Command Line Cheat Sheet for iOS Penetration Testing¶
Preparation¶
Install Brew, which simplifies package installation on macOS. Use the following command in the Terminal (Finder -> Applications -> Utilities -> Terminal):
Install XCode to get essential developer tools. In the Terminal, execute:
Alternatively, XCode can be downloaded manually from the Apple Website.
Register your Apple ID as an Apple Developer Account. No need for a paid Apple Developer Program membership at this stage, as you only need a certificate for signing IPA files in XCode or other tools.
SSH Over USB (iPROXY)¶
Guide and tools for establishing SSH connections over USB can be found on the iPhoneDevWiki.
Download .ipa file from the App Store or iPhone/iPad device¶
For Jailbroken Devices¶
Clutch: A tool for decrypting iOS apps. Detailed information and downloads can be found on GitHub.
Frida Script:
To use frida-ios-dump, set up port forwarding with iProxy first:
Then dump the app:iOS Binary Analysis¶
ios-Analysis¶
Download and setup:
$ git clone https://github.com/IAIK/ios-analysis
$ cd ios-analysis
$ git submodule update --init --recursive
error: RPC failed; curl 56 LibreSSL SSL_read: SSL_ERROR_SYSCALL, errno 60, try:
Sign & Install .ipa using Windows¶
- Download AltSigner.
- Install the latest version of iTunes directly from Apple (not from the Microsoft Store).
- Open iTunes, connect your device, and copy the UDID from the device summary page.
- Open AltSigner, input your Apple ID, password, UDID, and the path to the .ipa file.
- Click
Signto sign the .ipa file, andInstallto install it on your device.
Signing IPA File with Our Provisioning Profile¶
For a GUI-based approach, use iOS App Signer. This tool simplifies the process of signing IPA files using your own provisioning profiles, which you can generate via XCode when installing an application.
Troubleshoot¶
Ensure that you always check the console for error messages and refer to online resources or communities if specific errors arise during installation or operation of the tools mentioned.