hbjhb

Introduction: In my previous article , i had described how you would normally go about decompiling an iOS application. That method would be working for a majority of applications. However, many a times the developers push in security feature to prevent the attackers from decompiling/debugging the application. In our case, though we are the developers friends and are testing the application, it would be good if we actually follow the same route as an attacker would. That way, we can understand what exact information is disclosed and how the application can be compromised. Requirements: iOS device must be jailbroken. OpenSSH should be installed on the iOS device. SSH Client on your machine. "Class Dump" should be installed on the iOS device via "Cydia" "Cycript" should be installed on the iOS device via "Cydia". Detailed Steps: First we will try and use the same step as used in our previous post to dump the class file information via "class du...

Introduction: When you are PenTesting an iOS application, you would want to read the code of the provided application and understand the backend classes and hidden information. Using this, you can try and exploit the application to gain access to sensitive information or to redirect the flow of the application in an malicious manner. Reverse Engineering an iOS application is completely different as compared to an Android apk. The complete original source code cannot be revivied from an existing iOS application. Only, declarations for the classes, categories and protocols can be decompiled from an given application. Requirements: iOS device must be jailbroken. OpenSSH should be installed on the iOS device. SSH Client on your machine. " Class Dump" should be installed on the iOS device via "Cydia" Detailed Steps: Step 1: SSH in to your iOS device using credentials as root:alpine.   Step 2: Launch the application on your device and note down the application location o...