iOS_security_setup

iOS security test set up

tools

jailbreak

https://checkra.in/

plugins

some library must install for cydia

• cydia Substrate

• openssh server

• liberty-lite
  add source
  https://ryleyangus.com/repo/
  install liberty-lite

• ssl-kill-switch2
  https://github.com/nabla-c0d3/ssl-kill-switch2/releases

• AppSync

add https://cydia.akemi.ai/ to cydia source

• frida
  https://frida.re/docs/ios/

Mac install software

• class-dump

  brew install class-dump

• Monkeydev
  https://github.com/AloneMonkey/MonkeyDev

• iproxy

  brew install usbmuxd

• frida-iOS-dump
  https://github.com/AloneMonkey/frida-ios-dump

• theos

basic usage

1. using the frida-iOS-dump pull a decrypted IPA from a jailbroken device
2. unzip the ipa
3. class-dump -H /Users/mac/Desktop/Payload/example.app -o /Users/mac/Desktop/Payload
4. generate the xm file

   logify.pl example.h > tewak.xm

bypass jailbreak detect

Yes, as a bug hunter script boy, I know myself quite well. Know what I can do, what I never can’t do

Xcon is old, no need to use it.

"Super-Advanced-Jailbreak-Detection-Bypass.xm"

%hook ANSMetadata
-(bool)computeIsJailbroken { return false; }
-(bool)isJailbroken { return false; }
%end

• http://iosre.com/t/app/15011/19

issue

Xcode11 A valid provisioning profile for this executable was not found
open file->Project Settings->change New Build System to Legacy Build System

reference

• https://mrmad.com.tw/liberty-lite