Awesome iOS Security

iOS Security Awesome

This repository contains materials on iOS application security, various articles, research, analysis tools, and useful libraries/tools for application security. Most of this material comes from the Mobile AppSec World telegram channel and its subscribers. The repository is regularly updated and updated with new materials.

Analysis Tools

• baby
• PassionFruit
• GrapeFruit
• IOS Security Suite
• Blocking Jailbreak Detection Tweaks
• NetworkSniffer – NetworkSniffer will log ALL traffic for any iOS application. This includes WKWebView and UIWebView.
• Ghidra iOS kernelcache framework for reverse engineering
• frida-ios-dump
• dumpdecrypted
• Yet Another Code Decrypter
• xpcspy – Bidirectional XPC message interception and more
• checkra1n jailbreak
• Frida
• Objection – mobile exploration toolkit by Frida
• Bfinject
• iFunbox
• Libimobiledevice – library to communicate with the services of the Apple ios devices
• iRET (iOS Reverse Engineering Toolkit) – includes oTool, dumpDecrypted, SQLite, Theos, Keychain_dumper, Plutil
• Burp Suite
• Cycript
• iLEAPP – iOS Logs, Events, And Preferences Parser
• Cutter – Free and Open Source RE Platform powered by radare2
• decrypt0r – automatically download and decrypt SecureRom stuff
• Mobile-Security-Framework MobSF
• Runtime Mobile Security (RMS) – is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
• fridax
• MOBEXLER
• Generate Malformed QRCodes
• Tool for Injecting Malicious Payloads Into Barcodes
• AFL – american fuzzy lop
• Setup for i0S and Android Application Analysis – This is a cheatsheet to install tools required for i0S and Android application pentesting
• AES Killer (Burpsuite Plugin)
• ReFlutter
• Lief
• Mobile Verification Toolkit
• Hack for SpringBoard to prevent kill process

Protection Tools

• EllipticCurveKeyPair – Sign, verify, encrypt and decrypt using the Secure Enclave on iOS and MacOS.

Vulnerable applications

• Myriad iOS
• ExploitMe Mobile iPhone Labs
• Owasp: iGoat
• Damn Vulnerable iOS App (DVIA)
• Damn Vulnerable iOS App (DVIA) v2
  • DVIA Walkthrow
• OWASP: OMTG-Hacking-Playground
• Magnet Virtual Summit 2020 CTF (iOS)
  • writeup 1
  • writeup 2
• r2con2020 iOS Challenge 2
  • iOS Anti-Tampers Bypass

Video

In

• iOS Application Vulnerabilities and how to find them
• Attacking iPhone XS Max
• Behind the Scenes of iOS Security
• Analyzing and Attacking Apple Kernel Drivers
• Remotely Compromising iOS via Wi-Fi and Escaping the Sandbox
• Demystifying the Secure Enclave Processor
• HackPac Hacking Pointer Authentication in iOS User Space
• iOS 10 Kernel Heap Revisited
• Recreating An iOS 0-Day Jailbreak Out Of Apple’s Security Updates
• Building Secure iOS Apps (you don’t have to learn it the hard way!)
• The Worst Mobile Apps
• Learn modding Unity apps and games with Frida

Podcasts

• Mobile SSDLC

Articles

Ru

• Your flashlight can send SMS
• iPhone boot process. Part 1: Boot ROM
• iOS app reverse guide using ExpressVPN as an example
• Hacking and injecting your code into someone else’s iOS application
• iOS App Security: A Beginner’s Guide
• Just for fun: How long iOS “lives” before Jailbreak

In

Frida

• iOS Swift Anti-Jailbreak Bypass with Frida
• Gotta Catch ‘Em All: Frida & jailbreak detection
• Beginning Frida: Learning Frida use on Linux and (just a bit on) Wintel and Android systems with Python and JavaScript (Frida. hooking, and other tools)
• Learn how to use Frida with Unity app

Other

• iOS Write ups
• iOS Internals & Security Testing
• Hacking iOS Simulator with simctl and dynamic libraries
• Psychic Paper
• Stealing your SMS messages with iOS 0day
• Zero-day in Sign in with Apple
• Return of the ios sandbox escape: lightspeeds back in the race
• PIN Selection on Smartphones
• A survey of recent iOS kernel exploits
• Apple Two-Factor Authentication: SMS vs. Trusted Devices
• Intercepting Flutter traffic on iOS
• Snapchat detection on iOS
• Writing an iOS Kernel Exploit from Scratch
• The Four Ways to Deal with iPhone Backup Passwords
• Extracting and Decrypting iOS Keychain: Physical, Logical and Cloud Options Explored
• iOS Kernel Explotation – One Byte to rule them all
• Modern iOS Application Security
• Reverse Engineering iOS Mobile Apps
• KTRW: The journey to build a debuggable iPhone
• The One Weird Trick SecureROM Hates
• Tales of old: untethering iOS 11-Spoiler: Apple is bad at patching
• Messenger Hacking: Remotely Compromising an iPhone through iMessage
• Reverse Engineering the iOS Simulator’s SpringBoard
• Most usable tools for iOS penetration testing
• iOS-Security-Guides
• Trust in Apple’s Secret Garden: Exploring & Reversing Apple’s Continuity Protocol-Slides
• Apple Platform Security
• Mobile security, forensics & malware analysis with Santoku Linux
• Stealing local files using Safari Web Share API
• CVE-2020-9964 – An iOS infoleak
• Attack Secure Boot of SEP
• iOS 14 Forensics: What Has Changed Since iOS 13.7
• We Hacked Apple for 3 Months: Here’s What We Found
• Fun with XPC
• Bypass Facebook SSL Certificate Pinning for iOS
• Bypass Instagram SSL Certificate Pinning for iOS
• ASLR & the iOS Kernel — How virtual address spaces are randomised
• iOS/macOS penetration testing cheatsheet
• M1ssing Register Access Controls Leak EL0 State
• Jailbroken iOS can’t run macOS apps. I spent a week to find out why.
• Quick Analysis for the SSID Format String Bug
• Unpatched iPhone Bug Allows Remote Device Takeover
• Reverse Engineering Starling Bank
  • Part I: Obfuscation Techniques
  • Part II: Jailbreak & Debugger Detection, Weaknesses & Mitigations
• ProtonMail : forensic decryption of iOS App
• iOS on QEMU
• Proxying is not the only way to monitor network traffic on your iOS mobile apps
• Forensic guide to iMessage, WhatsApp, Telegram, Signal and Skype data acquisition
• Malware uses Corporate MDM as attack vector
• Mobexler Checklist
• Ad Fraud Spotted in Barcode Reader Malware Analysis
• Researching Confide Messenger Encryption
• Reverse Engineering Snapchat (Part I): Obfuscation Techniques
• Reverse Engineering Snapchat (Part II): Deobfuscating the Undeobfuscatable
• Firebase Cloud Messaging Service Takeover
• Saying Goodbye to my Favorite 5 Minute P1
• Reverse engineering Flutter apps (Part 1)
• How I Hacked facebook Again!
• Instagram_RCE: Code Execution Vulnerability in Instagram App for Android and iOS
• How to use Ghidra to Reverse Engineer Mobile Application
• React Native Application Static Analysis
• Pentesting Non-Proxy Aware Mobile Applications Without Root/Jailbreak
• CVE-2021-30737 – Vulnerability Overview
  • CVE-2021-30737, @xerub’s 2021 iOS ASN.1 Vulnerability
• Facebook BugBounty Writeups

Other materials

• OWASP MSTG
• Full Mobile Hacking Course
• NowSecure Academy

The iOS Security is a github repository by Swordfish Security