📄️ Extract and Decode IPA File
For a lot of the information gathering, and static analysis of the mobile app, we need to first extract the IPA file. The IPA file is nothing more than a zip file which means we can extract it with existing tools on the macOS system.
📄️ Binary Protections
There are certain protections that should be in place on the main application executable for things like stack protection, ASLR, and memory management.
📄️ Data Protection Classes -- Static Analysis
iOS and iPadOS leverage an API called "Data Protection" which is used to
📄️ Evaluate Information from Header Files
For a lot of the static and dynamic analysis of the mobile app, reviewing the header files could be very beneficial. The header files can give you some ideas about where sensitive information could be stored in the app. Additionally, for dynamic analysis, knowing which methods are being used in a specific class could help in "hooking" that class to analyze its behavior.
📄️ Endpoint URL & API Discovery
Once you have the decrypted version of the app, run the strings command on the main executable. Alternatively, you can use a disassembler if you prefer.
📄️ App Configuration / Hard-Coded data / IPA File
An iOS app can be configured in many different places. Typically, these are kept in Property List (PLIST), SQLite Databases, JSON, or XML files.
📄️ Hard-Coded Data / On-Device
An iOS app can be configured in many different places. Typically, these are kept in Property List (PLIST), SQLite Databases, JSON, or XML files.
📄️ Third-Party Libraries & Frameworks
Many iOS apps are integrating third-party frameworks/libraries into the apps to quickly add new features and functionality. Many times, this includes authentication functionality or other sensitive functions for the app.