Awesome iOS Security

A curated list of awesome iOS application security resources.

A collection of awesome tools, books, courses, blog posts, and cool stuff about iOS Application Security and Penetration Testing.

Contents

• Tools
  • Reverse Engineering Tools
  • Static Analysis Tools
  • Dynamic Analysis Tools
• Tweaks
  • Reverse Engineering Tweaks
  • Jailbrek Detection Bypass Tweaks
  • SSL Pinning Bypass Tweaks
• Frida Scripts
• Courses
• Books
• Sessions & Workshops
• Articles & Tutorials
  • Penetration Testing Articles
  • Reverse Engineering Articles
  • Jailbrek Detection Bypass Articles
  • SSL Pinning Bypass Articles
• Checklists & Cheatsheets
• Labs
• CTF
• Writeups
• Misc

Tools

Reverse Engineering Tools

• Hopper - A reverse engineering tool that will assist you in your static analysis of executable files.
• Ghidra - A software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
• Radare2 - UNIX-like reverse engineering framework and command-line toolset.
• Cutter - Free and Open Source Reverse Engineering Platform powered by rizin.
• frida-ios-dump - A tool to pull a decrypted IPA from a jailbroken device.
• bagbak - Yet another frida based App decryptor. Requires jailbroken iOS device and frida.re.
• flexdecrypt - An iOS App & Mach-O binary decryptor.
• bfdecrypt - Utility to decrypt App Store apps on jailbroken iOS 11.x.
• bfinject - Easy dylib injection for jailbroken 64-bit iOS 11.0 - 11.1.2. Compatible with Electra and LiberiOS jailbreaks.
• r2flutch - Yet another tool to decrypt iOS apps using r2frida.
• Clutch - A high-speed iOS decryption tool.
• dsdump - An improved nm + objc/swift class-dump tool.
• class-dump - A command-line utility for examining the Objective-C segment of Mach-O files.
• SwiftDump - A command-line tool for retriving the Swift Object info from Mach-O file.
• jtool - An app inspector, disassembler, and signing utility for the macOS, iOS.
• Sideloadly - An app to sideload your favorite games and apps to Jailbroken & Non-Jailbroken iOS devices.
• Cydia Impactor - A GUI tool for sideloading iOS application.
• AltStore - Allows to sideload other apps (.ipa files) onto iOS device.
• iOS App Signer - An app for macOS that can (re)sign apps and bundle them into ipa files that are ready to be installed on an iOS device.

Static Analysis Tools

• iLEAPP - An iOS Logs, Events, And Plist Parser.
• Keychain Dumper - A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken.
• BinaryCookieReader - A tool to read the binarycookie format of Cookies on iOS applications.
• PList Viewer - Gtk application to view property list files.
• XMachOViewer - A Mach-O viewer for Windows, Linux and macOS.
• MachO-Explorer - A graphical Mach-O viewer for macOS. Powered by Mach-O Kit.
• iFunbox - A general file management software for iPhone and other Apple products.
• 3uTools - An All-in-One management software for iOS devices.
• iTools - An All-in-One solution for iOS devices management.

Dynamic Analysis Tools

• Corellium - The only platform offering ARM-based mobile device virtualization using a custom-built hypervisor for real-world accuracy and high performance.
• Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
• frida-gum - Cross-platform instrumentation and introspection library written in C.
• Fridax - Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.
• r2frida - Radare2 and Frida better together.
• r2ghidra - An integration of the Ghidra decompiler for radare2.
• iproxy - A utility allows binding local TCP ports so that a connection to one (or more) of the local ports will be forwarded to the specified port (or ports) on a usbmux device.
• itunnel - Use to forward SSH via USB.
• objection - A runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.
• Grapefruit - Runtime Application Instruments for iOS.
• Passionfruit - Simple iOS app blackbox assessment tool, powered by frida 12.x and vuejs.
• Runtime Mobile Security (RMS) - Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime.
• membuddy - Dynamic memory analysis & visualisation tool for security researchers.
• unidbg - Allows you to emulate an Android ARM32 and/or ARM64 native library, and an experimental iOS emulation.
• Qiling - An advanced binary emulation framework.
• fishhook - A library that enables dynamically rebinding symbols in Mach-O binaries running on iOS.
• Dwarf - Full featured multi arch/os debugger built on top of PyQt5 and frida.
• FridaHookSwiftAlamofire - A frida tool that capture GET/POST HTTP requests of iOS Swift library 'Alamofire' and disable SSL Pinning.
• ios-deploy - Install and debug iOS apps from the command line. Designed to work on un-jailbroken devices.
• aah - Run iOS arm64 binaries on x86_64 macOS, with varying degrees of success.
• LLDB - A next generation, high-performance debugger.
• mitmproxy - A free and open source interactive HTTPS proxy.
• Burp Suite - An advanced HTTPS proxy software.

Tweaks

Reverse Engineering Tweaks

• FoulDecrypt - A lightweight and simpling iOS binary decryptor, supports iOS 13.5 and later.
• iGameGod - Cheat Engine, Speed Manager, Auto Touch, Device Spoofer & App Decryptor.
• CrackerXI - Tool to Decrypt iOS Apps, based on BFInject, Supports Electra as well as Unc0ver Jailbreaks.
• flexdecrypt - Command line tool for decrypting Mach-O binaries.
• Flex 3 Beta - Flex gives you the power to modify apps and change their behavior, with no coding experience needed.
• Frida - Frida server for iOS.
• OpenSSH - Secure remote access between machines.
• Apple File Conduit "2" - Unlocks filesystem access over USB on Windows or macOS on jailbroken devices.
• AppSync Unified - Enables the ability to install unsigned/fakesigned iOS applications.
• NewTerm 2 - A powerful terminal app for iOS.
• Filza File Manager - A Powerful File Manager for iOS with IPA Installer, DEB Installer, Web viewer, and Terminal.

Jailbrek Detection Bypass Tweaks

• Shadow - A lightweight general jailbreak detection bypass tweak.
• A-Bypass - A tool that helps block some apps from accessing unauthorized space or calling functions not authorized by Apple due to jailbreak.
• FlyJB X - A jailbreak bypass that allows you to bypass the in-app jailbreak detection mechanism.
• Liberty Lite (Beta) - A general purpose jailbreak detection bypass patch.
• vnodebypass - An expermental tool to hide jailbreak files for bypass detection.
• KernBypass (Unofficial) - A kernel level jailbreak detection bypass tweak.
• HideJB - Bybass jailbreak detection in certain apps.
• Hestia - A global jailbreak detection bypass tweak.
• Choicy - An advanced tweak configurator.

SSL Pinning Bypass Tweaks

• SSL Kill Switch 2 - A blackbox tool to disable SSL/TLS certificate validation - including certificate pinning - within iOS and macOS applications.
• SSLBypass - An iOS SSL Pinning Bypass Tweak (iOS 8 - 14).

Frida Scripts

• FridaSwiftDump - A Frida script for retriving the Swift Object info from an running app.
• iOS 13 SSL Bypass - SSL Pinning Bypass for iOS 13.
• iOS 12 SSL Bypass - SSL Pinning Bypass for iOS 12.
• iOS Jailbreak Detection Bypass - A Frida script used for bypass iOS jailbreak detection by hooking some methods and functions.
• iOS App Static Analysis - Script for iOS app's static analysis.
• Touch ID Bypass - A Frida script for iOS Touch/Face ID Bypass.

Courses

• Pentesting iOS Applications - By PentesterAcademy.
• iOS Pentesting - By Mantis.
• iOS Application Pentesting Series - By Sateesh Verma.
• IOS: Penetration Testing - By Noisy Hacker.

Books

• iOS Hacking Guide - By Security Innovation.
• iOS Application Security: The Definitive Guide for Hackers and Developers - By David Thiel.
• iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
• Learning iOS Penetration Testing - By Swaroop Yermalkar.
• Hacking and Securing iOS Applications - By Jonathan Zdziarski.
• iOS Hacker's Handbook - By Charlie Miller.

Sessions & Workshops

• iOS + Frida Tutorial - A 3-parts workshop contains an introduction to Frida and iOS, low-level iOS interfaces (GCD, XPC, IOKit, Mach), and Objective-C instrumentation by @naehrdine.
• Exploiting Common iOS Apps' Vulnerabilities - A session by @ivRodriguezCA that walks through some of the most common vulnerabilities on iOS apps and shows how to exploit them.
• iOS Reverse Engineering With Frida - How to get started in iOS RE with any PC/Mac, an iPhone, and Frida by @x71n3.
• iOS Application Vulnerabilities and how to find them - How to get started with hacking iOS apps, environment requirement, play ground etc. by @0ctac0der.

Articles & Tutorials

Penetration Testing Articles

• A Comprehensive guide to iOS Penetration Testing
• Getting Started with iOS Penetration Testing
• iOS Pentesting 101
• Insecure iOS Storage - DVIAv2

Reverse Engineering Articles

• iOS Pentesting Tools Part 1: App Decryption and class-dump
• Anti Anti Hooking/Debugging - DVIAv2
• Runtime Manipulation - DVIAv2
• Reverse Engineering iOS Apps - iOS 11 Edition

Jailbrek Detection Bypass Articles

• Bypass Jailbreak Detection with Frida in iOS applications
• iOS Swift Anti-Jailbreak Bypass with Frida
• Bypassing JailBreak Detection - DVIAv2
• Gotta Catch 'Em All: Frida & jailbreak detection

SSL Pinning Bypass Articles

• SSL Pinning bypass in iOS application
• Bypass Facebook SSL Certificate Pinning for iOS
• Bypass SSL Pinning with LLDB on AppStore iOS apps

Checklists & Cheatsheets

• HackTricks iOS Pentesting Checklist
• OWASP Mobile Application Security Verification Standard (MASVS)
• iOS CheatSheet
• iOS Client-Side Attacks and Tests

Labs

• Damn Vulnerable iOS Application (DVIA)
• OWASP iGoat
• WaTF Bank
• Myriam

CTF

• OWASP UnCrackable Mobile Apps
• r2con Crackmes
• Headbook-CTF
• iOS CTF
• DFA/CCSC Spring 2020 CTF – Apple iOS Forensics with iLEAPP
• NCC Con 2018 iOS CTF
• Cellebrite CTF 2021 - Beth's iPhone

Writeups

• A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
• Airdrop: Symbolic Link Following
• XSS STORED IN FILES.SLACK.COM VIA XML/SVG FILE (IOS)
• Facebook iOS address bar spoofing

Misc

• iOS Jailbreak Downloads - Download Jailbreak Tools for All iOS Versions.
• MOBEXLER - A customised virtual machine, designed to help in penetration testing of Android & iOS applications.
• frida Workbench - Unofficial frida workbench for VSCode.
• Apple Configurator - Apple Configurator features a flexible, device-centric design that enables you to configure one or dozens of devices quickly and easily.
• Apple Platform Security - Explore Apple Platform Security.
• IPSW Downloads - Download current and previous versions of Apple's iOS, iPadOS, macOS, watchOS, tvOS and audioOS firmware and receive notifications when new firmwares are released.
• theos - A cross-platform suite of tools for building and deploying software for iOS and other platforms.

Contributing

Your contributions are always welcome! Please read the contribution guidelines first.