Setting Up iOS Development Environment
Hardware and OS requirements
- A workstation/laptop running Windows 7 (64-bit)
- A MacBook running Yosemite OS X 10.10 or higher
Mobile Devices and OS requirements:
iPhone or iPad running iOS 8.4 or above (jailbroken)
Why do you need a rooted or jailbroken phone for your test environment?
It is as simple as the ability to customize and install any tools and also to run unsigned apps from nontraditional app stores on the device. Rooted/jailbroken phones will provide full access to the filesystem.
- keychain dumper
- LLDB remote debugging
- Clutch, Class-dump-z, and instrumentation with Frida and Cycript
otool - The otool command displays specified parts of object files or libraries.
Clutch - Decrypted the application and dump specified bundleID into binary or .ipa file
Dumpdecrypted - Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk. This tool is necessary for security researchers to be able to look under the hood of encryption.
iPod:~ root# DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/mobile/Applications/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/Scan.app/Scan
class-dump - A command-line utility for examining the Objective-C runtime information stored in Mach-O files.
Weak Classdump - A Cycript script that generates a header file for the class passed to the function. Most useful when you cannot classdump or dumpdecrypted , when binaries are encrypted etc.
iPod:~ root# cycript -p Skype weak_classdump.cy; cycript -p Skype #cy weak_classdump_bundle([NSBundle mainBundle],"/tmp/Skype")
IDA Pro - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger that offers so many features it is hard to describe them all.
HopperApp - Hopper is a reverse engineering tool for OS X and Linux, that lets you disassemble, decompile and debug your 32/64bits Intel Mac, Linux, Windows and iOS executables.
Radare2 - Radare2 is a unix-like reverse engineering framework and commandline tools.
iRET - The iOS Reverse Engineering Toolkit is a toolkit designed to automate many of the common tasks associated with iOS penetration testing.