owasp-mastg icon indicating copy to clipboard operation
owasp-mastg copied to clipboard

Published 20 hours ago verified publisher icon OWASP

Add missing reverse engineering testcases for iOS

Open commjoen opened this issue 6 years ago • 5 comments

Add missing reverse engineering testcases for iOS given the following MASVS requirements:

  • [x] 8.4 The app detects, and responds to, the presence of widely used reverse engineering tools and frameworks on the device.
  • [x] 8.5 The app detects, and responds to, being run in an emulator.
  • [ ] 8.6 The app detects, and responds to, tampering the code and data in its own memory space.
  • [x] 8.9 Obfuscation is applied to programmatic defenses, which in turn impede de-obfuscation via dynamic analysis.
  • [ ] 8.11 All executable files and libraries belonging to the app are either encrypted on the file level and/or important code and data segments inside the executables are encrypted or packed. Trivial static analysis does not reveal important code or data.

commjoen avatar Jan 11 '19 09:01 commjoen

let me work on the following two: 8.4 The app detects, and responds to, the presence of widely used reverse engineering tools and frameworks on the device. 8.5 The app detects, and responds to, being run in an emulator.

sushi2k avatar Jan 23 '19 14:01 sushi2k

For 8.9 take a look at https://github.com/rockbruno/swiftshield

cpholguera avatar Aug 28 '19 07:08 cpholguera

We should split this one into several smaller tickets. Easier to track and follow. What do you think?

cpholguera avatar Oct 02 '19 10:10 cpholguera

yes please :D

commjoen avatar Oct 02 '19 10:10 commjoen

We should also consider now https://github.com/securing/IOSSecuritySuite It implements a few of the RE checks in Swift

sushi2k avatar Nov 10 '19 09:11 sushi2k