Home

Awesome

iOS/macOS penetration testing cheatsheet

ActionmacOSLinuxWiniOS w/JB
MobSFMobSFMobSFMobSF---
Plist viewplutil or Xcodeapt-get install libplist-utilsPlist Viewerplutil
GhidraGhidraGhidraGhidra---
FridaFridaFridaFrida---
Awesome FridaAwesome Frida------Awesome Frida
ObjectionObjectionObjectionObjectionObjection
NeedleNeedleNeedle------
Keychain dumperKeychain dumper------Keychain dumper
iOS URL SchemesiOS URL Schemes------iOS URL Schemes
Debug HacksDebug Hacks---------
SandBox DumperSandBox Dumper---------
PassionFruitPassionFruitPassionFruit------
iPhoneTunneliPhoneTunnel---iPhoneTunnel---
iRETiRET---------
idbidbidb------
XSecurityXSecurity---------

macOS Quick Look plugin for iOS & OSX developers

https://github.com/ealeksandrov/ProvisionQL – Generate amazing preview for .ipa .app .appex .mobileprovision .provisionprofile

iOS / macOS obfuscation

https://github.com/obfuscator-llvm/obfuscator/wiki – ollvm

Static analyze

Project/AppSwiftObjective-c
Swift Lint+-

Jailbreak

Jailbreak check
Jailbreak Chart
Can I Jailbreak?
Jailbreak list
Repos
http://cydia.iphonecake.com
http://apt.saurik.com/
http://repo.nesolabs.de/
https://build.frida.re/
http://appsec-labs.com/cydia/
http://cydia.zodttd.com/repo/cydia/
http://mobiletools.mwrinfosecurity.com/cydia/
http://repo666.ultrasn0w.com/
http://apt.thebigboss.org/repofiles/cydia/
http://cydia.radare.org/
http://apt.modmyi.com/
http://coolstar.org/publicrepo/
http://getdelta.co/ < Flex3 working
http://julioverne.github.io/
http://brunonfl.github.io/
http://apt.bingner.com/
http://repo.dynastic.co/
http://mcapollo.github.io/Public/
http://apt.hackcn.net/
http://repo.chariz.io/
http://cydia.ichitaso.com/
https://level3tjg.github.io < bfdecrypt (ios11/ios12)
http://ryleyangus.com/repo < Liberty Lite (beta) for JB bypas

Little h4ck for sslpinning bypass (help in some cases when sslkillswitch useless)

More info here NB! in some cases you may face with lack of libraries, do not replace anything manually in iOS, it may lead to infinity loop)

AppSign / Rebuild / Resign / Inject / Useful tools

Schema

Download and decrypt

ToolDescriptionLink
iFunBoxAppiFunBox
AppdbDownload&resign .ipaAppdb
iphonecakeDownload&resign .ipaiphonecake
4pdaDownload&resign .ipa4pda
iTunes w/app tabiTunes 12.6.3.6Apple Support
Download old version .ipaManual how-toLifehacker

Extract data

ToolDescriptionLink
RasticracJailbreak(+)Rasticrac
ClutchJailbreak(+)Clutch
bfinjectJailbreak(+), iOS 11-12bfinject

All in one (Inject > Repack > Resign > Upload)

ToolDescriptionLink
IPA PatchXcode ProjectIPA Patch
ResignXcode ProjectRegisn

Inject framework

ToolDescriptionLink
CydiaSubstrateFrameworkSite & .deb file
Reveal appProjectReveal app
JSPatchFrameworkJSPatch
FRAPLFrameworkFRAPL
Frida GadgetFrameworkFrida Gadget
CycriptFrameworkFrida+Cycript & Site

Repack and resign binary

ToolDescriptionLink
Node ResignXcode ProjectNode Resign
iOS App SignerXcode ProjectiOS App Signer
AppAddictAppAppAddict

Upload and run on device

ToolDescriptionLink
iFunBoxAppiFunBox
ImpactorAppCydia Impactor
IPA installerXcode ProjectIPA installer

Useful tools

ToolDescriptionLink
Runtime HeadersXcode ProjectRuntime Headers
SSL Killswitch 2Jailbreak(+)SSL Killswitch 2
TheosProjectTheos
DumpdecryptedProjectDumpdecrypted
BundleIDJailbreak(+)BundleID
IPSWDownload FirmwareIPSW

Slides and articles and links

NameLink
Malware wellbeing on iOS devicesSlides
DVIAHomepage
iGoat-SwiftHomepage
iOS-CTFHomepage
Dynamic analysis of iOS apps w/o JailbreakArticle En Article RU & Slides
Ro(o)tten Apples Vulnerability Heaven in the iOS SandboxSlides
Light and Dark side of Code InstrumentationSlides
Комбайны безопасности для iOS и AndroidSlides

Author: @ansjdnakjdnajkd

Do you want to add or fix? - Write to me or pull request!