Bypassing jailbreak detection, bypassing SSL certificate pinning…These are annoyances that you have or will experience when you eventually test mobile applications.
There are few and far in between tools/techniques that help in these cases. Frida is an amazing toolkit that is often behind all of these tools and enables the use of these techniques. That said, Objection is a runtime “mobile exploration framework” that utilizes Frida and enables you to do a bunch of cool shit.
In those post I’m going to post the exact I had to do on a recent engagement to set up and get my OSX box ready for this engagement and all those in the future.
STEPS HERE:
Install xCode from the OSX App Store
Install Command Line Tools for your version of xCode (12.5.1 at the time of this post) Also note that you’ll have to sign in to your apple dev account to get that. Link HERE
brew install python
cd /Applications/Python 3.9/
sudo ./Install Certificates.command
pip3 install objection
brew install node Open xcode –> Preferences –> Accounts –> Add your Apple Dev Account –> Create a blank app project –> compile it
npm install -g applesign Open xCode Preferences again –> Accounts –> Select your Dev Account –> Click Download Manual Profiles
Plug in iPhone you’re using for pen testing compile and deploy the app to the iPhone If your device is under the current version of iOS (which probably is if it’s jailbroken)
Then click the top of the project file tree and then select the general tab
Now scroll down to Deployment Info and change the iOS version to one that matches your device
Now compile and deploy to your device
security find-identity -p codesigning -v Confirm that your apple dev account is listed there and take note of the string
sudo xcode-select -s /Applications/Xcode.app/Contents/Developer
cd /opt/MOBILE/IOS/ git clone https://github.com/Tyilo/insert_dylib
cd insert_dylib
xcodebuild
cp build/Release/insert_dylib /usr/local/bin/insert_dylib
pip3 install frida-tools
cd /opt/MOBILE/IOS/
git clone https://github.com/AloneMonkey/frida-ios-dump
pip3 install -r requirements.txt
brew install libimobiledevice
iproxy 2222 22
python dump.py 'com.app.encrypted' -u root -P <iphones-root-password>
sudo objection patchipa -s REDACTED-Grabbed-from-python-dump-py.ipa -c REDACTED --skip-cleanupNow just sideload the app with Xcode, Cydia Impactor, iFunBox or whatever else you like and you’re good to go to proxy through Burp Suite or ZAP!
Have trouble? LMK on any of the GainSec socials (Left on desktop and underneath this post on mobile) Or just search GainSec in google!
Read more about iOS hacking and penetration testing HERE
Read more about Android hacking and penetration testing HERE
END TRANSMISSION