Dynamic analysis of iOS apps without Jailbreak

Static analysis vs. dynamic analysis

Comparative table of analysis methods

Dynamic analysis

Android situation

iOS problem

Jailbreak

The cost which Zerodium can pay for the Remote Jailbreak.

Security analysis of iOS applications

Whitebox

Graybox

Blackbox

Dynamic security analysis of iOS apps without Jailbreak

0x00 Preparation

0x01 Download .ipa file

0x02–0x03 Data extraction and decryption .ipa

0x04 Framework append

What can be put inside .ipa file?

Frida (GitHub: /frida/frida)

Cycript (www.cycript.org / GitHub: /nowsecure/frida-cycript)

CydiaSubstrate (cydiasubstrate.com / mobilesubstrate.deb)

Reveal (revealapp.com)

0x05 Application singing

0x06 Application delivery

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store