Installing Tools

Setting up the toolkit is arguably one of the most important sections of the iOS pentest. As they say, "a workman is only as good as his tools".

From Cydia, download and install the applications listed below.

AppSync - Installs custom IPA files (Cydia source: https://cydia.akemi.ai/)
Filza - File Browser
OpenSSH ? Allows us to connect to the iPhone remotely over SSH
AppSync - https://cydia-app.com/appsync/
Adv-cmds : Comes with a set of process commands like ps, kill, finger?
Sqlite3 : Sqlite database client
~~GNU Debugger: For run time analysis & reverse engineering~~
~~Veency: Allows to view the phone on the workstation with the help of veency client~~
Tcpdump: To capture network traffic on phone
~~com.ericasadun.utlities: plutil to view property list files~~
Grep: For searching
~~Odcctools: otool ? object file displaying tool~~
~~Crackulous: Decrypt iPhone apps~~
~~Hackulous: To install decrypted apps~~
~~Snoop-it [discontinued]: Monitor various application resources (Cydia Source: https://[repo.nesolabs.de](http://repo.nesolabs.de/))~~
Frida: (Cydia Repo https://build.frida.re)

Installing an IPA file

Once the iOS device has been Jailbroken and Cydia has been installed, the user can follow the steps below to install a custom and unsigned iOS application (.IPA) file.

Add https://cydia.akemi.ai/ to the Cydia sources list
Search for "AppSync Unified" and install the latest package from the repository
Push the .IPA to the iPad using SFTP or SSH (Install OpenSSH from Cydia with the default credentials of root / alpine)
Install "Filza" from Cydia and navigate to the uploaded .IPA file and click the icon.
Click install from the context window

Decrypting iOS App

Some iOS apps are encrypted and to extract them can be complicated. Luckily there is a tool on GitHub for this:

AloneMonkey/frida-ios-dump

YouTube Link

https://www.youtube.com/watch?v=dJuimSHi8Po

PreviousJailbreaking NextGenerating Strong Certificates (Burp)

Last updated 3 years ago