Introduction
This article introduces some of the important tools that an iOS Security Analyst must install in order to prepare the iPhone for application security. Jailbreaking an iPhone is a prerequisite as explained in the previous post. Let us look at series of actions that need to be performed for starting application security after jailbreaking the iPhone.
Accessing the iPhone’s File System: The Android Way
After a successful jailbreak, you have the ability to access every file on your device. For doing this, the simplest way is to install a file manager for your ‘jailbroken’ iPhone. ‘Filza File manager’ is one of the useful applications for this purpose.
It is available from the BigBoss repository packages. If the BigBoss repository is not present on Cydia, you can install it by adding http://apt.thebigboss.org/repofiles/cydia/ to the list of repositories.
Filza File Manager will now be available for installation as shown in the screenshot.
Search for Filza File manager and install the application as shown in the screenshot.
It will now be available with the other applications on the iPhone.
Open Filza. You will now be able to see the complete file system of your iPhone from ‘/’ (root) directory as shown.
The Secure SHell (SSH)
The next step is to prepare your iPhone to be accessed from command line. For this, SSH is the most widely technique used. For iOS 9 and below, OpenSSH and OpenSSL need to be installed from Cydia. From iOS 10 and above, the jailbreaking tools support Dropbear SSH client as OpenSSH seems broken for devices running on iOS 10 and above.
To SSH into your iPhone,
- Your computer and iPhone must be connected to the same local network andSSH client must be installed on your computer.
Open Settings on your device and head over to Wi-Fi. Tap on the SSID of the network that you are connected to.
Note down the IP Address (192.168.0.102 in this case).
On your computer, go to the system terminal or command line and type the following command:
ssh root@<IP Address>
If you are connecting to the device for the first time, an authentication message will be shown as shown in the screenshot below.
Type ‘yes’ and press Enter. Now you will be asked for a password. Type in the ‘root’ user’s password that you have set after jailbreaking the iPhone and press Enter.
Now, you have successfully made a SSH connection to your iPhone from your computer.
Note: If you encounter an error while connecting to the iPhone using SSH, refer to the jailbreak forums and channels on reddit.
For example, in iOS 10 and above, the dropbear SSH client allows only localhost SSH connections by default. To make an SSH connection using your computer, refer to the following URL:
https://yalujailbreak.net/ssh-ios-10-tutorial/
The Secure File Transfer Protocol (SFTP) and Secure CoPy (SCP)
Another set of important tools for a jailbroken device is SFTP and SCP. Both of them perform the same task i.e. copying a file from a computer to the iPhone and vice versa.
To get these tools on devices running on iOS 9 and below, OpenSSH and OpenSSL must be installed from Cydia. For devices running on iOS 10 and above, “SCP and SFTP for Dropbear” must be installed from Cydia as shown in the screenshot.
To transfer files using these tools, the following commands can be used:
- sftp root@<IP_Address> (followed by get and put commands)
- scp root@<IP_Address>:<Remote_Path> <Local_Path> (put command)
- scp <Local_Path> root@<IP_Address>:<Remote_Path> (get command)
Other Useful tools
Most of the banking applications and other secure applications either crash or display a message saying that ‘Jailbroken device is not supported’. As a security analyst, it is important to make these applications run on your jailbroken device in order to perform security analysis of the applications.
There are other necessary tools available to perform various tasks such as SSL Pinning Bypass, iOS Keychain dump and class dump from the application’s binary.
For this purpose, publicly available tools can be installed through Cydia application or using command line (SSH) depending on the availability of the tool. For installation through SSH, one should install “APT” Package from Cydia.
Some of the necessary tools available are:
Note: You must be careful while installing applications from untrusted repositories. Even one malicious application can brick your iPhone or at worse compromise your privacy and security of the device. Hence, always install the application from the trusted sources.
Conclusion
By following this article, we have seen some of the necessary tools required for iOS application security assessment. The foundation of static analysis of iOS applications lies within these tools. After successfully setting up these tools, we are more than ready to dive in iOS application’s security analysis. Up next, we will be discussing the iOS file system and architecture of an iOS application.
Image References:- https://images.google.com/
