This script has been developed to help perform Reverse Engineering of an iOS application, specifically the static analysis of an IPA file for detecting common security misconfigurations. We can complete a small portion of a very complex area in Cyber Security through this script - iOS Application Penetration Testing.
Following checks are performed by the script:
- Address Space Layout Randomization (ASLR)
- Stack Smashing Protection
- Automatic Reference Counting (ARC)
- Binary Encryption
- Weak Hashing Algorithms
- Insecure Random Number Generator Functions
- Insecure Malloc Function
- Deprecated Objective-C APIs
Refer to the links in the References section to get a detailed understanding of above checks.
- otool (Part of XCode's command line tools)
- python3
- MacOS
- iOS Application's IPA file
- The script can be downloaded directly from the repo.
- Only the IPA file is needed for input. For ease of use, keep the iPA file and script in the same folder.
- Script can be run as follows.
python otool_analyze.py <IPA file>
- Analyzing the IPA like a Pro
- Basic Static Analysis iOS PT
- OWASP Mobile App Security Testing Guide - Section on otool
This project is licensed under the Apache 2.0 License - refer to the LICENSE.md file for further details.