iRET - iOS Reverse Engineering Toolkit

iOS Reverse Engineering Toolkit o iRet es un conjunto de herramientas que ayudan al auditor de seguridad a llevar a cabo tareas comunes de forma automática. Dichas tareas se enfocan en análisis e ingeniería inversa de aplicaciones iOS, plataforma móvil de Apple (iPhone/iPad).

De entre las tareas que este toolkit es capaz de automatizar, tenemos:

• Binary Analysis (basado en otool)
• Keychain Analysis (keychain_dumper)
• Database Analysis (sqlite3)
• Log Viewer
• Plist Viewer
• Header Files
• Create, edit, save and build theos tweaks
• Display cached screenshots

Download iRET

Read More

[DVIA] Damn Vulnerable iOS Application

Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment.

This application covers all the common vulnerabilities found in iOS applications (following OWASP top 10 mobile risks) and contains several challenges that the user can try.

Vulnerabilities and Challenges Included

• Insecure Data Storage
• Jailbreak Detection
• Runtime Manipulation
• Transport Layer Security
• Client Side Injection
• Information Disclosure
• Broken Cryptography
• Application Patching

All these vulnerabilities and their solutions have been tested upto IOS 7.0.4.

Every challenge/vulnerability has a link for a tutorial that users can read to learn more on that topic.

Download DVIA

Read More

[Introspy] Security profiling for blackbox iOS

Blackbox tool to help understand what an iOS application is doing at runtime and assist in the identification of potential security issues.

The tracer can be installed on a jailbroken device to hook and log security-sensitive iOS APIs called by applications running on the device. The tool records details of relevant API calls, including arguments and return values and persists them in a database. Additionally, the calls are also sent to the Console for real-time analysis.

How Introspy works

The tool comprises two separate components: Introspy-iOS and Introspy-Analyzer.

Introspy-iOS is a tracer that can be installed on a jailbroken iOS device. It will hook security-sensitive APIs called by a given application, including functions related to cryptography, IPCs, data storage / protection, networking, and user privacy. The call details are all recorded and persisted in a SQLite database on the device

This database can then be fed to Introspy-Analyzer, which generates an HTML report displaying all recorded calls, plus a list of potential vulnerabilities affecting the application.

Download Introspy

Read More

[IPhone Analyzer] IPhone Forensics Tool

iPhone Analzyer allows you to forensically examine or recover date from in iOS device. It principally works by importing backups produced by iTunes or third party software, and providing you with a rich interface to explore, analyse and recover data in human readable formats. Because it works from the backup files everything is forensically safe, and no changes are made to the original data.

Features

• Supports iOS 2, iOS 3, iOS 4 and iOS 5 devices
• Multi-platform (Java based) product, supported on Linux, Windows and Mac
• Fast, powerful search across device including regular expressions
• Integrated mapping supports visualisation of geo-tagged information, including google maps searches, photos, and cell-sites and wifi locations observed by the device (the infamous "locationd" data)
• Integrated support for text messages, voicemail, address book entries, photos (including metadata), call records and many many others
• Recovery of "deleted" sqlite records (records that have been tagged as deleted, but have not yet been purged by the device can often be recovered),/li>
• Integrated visualisation of plist and sqlite files
• Includes support for off-line mapping, supporting mapping on computers not connected to the Internet
• Support for KML export and direct export to Google Earth
• Browse the device file structure, navigate directly to key files or explore the device using concepts such as "who", "when", "what" and "where".
• Analyse jail broken device directly over SSH without need for backup (experimental)

Download IPhone Analyzer

Read More

[Fing] Tool for Network Scan and Analysis for iPhone

Highlight of features: 

+ Discovers all devices connected to a Wi-Fi network. No limitation! 

+ Displays the MAC Address and up-to-date Vendor names. 

+ Customize names, icons and notes. 

+ Wake On LAN. Switch on your cable-connected devices.

+ History of all discovered networks. You can review and edit your past scans at any time, also offline. 

+ Checks the availability of Internet connection, reporting the geographic location of the ISP (Internet Service Provider). 

+ Share a detailed report of any scan via email

+ Search devices by IP, MAC, Name, Vendor and Notes

+ In-app settings

+ Scans the open ports to find available services. It uses a fast engine that supports hundreds of well-known ports, that you can customize with your own

+ Translates IP addresses to its Domain Names, and reverse 

+ Works also with hosts outside your local network

+ Tracks when a device has gone UP or DOWN, keeping disconnected devices in the list.

+ Discovers NetBIOS names.

+ Supports identification by IP address. Allows to customize nodes hidden behind a network switch.

+ Can sort devices by IP, MAC, Name, Vendor, State, Last Change.

+ Free of charge, Free of Ads 

+ Integrates with Fingbox to sync and backup your customizations, merge networks with multiple access points, monitor remote networks via Fingbox Sentinels, get notifications of changes, and much more.

Fing is born from the ashes of the famous Look@LAN, with a brand-new engine that makes it even faster and smarter! Available also for Windows, Mac OS X, Linux and more platforms!

Download Fing

Read More

[Cryptocat] Chat Client with encrypted conversations on iPhone and Android

Cryptocat is an experimental browser-based chat client for easy to use, encrypted conversations. It aims to make encrypted, private chat easy to use and accessible. We want to break down the barrier that prevents the general public from having an accessible privacy alternative that they already know how to use. 

Cryptocat is currently available for Chrome, Firefox and Safari. It uses the OTR protocol over XMPP for encrypted two-party chat and the (upcoming) mpOTR protocol for encrypted multi-party chat.

Downlaod Cryptocat

Read More

[Evasi0n] Quitar el jailbreak en el iPhone/iPod touch/iPad

El jailbreak no es necesariamente ilegal (al menos no en Estados Unidos), pero sin lugar a dudas es una práctica mal vista por Apple. Si quieres llevar tu dispositivo móvil a un taller de reparación, entonces deberás quitar primero el jailbreak.

Los evad3rs (autores de la herramienta de jailbreak untethered evasi0n) han dicho que el jailbreak no afecta de ningún modo a los iPhones – por ejemplo, no provoca un mayor consumo de batería ni otras cosas parecidas.

Sin embargo, el jailbreak habilita algunas funciones que finalmente podrían llevar a ciertos comportamientos no deseados por parte del terminal. Y si algún día tienes que llevar el iPhone, iPod touch o iPad a un taller de reparaciones, lo más probable es que Apple te niegue la garantía si descubre que tienes jailbreak.

En este caso, deberás quitar el jailbreak. Para hacerlo, sigue el consejo de los evad3rs:

“Si algún día decides que quieres deshacer el jailbreak, puedes conectar tu dispositivo al ordenador, hacer una copia de seguridad completa con iTunes, pinchar sobre 'restaurar' en iTunes para borrar el dispositivo y cargar la copia de seguridad cuando lo pida. Todas tus aplicaciones de App Store y otros datos se conservarán, como de costumbre”.

Evasi0n

 

Read More