Preparing iPhone for Application Security 2018 | Lucideus Research

Introduction
This article introduces some of the important tools that an iOS Security Analyst must install in order to prepare the iPhone for application security. Jailbreaking of the iPhone is a prerequisite as explained in the previous post. Let us look at the important things to be done for starting application security after jailbreaking the iPhone.

Entering the iPhone’s File System
In order to make sure that you have really jailbroken your iPhone and to know why changing of the mobile and root user’s password is the immediate step that should be taken after jailbreaking, you need to understand this step carefully.

After a successful jailbreak, you have the ability to access every file on your device. For doing this, the simplest way is to install a file manager for your ‘jailbroken’ iPhone. ‘Filza File manager’ is one of the useful applications for this purpose. It is available from the BigBoss repository packages. If the BigBoss repository is not present on Cydia, you can install it by adding http://apt.thebigboss.org/repofiles/cydia/ to the list of repositories.
Filza File Manager will now be available for installation as shown in the screenshot.

Search for Filza File manager and install the application as shown in the screenshot.
It will now be available with the other applications on the iPhone.
Open Filza. You will now be able to see the complete file system of your iPhone from ‘/’ (root) directory as shown.
The Secure SHell (SSH)
The next step is to prepare your iPhone to be accessed from the command line. For this purpose, SSH is the most widespread technique used. For iOS 9 and below, OpenSSH and OpenSSL need to be installed from Cydia. From iOS 10 and above, the jailbreaking tools support Dropbear SSH client as OpenSSH seems broken for devices running on iOS 10 and above.


To SSH into your iPhone



  • Your computer and iPhone must be connected to the same local network and
  • SSH client must be installed on your computer.
  • Open Settings on your device and head over to Wi-Fi. Tap on the SSID of the network that you are connected to.





Note down the IP Address (192.168.0.102 in this case).


On your computer, go to the system terminal or command line and type the following command:
ssh root@<IP Address>
If you are connecting to the device for the first time, an authentication message will be shown as shown in the screenshot below.


Type ‘yes’ and press Enter. Now you will be asked for a password. Type in the root user’s password that you have set after jailbreaking the iPhone and press Enter.


Now you successfully have an SSH connection to your iPhone on your computer.
Note: If you encounter an error while connecting to the iPhone using SSH, refer to the jailbreak forums and channels on Reddit.
For example, in iOS 10 and above, the drop bear SSH client allows only localhost SSH connections by default. To make an SSH connection using your computer, refer to the following URL:
https://yalujailbreak.net/ssh-ios-10-tutorial/


The Secure File Transfer Protocol (SFTP) and Secure CoPy (SCP)

Another set of important tools for a jailbroken device is SFTP and SCP. Both of them perform the same task i.e. copying a file from a computer to the iPhone and vice versa. 

To get these tools on devices running on iOS 9 and below, OpenSSH and OpenSSL must be installed from Cydia. For devices running on iOS 10 and above, “SCP and SFTP for Dropbear” must be installed from Cydia as shown in the screenshot.


To transfer files using these tools, the following commands can be used:

sftp root@<IP_Address> (followed by get and put commands)
scp root@<IP_Address>:<Remote_Path> <Local_Path> (put command)
scp <Local_Path> root@<IP_Address>:<Remote_Path> (get command)

Other Useful tools
Most of the banking applications and other secure applications either crash or display a message saying that ‘Jailbroken device is not supported’. As a security analyst, it is important to make these applications run on your jailbroken device in order to perform a security analysis of the applications. 

There are other necessary tools available to perform various tasks such as SSL Pinning Bypass, iOS Keychain dump and class dump from the application's binary.

For this purpose, publicly available tools can be installed through Cydia application or using the command line (SSH) depending on the availability of the tool. For installation through SSH, one should install “APT” Package from Cydia.



Some of the necessary tools available are:



























Note: You must be careful while installing applications from untrusted repositories. Even one malicious application can brick your iPhone or at worse compromise your privacy and security of the device. Hence, always install the application from the trusted sources.



Conclusion

By following this article, we have seen some of the necessary tools required for iOS application security assessment. The base of Static Analysis of iOS applications lies within these tools. After successfully setting up these tools, a single important step is taken towards iOS application’s security analysis. In the next dose of the series, the iOS file system and architecture of an iOS application will be discussed.

Post a Comment

0 Comments