idb – iOS App Security Assessment Tool

  • 522
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    522
    Shares

idb a tool to simplify some common tasks for iOS app security assessments and research.

 

Requirements:

  • Ubuntu or OS X
  • Ruby 1.9.3 or 2.1

Installation:

For OS X:

brew install qt cmake usbmuxd libimobiledevice

 

For Ubuntu:

apt-get install cmake libqt4-dev git-core libimobiledevice-utils libplist-utils usbmuxd libxml2-dev libsqlite3-dev -y

 

Installing idb:

For production use

  • Install idb: gem install idb
  • Run idb: idb

For development use

  • Clone the repository: git clone https://github.com/dmayer/idb
  • cd idb
  • bundle install (using the right ruby version)
  • As for every ruby gem, the application code lives in the lib folder
  • Run idb by calling bundle exec idb

Note: Running bin/idb directly won’t work since it will not find the idb gem . Instead, the bundle exec command runs idb in the current bundler environment where bundler supplies the gem from source.

Features:

  • Assessment Setup
    • SSH port forwarding
    • Installation of helper utilities
  • App Information
    • Bundle information
    • Registered URL Schemes
    • Platform and SDK Versions
    • Data folder location
    • Entitlements
  • Data Storage
    • List plist files and data protection class
    • List sqlite files and data protection class
    • List Cache.db files and data protection class
    • Full app file system browser
      • Browse files
      • Download/view files
      • Check data protection
      • Rsync folders and keep git revisions
    • Dump iOS keychain
  • Binary Analysis
    • Check for encryption
    • Check for protections (ASLR/PIE, DEP, ARC)
    • List shared libraries
    • Extract strings in app binary
    • Dump class and method signatures
  • IPC
    • List URL handlers
    • Invoke and fuzz URL handlers
    • Monitor the iOS pasteboardA
  • Other Tools
    • Check for iOS backgrounding screenshot
    • Install certificates
    • Edit /etc/hosts file

 

Download now: idb

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply