Skip to main content

Keyboard Caching

Generate text within the application, and then review the dynamic keyboard cache using strings or similar tools. Review all the .dat files since each iOS app can implement their own custom keyboards, which may store the cache in a different file.

Change to the /var/mobile/Library/Keyboard/ directory. Run a find for all .dat files:

cd /var/mobile/Library/Keyboard/
find . -name \*.dat -exec strings {} \;

This will find the .dat files and run the "strings" command on the resulting files to check for sensitive information disclosure.

On your test device, ensure that you have keyboards enabled to capture Predictive text, Spell Check, Auto-Correction, etc. This setting is found in "Settings => General => Keyboards"

Additionally, prior to testing, it is a good idea to "Reset" the keyboard cache, so that you know you are starting from a fresh point. With many apps using similar credentials, this will help in ensuring any findings are related to the current app.

Go to "Settings => General => Reset => Reset Keyboard Dictionary". This will delete all keyboard cache files.