You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: _posts/2025-09-17-iOS-All-The-Things-Part-I.md
+13-10Lines changed: 13 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,5 @@
1
1
---
2
-
date: 2025-09-17 03:09:30
2
+
date: 2025-09-17 03:13:30
3
3
layout: post
4
4
title: iOS All The Things - Part I
5
5
@@ -20,10 +20,11 @@ tags:
20
20
2.[iOS Architecture](#ios-architecture)
21
21
3.[IPA Architecture](#ipa-architecture)
22
22
4.[Programming iOS Apps](#programming-ios-apps)
23
-
5. Types of Jailbreaks
24
-
6. Push & Pull ipa Package
25
-
7. Setup burp
26
-
8. Tools
23
+
5.[Conclusion](#conclusion)
24
+
6. Types of Jailbreaks
25
+
7. Push & Pull ipa Package
26
+
8. Setup burp
27
+
9. Tools
27
28
28
29
## Intro
29
30
Hey Geeks, and welcome to our ultimate guide! Ever wondered how hackers find weaknesses in ios apps, and how we can stop them? You're in the right place.
@@ -67,15 +68,15 @@ The fourth layer is the **Cocoa Touch Layer**. This is the layer that users dire
67
68
An IPA file is the application package format for iOS, functionally equivalent to an APK package on Android.
68
69
When you extract an IPA package (e.g., test.ipa), you obtain its core contents. The key components include:
69
70
70
-
### Info.plist
71
+
#####Info.plist
71
72
This is the Information Property List file, which serves a role similar to the AndroidManifest.xml in Android. It contains crucial metadata about the application, including:
72
73
73
74
* The application's display name (CFBundleDisplayName)
74
75
* The bundle identifier (CFBundleIdentifier)
75
76
* The minimum iOS version it requires to run (MinimumOSVersion)
76
77
* The application's version and build numbers
77
78
78
-
### The Executable (Mach-O Binary)
79
+
#####The Executable (Mach-O Binary)
79
80
Extracting the IPA yields the main application executable. This is a Mach-O (Mach Object) file. This binary is the compiled, machine-code version of the application's source code. Unlike a decompiled Android APK, which can often yield readable Java or Kotlin code, this Mach-O binary contains compiled code that cannot be directly read. To analyze it, you must use reverse engineering tools like Ghidra, Hopper Disassembler, or IDA Pro to disassemble it into assembly code. The goal is to analyze this assembly to understand the program's logic and perform dynamic analysis during runtime.
80
81
81
82
This executable is protected by modern security controls such as:
@@ -85,16 +86,16 @@ This executable is protected by modern security controls such as:
85
86
86
87
> **Important Tip:** The Decryption Hurdle of Any application downloaded from the official App Store has its main binary encrypted by Apple to protect intellectual property. If you try to analyze an App Store app directly with a disassembler, the tools will fail because they cannot read the encrypted code. To bypass this, a common technique is to run the app on a jailbroken device and dump the decrypted binary from memory (using tool like frida-ios-dump) before performing static analysis.
87
88
88
-
### Frameworks Folder
89
+
#####Frameworks Folder
89
90
This directory contains the libraries the application depends on. This includes:
90
91
91
92
***Dynamic Libraries:** Custom frameworks developed for the app's specific needs.
92
93
***System Libraries:** Built-in iOS libraries (like libc.dylib) that provide standard functions.
93
94
94
-
### Embedded.mobileprovision
95
+
#####Embedded.mobileprovision
95
96
This is a provisioning profile file. It contains the code-signing certificates and entitlements that authorize the app to run on specific devices or use certain Apple services. It also defines security policies and is crucial for understanding the app's capabilities.
96
97
97
-
### Sandbox and Permissions (Entitlements)
98
+
#####Sandbox and Permissions (Entitlements)
98
99
**Sandbox**: The core mechanism that prevents applications from accessing each other's data. This is a mandatory access control system enforced by the iOS kernel that isolates each application into its own dedicated container. This design ensures that an app cannot read, write, or modify the contents of any other app's container.
99
100
100
101
This isolation is physically implemented through three primary directory structures on the filesystem:
@@ -229,6 +230,8 @@ print(y.x()) // Done!
229
230
230
231
> **Important Advice:** A highly effective way to sharpen your penetration testing skills is to analyze intentionally vulnerable applications. Apps like DIVA-v2 are designed with security flaws for educational purposes.
231
232
233
+
## Conclusion
234
+
232
235
That concludes Part one of our journey into iOS pentesting. We've laid the foundation by exploring the architecture, the IPA structure, and Swift Programming.
233
236
234
237
Just like Chrollo meticulously studies his opponents' abilities before a fight, a successful pentester must first master the known system to exploit its unknown weaknesses.
0 commit comments