SlideShare a Scribd company logo

iOS Application Static Analysis - Deepika Kumari.pptx

Download as PPTX, PDF
D
deepikakumari643428

This document discusses static analysis techniques for testing iOS applications. It covers analyzing the app manifest file (plist) for sensitive information, checking for insecure data storage in databases and the keychain, verifying code signatures, and dumping runtime memory. The document provides examples of using tools like MobSF, otool, and objection to extract plaintext passwords and other data from test apps.

Engineering
1 of 20
Downloaded 11 times
1
2
3
4
5
6
7
8
9
10
11
Most read
12
Most read
13
14
15
16
Most read
17
18
19
20
Pen-testing iOS Applications: Static Analysis Deepika Kumari
Who Am I ?  Senior Security Consultant @EY  Security Researcher  Bachelor’s Degree from Amity University (2015)  Certified Red Team professional Find me on : https://www.linkedin.com/in/deepika-kumari-740763100/ Blog: https://medium.com/@deepika-k/ 2
Agenda iOS Platform Overview Web vs Mobile Testing Pre-requisites iOS application Static Analysis 3
iOS Security Architecture The iOS security architecture consists of several core features:  Hardware Security (Secure Enclave)  Secure Boot  Code Signing  Security of runtime process 4
Mobile vs Web App 5 Data being stored on the device Interaction with the OS through API’s Reverse Engineering Local Authentication (e.g. Fingerprint)
Types of Mobile Apps  Native App  Web App  Hybrid App 6
Web Vs Mobile Q1. is XSS a vulnerability that is applicable to mobile apps? • a) yes but only reflected • b) yes but only stored • c) yes reflected and stored • d) No Q2: Do you think its possible to make an app immune to reverse engg attacks? • a) yes via obfucstion • b) yes via encryption • c) Yes by combining above 2 • d) No reverse engg will always win 7
Web vs Mobile Pentesting  Be aware of the impact of vulnerabilities in mobile apps compared to web apps  You can not blindly map everything you know about web app testing to mobile apps  Need to understand the differences and common pitfalls when implementing mobile apps 8
Creating Pentest Platform  Jailbreak using Checkra1n or other jailbreak tools  Launch Cydia  Install Open SSH server  Connect to Wi-Fi and SSH over IP  Install .ipa file using iMazing or Installer IPA.  Install tools like Otool(reverse enginnering), cycript (decrypting ipa file), Frida/Objection (bypassing SSL pinning and dumping keychain)  MobSF Scanner 9 Tuesday, February 2, 20XX
iOS Application Testing Methodology Static Analysis : using manual techniques and tools such as MobSF, otool, etc. to look for certain strings, hardcoded sensitive information, misconfigures cryptography. Dynamic Analysis : involves runtime exploitation and hooking different methods objects to bypass certain scenarios and gain access to sensitive information, testing dynamic API calls, business logic flows, parameter tampering, Injection attacks and so on. 10
Finding Package Name 11
iOS Application Static Analysis • Plist file analysis • Sensitive Data in UserDefaults • Looking into Insecure Local Storage • Verify Signature (Binary Protection) • Runtime Memory Dump • Dumping Keychain 12
Plist File Analysis 1. Run the following commands: • objection -g <app package name> explore • ios plist cat userInfo.plist 2. Observe that the sensitive information is stored in plain text. 3. Look for Misconfigured ATS 13
Sensitive Data in NSUserDefaults 1. Run the following commands: • objection -g <app package name> explore • ios nsuserdefaults get 2. Observe that the sensitive information is stored in the plain-text in DemoValue parameter. 14
Insecure Local Data Storage 1. Navigate to the application package folder. 2. Search for database file with .db extension or .sqlite. 3. Open it using sqlite3 database command. 4. From the screenshot above we are able to read the database table and content. 15
Verify Signature of IPA file 1. Use code signer tool to check the signature of the IPA file • codesign -dv --verbose=4 /Applications/Utilities/Terminal.app 2. Use open source to check the IPA cert validation • https://gist.github.com/ronsims2/1b7a8b9e15898f9406788988106b 2f78 • python ipa_cert_checker.py /Users/janedoe/Dcouments/Foobar.ipa 16
Run-Time Memory Dump 1. Use FRIDUMP tool to dump sensitive information from the temporary memory • Command : https://github.com/Nightbringer21/fridump • fridump -U Safari - Dump the memory of an iOS device associated with the Safari app 17
Dumping Keychain 1. Run the following commands: • objection -g DVIA-v2 explore • ios keychain dump 2.Observe that the sensitive information (password) is found stored in the plain-text (Super Secure Password). 18
References • https://www.cobalt.io/blog/ios-pentesting-101 • https://payatu.com/blog/kapil.gurav/ios-penetration-testing • https://book.hacktricks.xyz/mobile-pentesting/ios- pentesting-checklist • https://blog.yeswehack.com/yeswerhackers/getting-started- ios-penetration-testing-part-1/ • https://mobile-security.gitbook.io/mobile-security-testing- guide/ios-testing-guide/0x06b-basic-security-testing 19
Thank you Deepika Kumari deepikakumari778@gmail.com /in/deepika-kumari-740763100/ 20

More Related Content

What's hot (20)

PPTX
A Guide to AWS Penetration Testing.pptx
saurabhpandey251355
 
PDF
OWASP API Security Top 10 - API World
42Crunch
 
PPTX
Vulnerabilities in modern web applications
Niyas Nazar
 
PPTX
Bug Bounty 101
Shahee Mirza
 
PDF
Secure Coding principles by example: Build Security In from the start - Carlo...
Codemotion
 
PPT
Port scanning
Hemanth Pasumarthi
 
PDF
Secure coding presentation Oct 3 2020
Moataz Kamel
 
PDF
Red Team Framework
👀 Joe Gray
 
PPTX
What is security testing and why it is so important?
ONE BCG
 
PPTX
Xss attack
Manjushree Mashal
 
PPTX
Crowdstrike .pptx
uthayakumar174828
 
PPTX
Applying OWASP web security testing guide (OWSTG)
Vandana Verma
 
PDF
Security testing presentation
Confiz
 
PPTX
7 Steps to Threat Modeling
Danny Wong
 
PPT
Penetration Testing Basics
Rick Wanner
 
PPTX
Secure Code Warrior - CRLF injection
Secure Code Warrior
 
PPTX
security misconfigurations
Megha Sahu
 
PDF
Bug Bounty Hunter Methodology - Nullcon 2016
bugcrowd
 
PDF
Cross site scripting attacks and defenses
Mohammed A. Imran
 
PDF
Threat Modelling
n|u - The Open Security Community
 
A Guide to AWS Penetration Testing.pptx
saurabhpandey251355
 
OWASP API Security Top 10 - API World
42Crunch
 
Vulnerabilities in modern web applications
Niyas Nazar
 
Bug Bounty 101
Shahee Mirza
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Codemotion
 
Port scanning
Hemanth Pasumarthi
 
Secure coding presentation Oct 3 2020
Moataz Kamel
 
Red Team Framework
👀 Joe Gray
 
What is security testing and why it is so important?
ONE BCG
 
Xss attack
Manjushree Mashal
 
Crowdstrike .pptx
uthayakumar174828
 
Applying OWASP web security testing guide (OWSTG)
Vandana Verma
 
Security testing presentation
Confiz
 
7 Steps to Threat Modeling
Danny Wong
 
Penetration Testing Basics
Rick Wanner
 
Secure Code Warrior - CRLF injection
Secure Code Warrior
 
security misconfigurations
Megha Sahu
 
Bug Bounty Hunter Methodology - Nullcon 2016
bugcrowd
 
Cross site scripting attacks and defenses
Mohammed A. Imran
 
Threat Modelling
n|u - The Open Security Community
 

Similar to iOS Application Static Analysis - Deepika Kumari.pptx (20)

PPTX
Security testing of mobile applications
GTestClub
 
PPTX
Hacking and Securing iOS Applications by Satish Bomisstty
ClubHack
 
PPTX
Untitled 1
Sergey Kochergan
 
PDF
Hacking and Securing iOS Applications
n|u - The Open Security Community
 
PDF
OWASP for iOS
Phineas Huang
 
PPTX
Unlocking-iOS-A-Hackers-Guide-to-App-Testing.pptx
Abida Shariff
 
PPTX
Security Imeprative for iOS and Android Apps
Symosis Security (Previously C-Level Security)
 
PPTX
Hacking and securing ios applications
Satish b
 
PDF
Mobile Application Security Threats through the Eyes of the Attacker
bugcrowd
 
PPTX
iOS-Application-Security-iAmPr3m
Prem Kumar (OSCP)
 
PDF
iOS Application Penetation Test
JongWon Kim
 
PDF
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
DefconRussia
 
PPTX
iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift
Bunty Madan
 
PPTX
Hacking Mobile Apps
Sophos Benelux
 
PDF
iOS Application Security And Static Analysis.pdf
Cyber security professional services- Detox techno
 
PPTX
iOS application (in)security
iphonepentest
 
PDF
Is my app secure?
Cláudio André
 
PDF
Is My App Secure ?
Herman Duarte
 
PPTX
Mobile App Penetration Testing Bsides312
wphillips114
 
PDF
Android Security - Common Security Pitfalls in Android Applications
BlrDroid
 
Security testing of mobile applications
GTestClub
 
Hacking and Securing iOS Applications by Satish Bomisstty
ClubHack
 
Untitled 1
Sergey Kochergan
 
Hacking and Securing iOS Applications
n|u - The Open Security Community
 
OWASP for iOS
Phineas Huang
 
Unlocking-iOS-A-Hackers-Guide-to-App-Testing.pptx
Abida Shariff
 
Security Imeprative for iOS and Android Apps
Symosis Security (Previously C-Level Security)
 
Hacking and securing ios applications
Satish b
 
Mobile Application Security Threats through the Eyes of the Attacker
bugcrowd
 
iOS-Application-Security-iAmPr3m
Prem Kumar (OSCP)
 
iOS Application Penetation Test
JongWon Kim
 
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
DefconRussia
 
iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift
Bunty Madan
 
Hacking Mobile Apps
Sophos Benelux
 
iOS Application Security And Static Analysis.pdf
Cyber security professional services- Detox techno
 
iOS application (in)security
iphonepentest
 
Is my app secure?
Cláudio André
 
Is My App Secure ?
Herman Duarte
 
Mobile App Penetration Testing Bsides312
wphillips114
 
Android Security - Common Security Pitfalls in Android Applications
BlrDroid
 
Ad

Recently uploaded (20)

DOCX
SAR - EEEfdfdsdasdsdasdasdasdasdasdasdasda.docx
Kanimozhi676285
 
PDF
67243-Cooling and Heating & Calculation.pdf
DHAKA POLYTECHNIC
 
PPTX
22PCOAM21 Session 1 Data Management.pptx
Guru Nanak Technical Institutions
 
PDF
Packaging Tips for Stainless Steel Tubes and Pipes
heavymetalsandtubes
 
PPTX
Online Cab Booking and Management System.pptx
diptipaneri80
 
PDF
Air -Powered Car PPT by ER. SHRESTH SUDHIR KOKNE.pdf
SHRESTHKOKNE
 
PPTX
Basics of Auto Computer Aided Drafting .pptx
Krunal Thanki
 
PPTX
Introduction to Fluid and Thermal Engineering
Avesahemad Husainy
 
PDF
AI-Driven IoT-Enabled UAV Inspection Framework for Predictive Maintenance and...
ijcncjournal019
 
PPTX
MULTI LEVEL DATA TRACKING USING COOJA.pptx
dollysharma12ab
 
PDF
4 Tier Teamcenter Installation part1.pdf
VnyKumar1
 
PDF
All chapters of Strength of materials.ppt
girmabiniyam1234
 
PPTX
Water resources Engineering GIS KRT.pptx
Krunal Thanki
 
PDF
Machine Learning All topics Covers In This Single Slides
AmritTiwari19
 
PDF
Zero Carbon Building Performance standard
BassemOsman1
 
PDF
Biodegradable Plastics: Innovations and Market Potential (www.kiu.ac.ug)
publication11
 
PDF
Construction of a Thermal Vacuum Chamber for Environment Test of Triple CubeS...
2208441
 
PPTX
IoT_Smart_Agriculture_Presentations.pptx
poojakumari696707
 
PDF
Natural_Language_processing_Unit_I_notes.pdf
sanguleumeshit
 
PPTX
cybersecurityandthe importance of the that
JayachanduHNJc
 
SAR - EEEfdfdsdasdsdasdasdasdasdasdasdasda.docx
Kanimozhi676285
 
67243-Cooling and Heating & Calculation.pdf
DHAKA POLYTECHNIC
 
22PCOAM21 Session 1 Data Management.pptx
Guru Nanak Technical Institutions
 
Packaging Tips for Stainless Steel Tubes and Pipes
heavymetalsandtubes
 
Online Cab Booking and Management System.pptx
diptipaneri80
 
Air -Powered Car PPT by ER. SHRESTH SUDHIR KOKNE.pdf
SHRESTHKOKNE
 
Basics of Auto Computer Aided Drafting .pptx
Krunal Thanki
 
Introduction to Fluid and Thermal Engineering
Avesahemad Husainy
 
AI-Driven IoT-Enabled UAV Inspection Framework for Predictive Maintenance and...
ijcncjournal019
 
MULTI LEVEL DATA TRACKING USING COOJA.pptx
dollysharma12ab
 
4 Tier Teamcenter Installation part1.pdf
VnyKumar1
 
All chapters of Strength of materials.ppt
girmabiniyam1234
 
Water resources Engineering GIS KRT.pptx
Krunal Thanki
 
Machine Learning All topics Covers In This Single Slides
AmritTiwari19
 
Zero Carbon Building Performance standard
BassemOsman1
 
Biodegradable Plastics: Innovations and Market Potential (www.kiu.ac.ug)
publication11
 
Construction of a Thermal Vacuum Chamber for Environment Test of Triple CubeS...
2208441
 
IoT_Smart_Agriculture_Presentations.pptx
poojakumari696707
 
Natural_Language_processing_Unit_I_notes.pdf
sanguleumeshit
 
cybersecurityandthe importance of the that
JayachanduHNJc
 
Ad

iOS Application Static Analysis - Deepika Kumari.pptx

  • 2. Who Am I ?  Senior Security Consultant @EY  Security Researcher  Bachelor’s Degree from Amity University (2015)  Certified Red Team professional Find me on : https://www.linkedin.com/in/deepika-kumari-740763100/ Blog: https://medium.com/@deepika-k/ 2
  • 3. Agenda iOS Platform Overview Web vs Mobile Testing Pre-requisites iOS application Static Analysis 3
  • 4. iOS Security Architecture The iOS security architecture consists of several core features:  Hardware Security (Secure Enclave)  Secure Boot  Code Signing  Security of runtime process 4
  • 5. Mobile vs Web App 5 Data being stored on the device Interaction with the OS through API’s Reverse Engineering Local Authentication (e.g. Fingerprint)
  • 6. Types of Mobile Apps  Native App  Web App  Hybrid App 6
  • 7. Web Vs Mobile Q1. is XSS a vulnerability that is applicable to mobile apps? • a) yes but only reflected • b) yes but only stored • c) yes reflected and stored • d) No Q2: Do you think its possible to make an app immune to reverse engg attacks? • a) yes via obfucstion • b) yes via encryption • c) Yes by combining above 2 • d) No reverse engg will always win 7
  • 8. Web vs Mobile Pentesting  Be aware of the impact of vulnerabilities in mobile apps compared to web apps  You can not blindly map everything you know about web app testing to mobile apps  Need to understand the differences and common pitfalls when implementing mobile apps 8
  • 9. Creating Pentest Platform  Jailbreak using Checkra1n or other jailbreak tools  Launch Cydia  Install Open SSH server  Connect to Wi-Fi and SSH over IP  Install .ipa file using iMazing or Installer IPA.  Install tools like Otool(reverse enginnering), cycript (decrypting ipa file), Frida/Objection (bypassing SSL pinning and dumping keychain)  MobSF Scanner 9 Tuesday, February 2, 20XX
  • 10. iOS Application Testing Methodology Static Analysis : using manual techniques and tools such as MobSF, otool, etc. to look for certain strings, hardcoded sensitive information, misconfigures cryptography. Dynamic Analysis : involves runtime exploitation and hooking different methods objects to bypass certain scenarios and gain access to sensitive information, testing dynamic API calls, business logic flows, parameter tampering, Injection attacks and so on. 10
  • 12. iOS Application Static Analysis • Plist file analysis • Sensitive Data in UserDefaults • Looking into Insecure Local Storage • Verify Signature (Binary Protection) • Runtime Memory Dump • Dumping Keychain 12
  • 13. Plist File Analysis 1. Run the following commands: • objection -g <app package name> explore • ios plist cat userInfo.plist 2. Observe that the sensitive information is stored in plain text. 3. Look for Misconfigured ATS 13
  • 14. Sensitive Data in NSUserDefaults 1. Run the following commands: • objection -g <app package name> explore • ios nsuserdefaults get 2. Observe that the sensitive information is stored in the plain-text in DemoValue parameter. 14
  • 15. Insecure Local Data Storage 1. Navigate to the application package folder. 2. Search for database file with .db extension or .sqlite. 3. Open it using sqlite3 database command. 4. From the screenshot above we are able to read the database table and content. 15
  • 16. Verify Signature of IPA file 1. Use code signer tool to check the signature of the IPA file • codesign -dv --verbose=4 /Applications/Utilities/Terminal.app 2. Use open source to check the IPA cert validation • https://gist.github.com/ronsims2/1b7a8b9e15898f9406788988106b 2f78 • python ipa_cert_checker.py /Users/janedoe/Dcouments/Foobar.ipa 16
  • 17. Run-Time Memory Dump 1. Use FRIDUMP tool to dump sensitive information from the temporary memory • Command : https://github.com/Nightbringer21/fridump • fridump -U Safari - Dump the memory of an iOS device associated with the Safari app 17
  • 18. Dumping Keychain 1. Run the following commands: • objection -g DVIA-v2 explore • ios keychain dump 2.Observe that the sensitive information (password) is found stored in the plain-text (Super Secure Password). 18
  • 19. References • https://www.cobalt.io/blog/ios-pentesting-101 • https://payatu.com/blog/kapil.gurav/ios-penetration-testing • https://book.hacktricks.xyz/mobile-pentesting/ios- pentesting-checklist • https://blog.yeswehack.com/yeswerhackers/getting-started- ios-penetration-testing-part-1/ • https://mobile-security.gitbook.io/mobile-security-testing- guide/ios-testing-guide/0x06b-basic-security-testing 19