Setup Device
Jailbreak
- How to jailbreak iOS – “PP Jailbreak”
- How to jailbreak iOS – Pangu9
- How to jailbreak iOS – “Yalu Dark” – Included with SSH
- How to use Cydia after iOS Jailbreaken by Yalu Dark
- How to Fix Cydia Error DPKG_LOCKED (Yalu Dark)
- How to jailbreak iOS – Electra
- How to jailbreak iOS 13 device with checkra1n
SFTP
Tools
- How to add Soures of Cydia
- How to install Erica Utilities
- How to set iOS for remote access with VNC
- How to install Snoop-it
- How to install iRET (iOS Reverse Engineering Toolkit)
- How to install Introspy
- How to use Introspy tracer
- How to use Introspy Analyzer
- How to install dumpdecrypted
- How to install .deb file on iOS
- How to install otool
- How to install PS command (adv-cmds)
- How to fix the missing Cydia icon
- How to install GDB
- How to setup AppMon on MacOS for jailbroken device
- How to setup AppMon on MacOS for non-jailbroken device
- How to fix or installing pip pyicu (AppMon installation)
- How to fix the error of IPA installer – AppMon (When replacing existing signature)
- How to fix the error after login Apple Developer Account to XCODE
- How to sniff iOS API calls by AppMon
- How to install “objection”
- How to connect Objection using PID
- How to install Frida on iOS 64 bits device
- How to install Frida on MacOS
- How to fix an error of Objection when using “Disable SSL Pining”
- How to connect Frida and Objection via Network (iOS)
- How to remove Java JDK on MacOs
Install iOS Binaries
- How to install iOS Binaries on Physical Devices Using Sideloadly (Windows)
- How to install iOS Binaries on Physical Devices Using iTunes
- How to install iOS Binaries on Physical Devices Using Cydia Impactor
- How to install iOS Binaries on Physical Devices Using File Transfer
- How to install iOS Binaries on Physical Devices Using installipa
- How to install iOS Binaries on Physical Devices Using iFunbox
- How to install iOS Binaries on Non-jailbroken Physical Devices Using AppMon
- How to install iOS Binaries on Non-jailbroken Physical Devices Using iOS-deploy
- How to install iOS Binaries on Non-jailbroken Physical Devices Using iOS-deploy (Signed app)
- How to bypass iOS Version Check
- How to patch iOS Applications using Objection
Exploring iOS File System
- How to access iOS via SSH (remote access)
- How to access iOS via SSH (remote access) over USB
- How to access iOS via SSH (remote access) over USB – MacOS
- How to access iOS via SSH (remote access) over USB – iFunBox (Windows only)
- How to fix SSH access (WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED)
- How to access iOS via iFile
- How to install MobileTerminal
- How to access iOS application file system on Non-jailbroken Physical Devices Using Objection
Decrypting iOS Applications
- การดึงไฟล์ .ipa จาก Firebase
- How to decrypt the applications
- How to decrypt iOS applications (IOS 10.x)
- How to convert .app from Xcode to .ipa
HTTP/HTTPS interception
- การดัก HTTP traffic ของโปรแกรม Android และ iOS โดยใช้ reFlutter
- Bypass Certificate Pinning on a Flutter-based iOS App
- How to set proxy into Burp
- How to set proxy into Burp (iOS10+)
- How to bypass certificate pining using SSL Kill switch
- How to bypass certificate pining on Non-jailbroken Physical Devices using SSL Kill switch (objection)
- How to intercept the HTTP traffic via OpenVPN
Review Vulnerabilities
Insecure data storage
- How to test insecure data storage – plist
- How to test insecure data storage on Non-jailbroken Physical Devices – plist (Objection)
- How to test insecure data storage – NSUserDefaults
- How to test insecure data storage on Non-jailbroken Physical Devices – NSUserDefaults (Objection)
- How to test insecure data storage – Core data
- How to test insecure data storage on Non-jailbroken Physical Devices – Core data (Objection)
- How to test insecure data storage – Cookie binary
- How to test insecure data storage on Non-jailbroken Physical Devices – Cookie binary (Objection)
- How to test insecure data storage – Webkit Caching
- How to test insecure data storage – Realm database
- How to test insecure data storage on Non-jailbroken Physical Devices – Realm database (Objection)
- How to test insecure data storage – Couchbase database
- How to test insecure data storage – Keychain data
- How to test insecure data storage – Keychain data (Snoop-it)
- How to test insecure data storage on Non-jailbroken Physical Devices – Keychain data (Objection)
Unintended data leakage
- How to find the sensitive information via iOS snapshot
- How to test insecure data storage – Keyboard Caching
- How to clear Keyboard Caching
- How to test insecure data storage – NSLog
- How to test insecure data storage – NSLog (Xcode 10.1)
Static analysis
- How to reverse engineering (Class-dump-z)
- How to reverse engineering (IDA)
- How to reverse engineering (Cutter)
- How to reverse engineering (Snoop-it)
- How to inspect March-O header – PIE flag
- How to find the hardcoded username and password using Hopper
Run-time analysis and manipulation
- How to install Cycript
- How to connect the Cycript
- How to use the Cycript – data type
- How to use the Cycript – Function and For
- How to use the Cycript – Methods, Selectors, & Implementations
- How to list all methods (selector) from a class
- How to list and search classes and method using Frida
- How to get the instance address of an object
- How to access the current ViewController via UITabBarController
- How to redirect URL – Property manipulation
- How to find the sensitive information in memory
- How to find the sensitive information in memory using Fridump
- How to find the sensitive information in HiddenUI using Frida
- How to access the methods by using Cycript
Bypass Jailbreak Detection
- How to bypass the Jailbreak Detection – Method Swizzling
- How to bypass the Jailbreak Detection using xCon
- How to bypass the Jailbreak Detection using tsProtector
- How to bypass the Jailbreak Detection using Flex2
- How to bypass the Jailbreak Detection using Snoop-it
- How to bypass the Jailbreak Detection using Frida
- How to bypass the Jailbreak Detection using Shadow (iOS 12)
Bypass TouchID
Security Decisions Via Untrusted Inputs
- How to test the Security Decisions Via Untrusted Inputs
- How to test the Security Decisions Via Untrusted Inputs – URL Scheme (Hopper)
Client side injection
Poor Authentication And Authorization
- How to bypass login – Method Swizzling
- How to bypass login – Method Swizzling using Frida
- How to bypass login – Invoke methods
- How to bypass login – Invoke methods using Frida
- How to bypass login – Application Patching
- How to bypass login – Debugging with GDB (iVulnerApp)
- How to bypass login – Dissembling with Hopper (iVulnerApp)
Risks