Hi Guys this is an old blog post, but I decided to update it to reflect the most recent M1 macbook and iOS device.
Tools for IOS Testing
- Mobile Security Framework MobSF
- Apple Configurator 2
- Unc0ver
- Objection
- Frida
- Impactor
- SqliteBrowser
- iFunbox
- Altstore
MOBSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
How to install MOBSF
git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
cd Mobile-Security-Framework-MobSF
./setup.sh ./run.sh
Jailbreaking iPhone
Jailbreaking is the privilege escalation of an Apple device for the purpose of removing software restrictions imposed by Apple on iOS, iPadOS, tvOS and watchOS operating systems. Just like ROOTING in android.
1. Check the IOS version, open settings > general > about.
2. Go to https://altstore.io/ Download Altstore application I’m using Macbook so ITunes is not required to install app in mobile if you are using windows make sure you install full version ITunes from the following link: https://support.apple.com/downloads/itunes
3. Connect your iPhone with Macbook via cable and install the Altstore application. You will be needing your iCloud credential. You can create a new one if you don’t want to use your personal one.
4. Enter your username and Password here
5. After that go to https://unc0ver.dev from your mobile safari browser.
6. Open in AltStore (make sure the mail is open and plugin is install) you can see unc0ver is successfully install now you can open unc0ver application and run the jailbreak.
Install Mterminal from Cydia
Open Cydia Store and search Mterminal and install it.
SSH Connection
After that you need to install Openssh to get ssh connection of your your iPhone.
You can find your device ip from Settings > Wifi > Connected Wifi name > Click on info.
SSH Default Credentials:
root – alpine
mobile - alpine
Jailbreak Detection Bypass
Open Cydia store > Search > liberty Lite. Install it.
Open LibertyLite settings from Settings > Liberty lite
Here, you can select apps whom you want to bypass Jailbreak Detection.
SSL Pinning Bypass
1. Download SSL kill switch2 from https://github.com/nabla-c0d3/ssl-kill-switch2/releases/download/0.14/com.nablac0d3.sslkillswitch2_0.14.deb
2. copy file on mobile via itunes or any method.
3. open Mterminal which we installed before to install Openssh and run.
SU
After that install file which we copied earlier
dpkg -i ssl.deb
4. SSLKIll successfully installed now you can go to device settings to check the same.
5. You can bypass ssl pinning by disabling certificate validation.
Installing Frida
Add source in Cydia Store and let it update the resources https://build.frida.re
Once done search Frida in search-box and install it.
Installing Frida in Computer
Note: Make sure you have installed python-pip
pip install frida-tools
After installing do a small test
Connect mobile to computer via cable and run following command.
frida-ps -U
Installing Objection
Objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.
Run following command to install Objection
pip3 install objection
Small test to see we have install everything successfully .
objection -g applicationname explore
Extra:
How to install IPA file in iPhone.
Install Apple configurator from link we provided in tool list and launch it.
Connect your phone via cable and give access to mobile.
Click on add and select Apps
After that click on choose from my mac and select IPA file it will be installed on your phone now you are ready to go.
Stay tuned for more updates. 😄
