Bypassing jailbreak detection, bypassing SSL certificate pinning…These are annoyances that you have or will experience when you eventually test mobile applications.
There are few and far in between tools/techniques that help in these cases. Frida is an amazing toolkit that is often behind all of these tools and enables the use of these techniques. That said, Objection is a runtime “mobile exploration framework” that utilizes Frida and enables you to do a bunch of cool shit.
In those post I’m going to post the exact I had to do on a recent engagement to set up and get my OSX box ready for this engagement and all those in the future.
Install xCode from the OSX App Store
Install Command Line Tools for your version of xCode (12.5.1 at the time of this post) Also note that you’ll have to sign in to your apple dev account to get that. Link HERE
brew install python cd /Applications/Python 3.9/ sudo ./Install Certificates.command pip3 install objection brew install node
Open xcode –> Preferences –> Accounts –> Add your Apple Dev Account –> Create a blank app project –> compile it
npm install -g applesign
Open xCode Preferences again –> Accounts –> Select your Dev Account –> Click Download Manual Profiles
Plug in iPhone you’re using for pen testing compile and deploy the app to the iPhone If your device is under the current version of iOS (which probably is if it’s jailbroken)
Then click the top of the project file tree and then select the general tab
Now scroll down to Deployment Info and change the iOS version to one that matches your device
Now compile and deploy to your device
security find-identity -p codesigning -v
Confirm that your apple dev account is listed there and take note of the string
sudo xcode-select -s /Applications/Xcode.app/Contents/Developer cd /opt/MOBILE/IOS/ git clone https://github.com/Tyilo/insert_dylib cd insert_dylib xcodebuild cp build/Release/insert_dylib /usr/local/bin/insert_dylib pip3 install frida-tools cd /opt/MOBILE/IOS/ git clone https://github.com/AloneMonkey/frida-ios-dump pip3 install -r requirements.txt brew install libimobiledevice iproxy 2222 22 python dump.py 'com.app.encrypted' -u root -P <iphones-root-password> sudo objection patchipa -s REDACTED-Grabbed-from-python-dump-py.ipa -c REDACTED --skip-cleanup
Now just sideload the app with Xcode, Cydia Impactor, iFunBox or whatever else you like and you’re good to go to proxy through Burp Suite or ZAP!
Have trouble? LMK on any of the GainSec socials (Left on desktop and underneath this post on mobile) Or just search GainSec in google!
Read more about iOS hacking and penetration testing HERE
Read more about Android hacking and penetration testing HERE