 LC_ENCRYPTION_INFO
32
# If returned "cryptid 1" ipa is encrypted, good for them
33
34
# Check dynamic dependencies
35
otool –L BINARY
36
37
# SSL Bypass
38
# https://github.com/evilpenguin/SSLBypass
39
40
find /data/app -type f -exec grep --color -Hsiran "FINDTHIS" {} \;
41
find /data/app -type f -exec grep --color -Hsiran "\"value\":\"" {} \;
42
43
.pslist= "value":"base64"}
44
45
find APPPATH -iname "*localstorage-wal" -> Check manually
46
47
# Extract IPA from installed app
48
ls -lahR /var/containers/Bundle/Application/ | grep -B 2 -i 'appname' # To find app ID
49
scp -r [email protected]:/var/containers/Bundle/Application/{ID} LOCAL_PATH
50
mkdir Payload
51
cp -r appname.app/ Payload/
52
zip -r app.ipa Payload/
53
54
# Interesting locations
55
/private/var/mobile/Containers/Data/Application/{HASH}/{BundleID-3uTools-getBundelID}
56
/private/var/containers/Bundle/Application/{HASH}/{Nombre que hay dentro del IPA/Payloads}
57
/var/containers/Bundle/Application/{HASH}
58
/var/mobile/Containers/Data/Application/{HASH}
59
/var/mobile/Containers/Shared/AppGroup/{HASH}
Copied!
Last modified 2mo ago
Export as PDF
Copy link