Hi folks, before we have reviewed the top ten tools for Android penetration testing and security assessment, and today we are gonna talk about Apple iOS.
Some of the tools which were described in a previous article are also applicable for iOS. All presented tools are our individual selection.
The List
Frida iOS Dump - One of the most useful tools to begin security assessment for iOS applications. It allows you to download decrypted IPA file of the targeted applications, because of all applications in iOS filesystem are encrypted and researchers can't analyze it, but in device memory, they are decrypted, so this script goes to the running app and dumps the memory section which contains decrypted binary data.
Hopper - The next one is the most useful disassembler for *OS applications, Hopper. The killer feature of Hopper is the Objective-C demangling during the decompilation of binary code, it's very handy because by the names of Classes and methods we can reverse engineer application logic.
XReSign - This one allows you to sign or resign unencrypted ipa-files with a certificate for which you hold the corresponding private key. Checked for developer, ad-hoc and enterprise distribution. Is very useful when we modifying the application code and trying to install it on the device.
class-dump - Very old and most popular command-line utility helping with examining the Objective-C runtime information stored in Mach-O files. It generates declarations for the classes, categories, and protocols. Helps to discover all classes and methods to perform research activities.
cycript - Here we have a tool that allows us to explore and modify running applications on either iOS or Mac OS X using a hybrid of Objective-C++ and JavaScript syntax through an interactive console that features syntax highlighting and tab completion.
frida - Frida is an alternative to cycript application that allows injecting your own scripts into black-box processes. Hook any function, spy on crypto APIs or trace private application code, no source code needed. Also, Frida has a very good community that shares code snippets on a codeshare.frida.re.
Passionfruit - is one of the most perspective and useful projects from last years for iOS penetration testers and security researchers. It's a swiss knife of iOS security research based on a Frida engine but unfortunately, it doesn't support versions higher than Frida 12.
IntroSPY - is an alternative to the Passionfruit application, but much older and without update for the last 5 years, but in some cases is still useful.
Apple configurator - The tool which can be used to view live system log on iDevice, same to PidCat for Android.
objection - is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, even without the need for a jailbreak.
Conclusion
Today we have reviewed the ten most prefered tools for iOS security assessment that we are using.
Almost all tools are open-source so you can modify and reuse it as you want. So stay safe, and feel free to contact us.