iOS Quickstart
In this session – the third and final in a series on mobile hacking – we discuss the structure of iOS applications, key differences between testing on iOS and Android, recommended tools, setup details, and some handy tips for hacking iOS apps.
What you’ll learn
- Structure of iOS apps
- IPA container
- Encryption
- Info.plist
- Differences in testing iOS vs Android
- Simulator vs Emulator
- Native code vs Dalvik
- Tools
- Setting up your proxy
- Instructions for Simulator
- Instructions for physical devices
- Installing the CA certificate
- Jailbreaking
- WARNING: Do not do this on any device with important data
- Testing tips
- Use bfinject to decrypt IPAs
- Disable cert pinning with SSL Kill Switch 2 or Burp Suite Mobile Assistant
- Install iPad-only apps on other devices with an Info.plist modification
- Basic memory corruption bug hunting
- Look at custom URL schemes
Video
Previous video Next video