Introducing you to some basic processes and also the techniques with which you will be able to use with a purpose to test the iOS apps. You will be able after this lesson to test them for the security flaws.
First of all, we will make the comparison to the Android app testing. Their emulator totally emulates the hardware of the actual Android’s device. Here, the iOS SDK simulator behaves differently. It actually offers the high-level simulation of its own device. Besides that, you need to know the most important thing about it, which is that the emulator binaries are basically compiled to x86 code, not to the ARM code. So, the conclusion about it would be that the apps themselves don’t run once they are compiled on the real device. They don’t make the stimulator useless for some black box analysis and also for the reverse engineering, which is very important for your safety.
Now, we will take a look at the minimum which is required for the iOS app testing setup. First of all, you will, of course, need a laptop which has the administration rights. After that, you will need to setup the Wi-Fi connection which must permit client-to-client traffic. You can do either that or you can switch to USB multiplexing. Okay, we saw the basics, not something you didn’t expect right? Once you got that, you must find at least one iOS device which is jailbroken and it also needs to be of the desired version of iOS. Some interception proxy tool is the last thing you need, or you can use the Burp Site.
It is the truth that you can also use the Linux or a Windows machine for such a purpose, but you will realize that there will be in such case so many difficult tasks on these platforms. You will be almost unable to complete them. So, I would recommend you to follow our instructions, especially if you are a newbie.
Besides all that I have mentioned, it is a great thing to remember that macOS is the only one which allows XCode development environment and also the iOS SDK. What does that mean for you? You will realize that you really want to do your job on a Mac for any kind of the source code analysis and also when you want to perform the debugging actions. Besides those two, the black boxing becomes so much easier this way too.
How to jailbreak the iOS device?
The first thing you need to have for such an action is definitely a jailbroken iPad or iPhone which you will use for the running tests. Such devices will allow you to easily allow the access tool and also the root and the installation. In this way, the security process will become more straightforward and easier, causing almost none complications. You know how frustrating they may be, right? But what if you don’t have the access to the jailbroken device? In that case, you are able to apply some workarounds that I will describe later in this lesson. But, if you want to do it this way, it will be a hard experience. So, it would be the best to get such a device. It’s not that hard, trust me.
Most people compared iOS jailbreaking to the Android’s rooting. But as I have already told you, the process isn’t the same. It would be the best for your understanding if I make the comparison between the two definitions.
What is rooting? A process which almost always involves the installation of the su binary which is already based on the existing system. Also, it may replace the whole system with just a custom ROM which is already rooted. Also, usually such exploits aren’t event required with a purpose to obtain the root access as long as the bootloader is actually accessible.
What about the flashing custom ROMs? First of all, they may be already rooted. Here, you are allowed to replace the OS which is already running on the device. It can be done after you unlock the bootloader. It can also require an exploit.
But, flashing a custom ROM isn’t really possible on the iOS devices. Why is that so? It is because the iOS bootloader is only allowing the Apple images which are signed to be flashed or booted. So, you realized that the iOS downgrades are also impossible.
What is the purpose of jailbreaking?
It would definitely be disabling the iOS system protections. Also, you can understand it as a global disable of Apple’s code signing mechanisms. In this case, the arbitrary codes which are unsigned can run on the device. The definition of the word-jailbreak is that it has the colloquial reference to all those all-in-one tools which are disabling the whole process.
There is another alternative application which is stored and developed by Jay Freeman and it is called Cydia. Cydia is also used for the jailbroken devices. Providing the graphical user interface and also the version of the Advanced Packaging Tool, also known as APT. So, on it, you can also easily gain the access to many of the unsanctioned apps and the packages. There are so many jailbroke tools which install this app automatically.
Exploring the benefits of jailbreaking
Many end users jailbreak because they want to tweak the iOS system appearance. Sometimes, they want to add some new features, to install some third-party apps from the unofficial app store and much more. But, if you want to do it for a security tester, you will then understand and have the benefits from it. You may gain the root access to the file system itself. You will also have the possibility to execute the apps which are not signed by Apple. That is including so many security tools too. Besides that, you will be able to do some unrestricted debugging and also the dynamic analysis, being able to have the permission to access the Objective-C runtime. The benefits are enormous, but these are the most important ones. You will find out much more once you start testing.
The different jailbreak types
Tethered jailbreak. This type doesn’t persist via the reboots. It requires the app to be connected (and also the device) to the computer during every reboot that wants to be done.
The second one is called semi-tethered jailbreak. Such jailbreaks actually can’t be re-applied. It can happen only if the device stays connected to a computer during the whole process of the reboot.
Semi-untethered. These jailbreaks are allowing the device to reboot on its own. But you need to know here that the kernel patches which are actually not applied automatically stay disabling your code signing. What you can do here is to re-jailbreak the device. You can do it by starting the application or even visiting the website.
Untethered jailbreaks are the last type. They are highly popular with the end users and only because they can be applied just once. After they are applied, the device will be jailbroken permanently.
Jailbreaking tools
As I have mentioned earlier, I told I will talk about the tools which are the best to use for this testing. Follow our instructions and you won’t get lost and caught by some tool which will cause you only problems. So, let’s start and explore the best tools and those which are used by the most users. You might probably realize already that the different versions of the iOS require the different techniques when it comes to jailbreaking, right? Well, yes. The first thing you need to find out is that to see if the public jailbreak is actually available for your iOS version or not. Try to avoid some fake tools and also the spyware. They may be often hidden behind some domain names. Those are usually similar to the name of the jailbreaking group or even the author.
Pangu jailbreak 1.3.0 is now available for a 64-bit device which is running on the iOS’s version 9.0. But what if you don’t have a device which is running on such iOS version? Yes, we know that you thought how the jailbreak isn’t available in that case, but you can still do it. It can be done if you upgrade or downgrade it to the target jailbreakable iOS version. You can do it through the IPSW download or iTunes easily. Sometimes, such an action won’t be successful, because the wanted iOS version may not be longer signed by the Apple.
We will now provide you some points which will be very useful for you and which will help you to stay to up-to-date instructions, in which case your jailbreaking will be successful. Those are the iPod Wiki, Redmond Pie and Reddit Jailbreak.