devalias.net icon indicating copy to clipboard operation
devalias.net copied to clipboard
verified publisher icon 0xdevalias

[DeepDive] Mobile Security Research (iOS, Android, etc)

Open 0xdevalias opened this issue 6 years ago • 0 comments

General

  • https://mobile-security.gitbook.io/mobile-security-testing-guide/
    • https://mobile-security.gitbook.io/mobile-security-testing-guide/general-mobile-app-testing-guide/
  • https://github.com/MobSF/Mobile-Security-Framework-MobSF

    • Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline. The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.

iOS

  • https://canijailbreak.com/
    • https://github.com/cj123/canijailbreak.com
  • https://ipsw.me/

    • Download current and previous versions of Apple's iOS, iPadOS, watchOS, tvOS and audioOS firmware and receive notifications when new firmwares are released.

  • https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/
    • https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06b-basic-security-testing
      • jailbreaking, etc
      • obtaining-and-extracting-apps
      • installing-apps
      • information-gathering
      • basic-network-monitoring-sniffing

        • You can remotely sniff all traffic in real-time on iOS by creating a Remote Virtual Interface for your iOS device

          • https://stackoverflow.com/questions/9555403/capturing-mobile-phone-traffic-on-wireshark/33175819#33175819
            • https://developer.apple.com/documentation/network/recording_a_packet_trace#3034657

            • install Wireshark on your computer

            • connect iOS device to computer via USB cable

            • connect iOS device and computer to the same WiFi network

            • run this command in a OSX terminal window: rvictl -s x where x is the UDID of your iOS device. You can find the UDID of your iOS device via iTunes (make sure you are using the UDID and not the serial number).

            • goto Wireshark Capture->Options, a dialog box appears, click on the line rvi0 then press the Start button.

      • setting-up-an-interception-proxy
    • https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06d-testing-data-storage
    • https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06c-reverse-engineering-and-tampering
  • https://github.com/Naituw/IPAPatch

    • IPAPatch provide a simple way to patch iOS Apps, without needing to jailbreak.

    • https://github.com/Naituw/HackingFacebook

      • Bypassing Facebook for iOS's SSL Pinning, allow us to capture decrypted HTTPS request send from Facebook, with tools like Charles.

  • https://libimobiledevice.org/
    • https://libimobiledevice.org/#downloads
      • libimobiledevice, usbmuxd, ideviceinstaller, idevicerestore, ifuse, libusbmuxd, libplist, libirecovery, libideviceactivation
      • https://github.com/libimobiledevice
        • https://github.com/libimobiledevice/usbmuxd

          • A socket daemon to multiplex connections from and to iOS devices

        • https://github.com/libimobiledevice/libplist

          • A library to handle Apple Property List format in binary or XML

  • https://github.com/sensepost/objection

    • objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.

  • https://github.com/chaitin/passionfruit/

    • Simple iOS app blackbox assessment tool. Powered by frida.re and vuejs

    • https://github.com/chaitin/passionfruit/issues/74

      • This repo is going to be archived. It's being rebuilt from the ground up, and a new project will be annonced once it's finished. It has a better organized architecture, and it should be much more stable and easier to contribute. There may be rebranding if I come up with something. Therefore, I'll stop accepting bug reports and feature requests here. Please join our Discord Channel to track updates.

  • https://github.com/KJCracks/Clutch

    • Clutch is a high-speed iOS decryption tool. Clutch supports the iPhone, iPod Touch, and iPad as well as all iOS version, architecture types, and most binaries.

    • Clutch requires a jailbroken iOS device with version 8.0 or greater.

  • https://github.com/DerekSelander/dsdump

    • An improved nm + objc/swift class-dump

  • https://support.apple.com/en-au/HT204215#findiTunes

    • Locate backups of your iPhone, iPad and iPod touch

    • macOS: ~/Library/Application Support/MobileSync/Backup/
    • Windows: \Users\(username)\AppData\Roaming\Apple Computer\MobileSync\Backup\
  • http://www.i-funbox.com/en/page-about-us.html

    • iFunbox is one of the best universal file management software for iPhone and other Apple products. Browse and manage files and directories on iPhone, iPad, iPod Touch on PC in a window similar to windows explorer, so that all types of Apple devices can share each other's resources, allowing you to easily upload or export movies, music, e-book , Desktop, photos, and applications. It can also turn your iPhone into a USB flash drive for easy file carrying. These functions can be easily implemented without jailbreak.

    • Core function 1: Full control of iPhone / iPad file system

    • Core function 2: One-stop App installation and backup

    • Core Function 3: Fast universal file access

    • Core Function 4: No jailbreak access to application sandbox

    • Core function 5: Wallpaper function

    • Core function 6: Export music and videos from iPhone / iPod

  • https://macroplant.com/iexplorer

    • iExplorer is the ultimate iPhone manager. It transfers music, messages, photos, files and everything else from any iPhone, iPod, iPad or iTunes backup to any Mac or PC computer. It's lightweight, quick to install, free to try, and up to 70x faster and more resource efficient than the competition.

  • https://github.com/as0ler/BinaryCookieReader

    • A tool to read the binarycookie format of Cookies on iOS applications

  • https://github.com/KittyNighthawk/binary-cookie-extractor

    • Go based program that decodes Safari/iOS/iPadOS binary cookie files

  • https://github.com/richinfante/iphonebackuptools

    • iOS Backup Data Extraction

    • https://www.richinfante.com/2017/3/16/reverse-engineering-the-ios-backup
  • https://github.com/vgmoose/OpenBackupExtractor

    • Open Backup Extractor is an open source program for extracting data from iPhone and iPad backups

  • https://github.com/garrett-davidson/iOS-Backup-Forensics-Toolkit

    • Decrypts local iOS backups and recreates file system, with a framework for automatically extracting useful information

  • https://github.com/search?o=desc&q=ios+backup&s=stars&type=Repositories
  • Sublime Text
    • https://packagecontrol.io/packages/BinaryPlist
      • https://github.com/tyrone-sudeium/st3-binaryplist

        • Automatically converts binary property lists to XML when opened and writes them back out to binary when saved.

Android

  • TODO
  • https://chrome.google.com/webstore/detail/apk-downloader/fgljidimohbcmjdabiecfeikkmpbjegm

    • Direct download APK file and install the app manually onto your Android devices.

    • How does Online APK Downloader Work? Google Play Store app works by using a protocol called protobuf API (protocol buffers), and the Free Online APK Downloader uses the same API. It generates the direct download links and downloads APK file (Android App Bundle or APK & OBB file) directly from the Google servers without the need of Google account.

  • https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/
  • https://book.hacktricks.xyz/
    • https://book.hacktricks.xyz/mobile-apps-pentesting/android-checklist
    • https://book.hacktricks.xyz/mobile-apps-pentesting/android-app-pentesting

Firebase

  • https://firebase.google.com/
    • https://firebase.google.com/docs/database
    • https://firebase.google.com/docs/rules
    • https://firebase.google.com/docs/database/security
  • https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06d-testing-data-storage#firebase-real-time-databases
  • https://book.hacktricks.xyz/pentesting/pentesting-web/buckets/firebase-database
  • https://github.com/Turr0n/firebase

    • Exploiting misconfigured firebase databases

  • https://github.com/MuhammadKhizerJaved/Insecure-Firebase-Exploit

    • A simple Python Exploit to Write Data to Insecure/vulnerable firebase databases! Commonly found inside Mobile Apps. If the owner of the app have set the security rules as true for both "read" & "write" an attacker can probably dump database and write his own data to firebase db.

  • Articles
    • https://blog.securitybreached.org/2020/02/04/exploiting-insecure-firebase-database-bugbounty/
    • http://ghostlulz.com/google-exposed-firebase-database/
      • site:.firebaseio.com "COMPANY NAME HERE"
        • in anything other than Google
    • https://www.comparitech.com/blog/information-security/firebase-misconfiguration-report/

      • Comparitech’s security research team led by Bob Diachenko examined 515,735 Android apps, which comprise about 18 percent of all apps on Google Play.

      • Of the 155,066 Firebase apps analyzed, 11,730 had publicly exposed databases. 9,014 of them even included write permissions

      • Of the 11,730 publicly exposed databases, 4,282 leaked user information. The rest were empty or contained no user information, but were still vulnerable to attack.

Unsorted

  • http://www.allysonomalley.com/
    • Many modern/up to date blogs on iOS pentesting/etc
    • https://www.allysonomalley.com/2018/08/10/ios-pentesting-tools-part-1-app-decryption-and-class-dump/
    • https://www.allysonomalley.com/2018/12/13/ios-pentesting-tools-part-2-cycript/
    • https://www.allysonomalley.com/2018/12/20/ios-pentesting-tools-part-3-frida-and-objection/
    • https://www.allysonomalley.com/2019/01/06/ios-pentesting-tools-part-4-binary-analysis-and-debugging/
    • etc

0xdevalias avatar Oct 27 '19 22:10 0xdevalias