idb – iOS App Security Assessment Tool

idb a tool to simplify some common tasks for iOS app security assessments and research.

 

Requirements:

• Ubuntu or OS X
• Ruby 1.9.3 or 2.1

Installation:

For OS X:

brew install qt cmake usbmuxd libimobiledevice

 

For Ubuntu:

apt-get install cmake libqt4-dev git-core libimobiledevice-utils libplist-utils usbmuxd libxml2-dev libsqlite3-dev -y

 

Installing idb:

For production use

• Install idb: gem install idb
• Run idb: idb

For development use

• Clone the repository: git clone https://github.com/dmayer/idb
• cd idb
• bundle install (using the right ruby version)
• As for every ruby gem, the application code lives in the lib folder
• Run idb by calling bundle exec idb

Note: Running bin/idb directly won’t work since it will not find the idb gem . Instead, the bundle exec command runs idb in the current bundler environment where bundler supplies the gem from source.

Features:

• Assessment Setup
  • SSH port forwarding
  • Installation of helper utilities
• App Information
  • Bundle information
  • Registered URL Schemes
  • Platform and SDK Versions
  • Data folder location
  • Entitlements
• Data Storage
  • List plist files and data protection class
  • List sqlite files and data protection class
  • List Cache.db files and data protection class
  • Full app file system browser
    • Browse files
    • Download/view files
    • Check data protection
    • Rsync folders and keep git revisions
  • Dump iOS keychain
• Binary Analysis
  • Check for encryption
  • Check for protections (ASLR/PIE, DEP, ARC)
  • List shared libraries
  • Extract strings in app binary
  • Dump class and method signatures
• IPC
  • List URL handlers
  • Invoke and fuzz URL handlers
  • Monitor the iOS pasteboardA
• Other Tools
  • Check for iOS backgrounding screenshot
  • Install certificates
  • Edit /etc/hosts file

 

Download now: idb